Free Malware Removal Forum

[bushmire1]

One program finds a spyware then another program finds a different one. The same goes for a trojan. Are they left by trying different programs like footprints? Found TROJ_DLOADR.ZHG with Malewarebytes and something different with Super Anti Spyware.

DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by RUFFUS at 4:37:15 on 2012-01-04
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = https://login.live.com/login.srf?wa=wsi ... &id=254014
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatc ... p=aus&qkw=%s&tbid=%tb_id&%language
mStart Page =
uInternet Settings,ProxyOverride = *.local;192.168.*.*
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {474597C5-AB09-49d6-A4D5-2E8D7341384E} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON WorkForce 520 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigia.exe /fu "c:\windows\temp\E_SB6.tmp" /EF "HKCU"
mRun: [SecureClean4Tray] "c:\program files\whitecanyon\secureclean 4\sctray4.exe"
mRun: [McPvTray_exe] "c:\program files\mcafee\mat\McPvTray.exe"
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [Easy SpyRemover] c:\program files\easy spyremover\EasySpyRemover.exe /smart
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E2628D19-379C-4C98-8970-2D2E45A14A95} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-01-04 01:03:53 -------- d-----w- c:\program files\Trend Micro
2011-12-29 17:31:19 -------- d-----w- c:\documents and settings\ruffus\application data\RegistryKeys
2011-12-18 00:22:02 64048 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
2011-12-17 23:27:05 -------- d-----w- c:\program files\common files\Mcafee
2011-12-17 20:19:32 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-17 20:19:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-17 14:14:09 -------- d-----w- c:\program files\McAfee
2011-12-17 13:33:44 135168 ----a-w- c:\windows\system32\igfxres.dll
2011-12-17 13:26:54 2778080 ----a-w- c:\windows\system32\drivers\athwx.sys
2011-12-17 13:25:56 40056 ----a-w- c:\windows\system32\NicInst.dll
2011-12-17 13:25:56 28272 ----a-w- c:\windows\system32\NicCo2.dll
2011-12-17 13:05:31 -------- d-----w- c:\program files\WinZip Driver Updater
2011-12-17 12:46:31 17224 ----a-w- c:\windows\system32\roboot.exe
2011-12-17 12:46:26 -------- d-----w- c:\program files\WinZip Registry Optimizer
2011-12-16 06:19:31 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-16 06:19:31 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-16 06:16:58 -------- d-----w- c:\documents and settings\all users\application data\sctemp
2011-12-15 03:13:39 -------- d-----w- c:\program files\bfgclient
2011-12-15 01:36:27 -------- d-----w- c:\documents and settings\all users\application data\Radialpoint
2011-12-15 01:36:24 -------- d-----w- c:\documents and settings\all users\application data\Verizon
2011-12-14 21:54:14 -------- d--h--w- c:\documents and settings\ruffus\application data\Broderbund
2011-12-14 17:37:32 -------- d-----w- c:\documents and settings\ruffus\local settings\application data\McAfee Anti-Theft
2011-12-14 02:21:49 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2011-12-14 02:21:49 256 ----a-w- c:\windows\system32\MSIevent.bat
2011-12-14 02:02:55 -------- d-----w- C:\Temp
2011-12-14 01:50:33 -------- d-----w- c:\program files\iTunes
2011-12-14 01:50:33 -------- d-----w- c:\program files\iPod
2011-12-13 14:18:28 -------- d-----w- c:\program files\iPod(2)
2011-12-13 14:18:09 -------- d-----w- c:\program files\iTunes(2)
2011-12-13 14:08:10 -------- d-----w- c:\program files\QuickTime(2)
2011-12-12 18:34:25 -------- d-----w- c:\program files\bfgclient(2)
2011-12-12 13:17:12 -------- d-----w- c:\program files\5 Spots
2011-12-12 13:15:10 -------- d-----w- c:\documents and settings\all users\application data\Big Fish Games
2011-12-12 13:14:09 -------- d-----w- c:\documents and settings\all users\application data\BigFishGamesCache
2011-12-08 20:09:51 -------- d-----w- c:\documents and settings\ruffus\local settings\application data\FixItCenter
2011-12-08 19:49:01 -------- d-----w- c:\windows\MATS
2011-12-08 19:48:59 -------- d-----w- c:\program files\Microsoft Fix it Center
2011-12-08 19:40:53 -------- d-----w- c:\documents and settings\ruffus\application data\ElevatedDiagnostics
.
==================== Find3M ====================
.
2011-12-03 02:01:39 0 ----a-w- c:\windows\system32\REN7A.tmp
2011-12-03 02:01:39 0 ----a-w- c:\windows\system32\REN79.tmp
2011-12-03 02:01:39 0 ----a-w- c:\windows\system32\REN78.tmp
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-17 09:08:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2010-11-05 18:13:09 203776 --sha-w- c:\windows\system32\unrar.exe
.
============= FINISH: 4:37:30.57 ===============


Highjack This

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:21:09 AM, on 1/4/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\imapi.exe
C:\Program Files\WhiteCanyon\SecureClean 4\sctray4.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\RUFFUS\Local Settings\Temporary Internet Files\Content.IE5\QBEU0GMK\HijackThis[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... p=aus&qkw=%s&tbid=%tb_id&%language
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.live.com/login.srf?wa=wsi ... &id=254014
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
R3 - Default URLSearchHook is missing
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [SecureClean4Tray] "C:\Program Files\WhiteCanyon\SecureClean 4\sctray4.exe"
O4 - HKLM\..\Run: [McPvTray_exe] "C:\Program Files\McAfee\MAT\McPvTray.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [Easy SpyRemover] C:\Program Files\Easy SpyRemover\EasySpyRemover.exe /smart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON WorkForce 520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGIA.EXE /FU "C:\WINDOWS\TEMP\E_SB6.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-21-46454073-1413157185-2471623333-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-46454073-1413157185-2471623333-1009\..\Run: [EPSON WorkForce 520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGIA.EXE /FU "C:\WINDOWS\TEMP\E_SB6.tmp" /EF "HKCU" (User '?')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: SCWatch 4.0 - WhiteCanyon Inc. - C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe

--
End of file - 7460 bytes

[troy3636]

Hello bushmire1,

Welcome to the Malware Removal Forum. My name is Troy and I will be assisting you with the malware issues on your computer.
Because I am still in training, all the advice I give must first be checked by an instructor, therefore there may be some delays in my replies.

A few things before we get started

1. If you have not already done so Please read these forum rules.
2. Please be aware that removing malware is not without risk and while unrecoverable damage to systems is rare, it can happen and require a re-format and re-install of your operating system. Because of this it is a good idea to back-up anything important saved on your computer.
3. Any fixes I may post will be specific to your computer and should not be used on other computers.
4. While we work on your computer please don't install any new programs, try any other fixes, or run any tools other than those requested.
5. If at any time my instructions are not clear please ask before proceeding.
6. Failure to respond within 3 days will result in this topic being closed - If you need more time to complete the steps required, please let me know.

Your DDS log and Attach log are both missing some lines.
Please Post both complete logs in your next reply. Do not attach them.

Troy

[bushmire1]

This is copy and paste of both logs. The other symptoms are that I can not find my "installer is not complete". when I try to download any internet security suite. I am not leaving anything out. If you need me to re-run the DDS let me know. Do you want the highjack this log also?
bushmire1


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by RUFFUS at 4:28:49 on 2012-01-04
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = https://login.live.com/login.srf?wa=wsi ... &id=254014
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatc ... p=aus&qkw=%s&tbid=%tb_id&%language
mStart Page =
uInternet Settings,ProxyOverride = *.local;192.168.*.*
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {474597C5-AB09-49d6-A4D5-2E8D7341384E} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON WorkForce 520 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigia.exe /fu "c:\windows\temp\E_SB6.tmp" /EF "HKCU"
mRun: [SecureClean4Tray] "c:\program files\whitecanyon\secureclean 4\sctray4.exe"
mRun: [McPvTray_exe] "c:\program files\mcafee\mat\McPvTray.exe"
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [Easy SpyRemover] c:\program files\easy spyremover\EasySpyRemover.exe /smart
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E2628D19-379C-4C98-8970-2D2E45A14A95} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-01-04 01:03:53 -------- d-----w- c:\program files\Trend Micro
2011-12-29 17:31:19 -------- d-----w- c:\documents and settings\ruffus\application data\RegistryKeys
2011-12-18 00:22:02 64048 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
2011-12-17 23:27:05 -------- d-----w- c:\program files\common files\Mcafee
2011-12-17 20:19:32 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-17 20:19:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-17 14:14:09 -------- d-----w- c:\program files\McAfee
2011-12-17 13:33:44 135168 ----a-w- c:\windows\system32\igfxres.dll
2011-12-17 13:26:54 2778080 ----a-w- c:\windows\system32\drivers\athwx.sys
2011-12-17 13:25:56 40056 ----a-w- c:\windows\system32\NicInst.dll
2011-12-17 13:25:56 28272 ----a-w- c:\windows\system32\NicCo2.dll
2011-12-17 13:05:31 -------- d-----w- c:\program files\WinZip Driver Updater
2011-12-17 12:46:31 17224 ----a-w- c:\windows\system32\roboot.exe
2011-12-17 12:46:26 -------- d-----w- c:\program files\WinZip Registry Optimizer
2011-12-16 06:19:31 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-16 06:19:31 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-16 06:16:58 -------- d-----w- c:\documents and settings\all users\application data\sctemp
2011-12-15 03:13:39 -------- d-----w- c:\program files\bfgclient
2011-12-15 01:36:27 -------- d-----w- c:\documents and settings\all users\application data\Radialpoint
2011-12-15 01:36:24 -------- d-----w- c:\documents and settings\all users\application data\Verizon
2011-12-14 21:54:14 -------- d--h--w- c:\documents and settings\ruffus\application data\Broderbund
2011-12-14 17:37:32 -------- d-----w- c:\documents and settings\ruffus\local settings\application data\McAfee Anti-Theft
2011-12-14 02:21:49 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2011-12-14 02:21:49 256 ----a-w- c:\windows\system32\MSIevent.bat
2011-12-14 02:02:55 -------- d-----w- C:\Temp
2011-12-14 01:50:33 -------- d-----w- c:\program files\iTunes
2011-12-14 01:50:33 -------- d-----w- c:\program files\iPod
2011-12-13 14:18:28 -------- d-----w- c:\program files\iPod(2)
2011-12-13 14:18:09 -------- d-----w- c:\program files\iTunes(2)
2011-12-13 14:08:10 -------- d-----w- c:\program files\QuickTime(2)
2011-12-12 18:34:25 -------- d-----w- c:\program files\bfgclient(2)
2011-12-12 13:17:12 -------- d-----w- c:\program files\5 Spots
2011-12-12 13:15:10 -------- d-----w- c:\documents and settings\all users\application data\Big Fish Games
2011-12-12 13:14:09 -------- d-----w- c:\documents and settings\all users\application data\BigFishGamesCache
2011-12-08 20:09:51 -------- d-----w- c:\documents and settings\ruffus\local settings\application data\FixItCenter
2011-12-08 19:49:01 -------- d-----w- c:\windows\MATS
2011-12-08 19:48:59 -------- d-----w- c:\program files\Microsoft Fix it Center
2011-12-08 19:40:53 -------- d-----w- c:\documents and settings\ruffus\application data\ElevatedDiagnostics
.
==================== Find3M ====================
.
2011-12-03 02:01:39 0 ----a-w- c:\windows\system32\REN7A.tmp
2011-12-03 02:01:39 0 ----a-w- c:\windows\system32\REN79.tmp
2011-12-03 02:01:39 0 ----a-w- c:\windows\system32\REN78.tmp
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-17 09:08:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2010-11-05 18:13:09 203776 --sha-w- c:\windows\system32\unrar.exe
.
============= FINISH: 4:29:25.26 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
5 Spots
7-Zip 9.20
ABBYY FineReader 9.0 Sprint
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 8.3.1
AOL You've Got Pictures Screensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 3
Big Fish Games: Game Manager
BigFix
Boggle
Bonjour
Clue
Compatibility Pack for the 2007 Office system
Digital Media Reader
DirectX Media Runtime 5.1
Epson CreativeZone
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 520 Series Printer Uninstall
Form Fill (Windows Live Toolbar)
getPlus(R)_ocx
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
IHA_MessageCenter
Intel(R) Extreme Graphics 2 Driver
Intel(R) Network Connections Drivers
iTunes
Java 2 Runtime Environment, SE v1.4.2
Java Auto Updater
Java(TM) 6 Update 25
Learn2 Player (Uninstall Only)
Lexmark 7100 Series
Map Button (Windows Live Toolbar)
MathPlayer
Mavis Beacon Teaches Typing 15
McAfee AntiSpyware
McAfee Virtual Technician
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Choice Guard
Microsoft Digital Image Library 9 - Blocker
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Fix it Center
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Money 2005
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Picture It! Library 10
Microsoft Picture It! Premium 10
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Streets and Trips 2005
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MobileMe Control Panel
MotoHelper MergeModules
Motorola Mobile Drivers Installation 5.2.0
MSN
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Oasis
Nikon Message Center
OneCare Advisor (Windows Live Toolbar)
PictureProject
PictureProject In Touch Downloader 1.0
Popup Blocker (Windows Live Toolbar)
Power Tab Editor 1.7
PowerDVD
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Reference Point Software Template for APA format, Word 2003
Rhapsody
Rhapsody Player Engine
Safari
SecureClean4
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shockwave
Smart Menus (Windows Live Toolbar)
SoftV92 Data Fax Modem with SmartCP
Tabbed Browsing (Windows Live Toolbar)
Uniblue RegistryBooster
Uniblue SpyEraser
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Call Assistant
Verizon Servicepoint 3.7.44
Viewpoint Media Player
WebFldrs XP
Winamp
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 10
Windows PowerShell(TM) 1.0
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
WinZip Driver Updater
WinZip Registry Optimizer
Works Upgrade
Yahoo! Software Update
Yahoo! Toolbar
Yahtzee
.
==== End Of File ===========================

[troy3636]

Hi bushmire1,

Step 1
Back up registry with ERUNT

1. Please download ERUNT by Lars Hederer and save it to your desktop. alternate download
2. Double click erunt-setup-exe and follow the prompts to install ERUNT using the default settings.
3. When asked if you want to add ERUNT to the Start-up folder select NO
4. Make sure the box marked launch ERUNT is checked and click Finish
5. Follow the prompts to create a backup to the default location.
6. under backup options make sure both the following are selected:
   
   • System registry.
   • Current user registry.
7. When you see a pop up message saying Registry backup is complete! click OK to finish. If you do not see this message DO NOT continue let me know.

Step 2
OTL
Please download OTL ... by Old Timer . Save it to your Desktop.

1. Double click on OTL.exe to run it.
2. Click the Scan All Users checkbox.
   Leave the remaining selections to the default settings.
3. Click on Run Scan at the top left hand corner.
4. When done, two Notepad files will open.
   
   • OTL.txt <-- Will be opened, maximized
   • Extras.txt <-- Will be minimized on task bar.
5. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Step 3
GMER
The downloaded file will have a random name... this prevents malware from detecting and blocking it.
Please download GMER... random file name.exe by GMER. An alternate (zip file) download site.

1. Double click on the random named.exe to execute. If asked, allow the gmer.sys driver load.
2. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
3. On the right side panel, several boxes have been checked. Please UNCHECK the following: (see image below)
   
   • IAT/EAT
   • Drives/Partition other than Systemdrive (typically C:\)
   • Show All <-- don't miss this one
   
   
   Click on image to enlarge
   
   
4. Then click the Scan button & wait for it to finish
   Note: Do not run any programs while Gmer is running.
5. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt"
6. Save it where you can easily find it, such as your desktop, and post it in your next reply

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Step 4
Post the last Malwarebytes log
It can be found at:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


Did you set your computer to use a proxy server?


Please include in your reply:

• Answer my question about proxy server
• Any problems with the instructions above?
• OTL.txt
• Extras.txt
• Gmer.txt
• MBAM log

[bushmire1]

HelloTroy:
Problem with GMER. I think we are on to something. it was running GMER when it shut down. The error box came up on restart.

C:\DOCUME~1\RUFFUS\LOCALS~1\Temp\WER0eed.dir00\Mini010512-01.dmp
C:\DOCUME~1\RUFFUS\LOCALS~1\Temp\WER0eed.dir00\sysdata.xml

Error signature
BCCode : 1000008e BCP1 : C0000005 BCP2 : 8054BF8F BCP3 : F78E2390
BCP4 : 00000000 OSVer : 5_1_2600 SP : 3_0 Product : 768_1

The latest Malware Bytes scan 12 - 30 - 11 came up with my Uniblue Spyware as a roque spyware and I clicked delete. I can reinstall it but that is just some of the symptoms. The 3-14-11 log found the trojan. The temp folder has been emptied on more than one occasion and sometimes it contains locked items that are being used by other programs when I try to Secure Clean zap them.

Do you want me to try to run GMER again? Do you want the mbam-log-2011-03-14?
----------------------------------
----------------------------------


No to the proxy server.

OTL logfile created on: 1/5/2012 7:20:23 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\RUFFUS\Desktop\maleware university
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.23 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 70.39% Memory free
2.94 Gb Paging File | 2.75 Gb Available in Paging File | 93.36% Paging File free
Paging file location(s): C:\pagefile.sys 1896 3792 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.90 Gb Total Space | 3.85 Gb Free Space | 5.44% Space Free | Partition Type: NTFS
Drive D: | 3.62 Gb Total Space | 1.63 Gb Free Space | 44.98% Space Free | Partition Type: FAT32

Computer Name: CHEAPY | User Name: RUFFUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/05 18:25:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\RUFFUS\Desktop\maleware university\OTL.exe
PRC - [2011/06/02 04:42:53 | 000,025,472 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2011/01/10 11:56:32 | 004,318,520 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2011/01/10 11:56:32 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/12/03 00:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/17 11:24:16 | 000,364,544 | ---- | M] (WhiteCanyon Inc.) -- C:\Program Files\WhiteCanyon\SecureClean 4\SCWatch4.exe
PRC - [2007/05/17 11:16:20 | 001,525,248 | ---- | M] (WhiteCanyon Inc.) -- C:\Program Files\WhiteCanyon\SecureClean 4\SCTray4.exe


========== Modules (No Company Name) ==========

MOD - [2011/01/10 11:47:40 | 000,158,208 | ---- | M] () -- C:\Program Files\Verizon\VSP\Windows7Features.dll
MOD - [2008/03/24 23:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2004/09/14 12:44:12 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxbxPP5C.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (McAfee SiteAdvisor Service)
SRV - File not found [Disabled | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) [Disabled | Stopped] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/01/10 11:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Disabled | Stopped] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Disabled | Stopped] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/06 00:30:42 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2007/05/17 11:24:16 | 000,364,544 | ---- | M] (WhiteCanyon Inc.) [Auto | Running] -- C:\Program Files\WhiteCanyon\SecureClean 4\SCWatch4.exe -- (SCWatch 4.0)
SRV - [2005/01/06 17:41:22 | 000,462,848 | ---- | M] (Lexmark International, Inc.) [Disabled | Stopped] -- C:\WINDOWS\System32\lxbxcoms.exe -- (lxbx_device)


========== Driver Services (SafeList) ==========

DRV - [2011/04/11 14:29:16 | 000,064,048 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\McPvDrv.sys -- (McPvDrv)
DRV - [2010/06/10 18:00:06 | 000,022,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp) Intel(R)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/02/09 10:14:18 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2008/02/06 00:40:50 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/11/15 16:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/10/18 17:05:12 | 000,042,968 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/09/02 21:01:16 | 000,396,480 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2004/08/04 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/06/17 17:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 17:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 17:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/04/18 13:45:28 | 000,038,784 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2001/08/17 15:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-21-46454073-1413157185-2471623333-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... p=aus&qkw=%s&tbid=%tb_id&%language
IE - HKU\S-1-5-21-46454073-1413157185-2471623333-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.live.com/login.srf?wa=wsi ... &id=254014
IE - HKU\S-1-5-21-46454073-1413157185-2471623333-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-46454073-1413157185-2471623333-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6BC6A3C8-853C-4239-AAB8-AC6B0A726F59}: C:\Documents and Settings\RUFFUS\Local Settings\Application Data\{6BC6A3C8-853C-4239-AAB8-AC6B0A726F59}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor


O1 HOSTS File: ([2004/08/04 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-46454073-1413157185-2471623333-1009\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-46454073-1413157185-2471623333-1009\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-46454073-1413157185-2471623333-1009\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-46454073-1413157185-2471623333-1009\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [Easy SpyRemover] C:\Program Files\Easy SpyRemover\EasySpyRemover.exe /smart File not found
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [McPvTray_exe] "C:\Program Files\McAfee\MAT\McPvTray.exe" File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SecureClean4Tray] C:\Program Files\WhiteCanyon\SecureClean 4\sctray4.exe (WhiteCanyon Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKU\S-1-5-21-46454073-1413157185-2471623333-1009..\Run: [EPSON WorkForce 520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGIA.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-46454073-1413157185-2471623333-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2628D19-379C-4C98-8970-2D2E45A14A95}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\RUFFUS\My Documents\My Pictures\snowman.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\RUFFUS\My Documents\My Pictures\snowman.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 13:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/02/03 11:34:14 | 000,000,090 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/05 19:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/01/05 19:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/01/05 17:52:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RUFFUS\Desktop\maleware university
[2012/01/04 04:28:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\RUFFUS\Start Menu\Programs\Administrative Tools
[2012/01/04 04:28:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\RUFFUS\SendTo
[2012/01/04 04:28:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\RUFFUS\PrintHood
[2012/01/03 20:15:48 | 062,844,032 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\All Users\Desktop\Trend_Micro.exe
[2012/01/03 20:03:53 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/01/03 08:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2011/12/30 18:59:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RUFFUS\Desktop\ten pictures
[2011/12/29 12:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RUFFUS\Application Data\RegistryKeys
[2011/12/17 19:22:02 | 000,064,048 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\McPvDrv.sys
[2011/12/17 19:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/12/17 18:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2011/12/17 15:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/17 15:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/17 09:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/12/17 08:33:44 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2011/12/17 08:26:54 | 002,778,080 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\athwx.sys
[2011/12/17 08:25:56 | 000,040,056 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicInst.dll
[2011/12/17 08:25:56 | 000,028,272 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicCo2.dll
[2011/12/17 08:24:06 | 002,310,144 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iglicd32.dll
[2011/12/17 08:24:06 | 000,524,288 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igldev32.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuTRK.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuTHA.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuSVE.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuRUS.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuPTG.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuPTB.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuPLK.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuNOR.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuNLD.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuKOR.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuJPN.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuITA.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuHUN.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuHEB.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuFRC.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuFRA.dll
[2011/12/17 08:24:05 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuFIN.dll
[2011/12/17 08:24:04 | 000,114,688 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmudlg.exe
[2011/12/17 08:24:04 | 000,061,440 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v4396.dll
[2011/12/17 08:24:04 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuESP.dll
[2011/12/17 08:24:04 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuENG.dll
[2011/12/17 08:24:04 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuELL.dll
[2011/12/17 08:24:04 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuDEU.dll
[2011/12/17 08:24:04 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuDAN.dll
[2011/12/17 08:24:04 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuCSY.dll
[2011/12/17 08:24:04 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuCHT.dll
[2011/12/17 08:24:04 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuCHS.dll
[2011/12/17 08:24:04 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuARB.dll
[2011/12/17 08:24:04 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuARA.dll
[2011/12/17 08:05:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip Driver Updater
[2011/12/17 08:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip Driver Updater
[2011/12/17 07:46:31 | 000,017,224 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\WINDOWS\System32\roboot.exe
[2011/12/17 07:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip Registry Optimizer
[2011/12/17 07:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip Registry Optimizer
[2011/12/16 01:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\sctemp
[2011/12/16 01:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RUFFUS\Desktop\nwwia
[2011/12/16 01:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\5 Spots
[2011/12/16 01:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Verizon Servicepoint
[2011/12/15 09:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/12/14 22:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2011/12/14 20:36:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2011/12/14 20:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Verizon
[2011/12/14 16:54:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\RUFFUS\Application Data\Broderbund
[2011/12/14 12:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RUFFUS\Local Settings\Application Data\McAfee Anti-Theft
[2011/12/13 21:22:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Verizon
[2011/12/13 21:02:55 | 000,000,000 | ---D | C] -- C:\Temp
[2011/12/13 20:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/12/13 20:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/12/13 20:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/13 20:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/13 20:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/13 09:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(2)
[2011/12/13 09:18:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(2)
[2011/12/13 09:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime(2)
[2011/12/12 13:34:25 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient(2)
[2011/12/12 08:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\5 Spots
[2011/12/12 08:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/12/12 08:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2011/12/12 05:07:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/09 15:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RUFFUS\Desktop\sponsorship kit
[2011/12/08 15:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RUFFUS\Local Settings\Application Data\FixItCenter
[2011/12/08 14:49:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2011/12/08 14:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2011/12/08 14:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RUFFUS\Application Data\ElevatedDiagnostics
[2011/12/08 14:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/12/08 14:38:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/05 19:22:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{93092FFA-1129-47C9-8A1D-B8E9867C93FA}.job
[2012/01/05 19:20:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{37BE3EF3-DF98-45B3-80AE-31EA98DC343C}.job
[2012/01/05 19:08:46 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\RUFFUS\Desktop\NTREGOPT.lnk
[2012/01/05 19:08:46 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\RUFFUS\Desktop\ERUNT.lnk
[2012/01/05 19:08:04 | 000,445,484 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/05 19:08:04 | 000,072,916 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/05 19:07:26 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/01/05 19:07:25 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2012/01/05 19:03:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/05 18:51:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/01/05 18:21:48 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\RUFFUS\Desktop\Microsoft Office Word 2003.lnk
[2012/01/05 15:01:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_DEFAULT.job
[2012/01/04 22:21:14 | 000,001,632 | ---- | M] () -- C:\WINDOWS\yahtzee.ini
[2012/01/04 07:46:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_UPDATES.job
[2012/01/03 20:16:06 | 062,844,032 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\All Users\Desktop\Trend_Micro.exe
[2012/01/03 08:37:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/01 00:04:00 | 000,870,128 | ---- | M] () -- C:\WINDOWS\System32\mcs.rma
[2012/01/01 00:04:00 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\9599BF
[2011/12/30 05:47:36 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\RUFFUS\Desktop\Microsoft Office PowerPoint 2003.lnk
[2011/12/29 18:17:08 | 000,000,107 | ---- | M] () -- C:\WINDOWS\EWF520.ini
[2011/12/29 18:11:43 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2011/12/29 13:19:35 | 000,035,416 | ---- | M] () -- C:\Documents and Settings\RUFFUS\Application Data\wklnhst.dat
[2011/12/28 08:27:49 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\RUFFUS\Desktop\Microsoft Streets & Trips.lnk
[2011/12/23 22:30:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/20 21:48:31 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/12/17 19:43:05 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/12/17 19:43:05 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/12/17 09:14:33 | 000,001,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/12/17 08:05:40 | 000,001,865 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip Driver Updater.lnk
[2011/12/17 07:46:31 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip Registry Optimizer.lnk
[2011/12/16 01:01:05 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/14 22:16:38 | 000,001,559 | ---- | M] () -- C:\Documents and Settings\RUFFUS\Desktop\Play 5 Spots.lnk
[2011/12/14 22:16:38 | 000,001,180 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2011/12/14 17:39:54 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2011/12/14 13:20:51 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/14 05:09:48 | 000,309,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/14 04:51:52 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/13 21:21:49 | 000,000,260 | ---- | M] () -- C:\WINDOWS\System32\cmdVBS.vbs
[2011/12/13 21:21:49 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\MSIevent.bat
[2011/12/12 13:35:21 | 000,000,225 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.url
[2011/12/08 15:11:11 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/05 19:08:46 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\RUFFUS\Desktop\NTREGOPT.lnk
[2012/01/05 19:08:46 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\RUFFUS\Desktop\ERUNT.lnk
[2011/12/17 09:14:33 | 000,001,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/12/17 09:14:18 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/12/17 08:24:06 | 000,524,850 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2011/12/17 08:24:06 | 000,058,704 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2011/12/17 08:24:06 | 000,024,736 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2011/12/17 08:24:06 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2011/12/17 08:05:40 | 000,001,865 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip Driver Updater.lnk
[2011/12/17 07:46:47 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\Registry Optimizer_UPDATES.job
[2011/12/17 07:46:47 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\Registry Optimizer_DEFAULT.job
[2011/12/17 07:46:31 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip Registry Optimizer.lnk
[2011/12/16 17:12:28 | 000,185,472 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/12/14 22:17:56 | 000,001,559 | ---- | C] () -- C:\Documents and Settings\RUFFUS\Desktop\Play 5 Spots.lnk
[2011/12/14 22:16:38 | 000,001,180 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2011/12/14 22:13:52 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk
[2011/12/14 22:13:52 | 000,001,184 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk
[2011/12/13 21:21:49 | 000,000,260 | ---- | C] () -- C:\WINDOWS\System32\cmdVBS.vbs
[2011/12/13 21:21:49 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\MSIevent.bat
[2011/12/12 13:35:21 | 000,000,225 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.url
[2011/12/08 14:51:11 | 000,000,580 | -H-- | C] () -- C:\WINDOWS\tasks\DataUpload.job
[2011/12/08 14:51:10 | 000,000,616 | -H-- | C] () -- C:\WINDOWS\tasks\ConfigExec.job
[2011/12/08 14:49:05 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Fix it Center.lnk
[2011/12/08 14:49:05 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2011/07/13 00:25:19 | 000,065,240 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/28 08:53:34 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\RUFFUS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/10 21:05:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/03/09 12:05:06 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/03/09 12:05:06 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/03/09 12:05:06 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/03/09 12:05:06 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/03/09 12:05:06 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/03/09 12:05:06 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/03/09 12:05:06 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/03/09 12:05:06 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/03/09 12:05:06 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/03/09 12:05:06 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/03/09 12:05:06 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/03/09 12:05:06 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/03/09 12:05:06 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/03/09 12:05:05 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/03/09 12:05:05 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/03/09 12:05:05 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/03/09 11:59:52 | 000,000,107 | ---- | C] () -- C:\WINDOWS\EWF520.ini
[2011/03/08 22:33:16 | 000,035,416 | ---- | C] () -- C:\Documents and Settings\RUFFUS\Application Data\wklnhst.dat
[2011/01/24 03:00:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/23 08:28:17 | 000,000,156 | ---- | C] () -- C:\WINDOWS\KISMET.INI
[2010/12/23 08:21:57 | 000,032,086 | ---- | C] () -- C:\Program Files\kismet.zip
[2010/12/19 15:56:46 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jdoyu.dat
[2010/12/19 15:56:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ykaquvogepuwido.bin
[2010/11/10 07:36:03 | 000,455,168 | ---- | C] () -- C:\WINDOWS\System32\redllw32.dll
[2010/11/10 07:36:03 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\PDDLLW32.DLL
[2010/11/10 07:28:47 | 000,001,632 | ---- | C] () -- C:\WINDOWS\yahtzee.ini
[2010/11/05 13:13:09 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2010/11/04 19:33:55 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\WiseCheckDll.dll
[2010/10/29 12:38:28 | 000,000,623 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/10/22 08:25:56 | 000,020,232 | ---- | C] () -- C:\WINDOWS\System32\AntiSpyNative64.exe
[2010/10/22 08:25:56 | 000,016,648 | ---- | C] () -- C:\WINDOWS\System32\AntiSpyNative32.exe
[2010/10/03 19:32:35 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbxvs.dll
[2008/11/17 19:11:53 | 000,007,081 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/02/07 10:22:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mavis Beacon Teaches Typing.INI
[2008/02/06 23:05:09 | 000,000,063 | ---- | C] () -- C:\WINDOWS\refpt.ini
[2008/02/06 10:12:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/06 08:54:59 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/02/06 01:02:25 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/02/06 00:44:00 | 000,471,300 | ---- | C] () -- C:\WINDOWS\wallpe.exe
[2008/02/06 00:43:34 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/02/06 00:43:34 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/02/06 00:43:32 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2008/02/06 00:38:00 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/02/06 00:21:36 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2004/08/27 05:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/27 04:54:47 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/08/26 13:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/26 13:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/26 11:12:43 | 000,001,314 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 11:12:43 | 000,000,486 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 11:12:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/26 11:12:10 | 000,445,484 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/26 11:12:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/26 11:12:10 | 000,072,916 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/26 11:12:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/26 11:12:08 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/26 11:12:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/26 11:12:05 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/26 11:12:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/26 11:11:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/26 11:11:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/26 11:11:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/26 05:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/26 05:54:01 | 000,309,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997/11/10 15:18:48 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57DC3B52
@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:548AE60C

< End of report >


OTL Extras logfile created on: 1/5/2012 7:20:23 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\RUFFUS\Desktop\maleware university
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.23 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 70.39% Memory free
2.94 Gb Paging File | 2.75 Gb Available in Paging File | 93.36% Paging File free
Paging file location(s): C:\pagefile.sys 1896 3792 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.90 Gb Total Space | 3.85 Gb Free Space | 5.44% Space Free | Partition Type: NTFS
Drive D: | 3.62 Gb Total Space | 1.63 Gb Free Space | 44.98% Space Free | Partition Type: FAT32

Computer Name: CHEAPY | User Name: RUFFUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Verizon\VSP\ServicepointService.exe" = C:\Program Files\Verizon\VSP\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
"C:\Program Files\DesktopCentral_Server\apache\bin\dcserverhttpd.exe" = C:\Program Files\DesktopCentral_Server\apache\bin\dcserverhttpd.exe:*:Enabled:Apache HTTP Server
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{05410044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 25
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{3304276B-6134-44BD-8D87-F06A13AE2AFE}" = Music Oasis
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}" = IHA_MessageCenter
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B7044AE-6D1F-456D-B2BA-28BFFFAF3F71}" = Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83b13a64-d98a-48a2-8cbc-ec0ec5433b18}" = SecureClean4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1" = WinZip Driver Updater
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A1F2EF0E-1EE5-4F0B-8A31-EE875EBD3F01}" = Mavis Beacon Teaches Typing 15
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{DF821FC5-C198-452B-A0D4-82433EFEAE9B}" = OneCare Advisor (Windows Live Toolbar)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6C82F8F-2031-4825-8CC3-98C5960875C1}" = Epson CreativeZone
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F39A74A0-FAE2-401C-AED1-1C941AA28EA8}" = McAfee AntiSpyware
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"7-Zip 9.20" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"BFG-5 Spots" = 5 Spots
"BFGC" = Big Fish Games: Game Manager
"BigFix" = BigFix
"Bogglev1" = Boggle
"Clue" = Clue
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"EEPPPlugIn" = Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 520 Series" = EPSON WorkForce 520 Series Printer Uninstall
"ERUNT_is1" = ERUNT 1.1j
"getPlus(R)_ocx" = getPlus(R)_ocx
"ie8" = Windows Internet Explorer 8
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"Lexmark 7100 Series" = Lexmark 7100 Series
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"MSNINST" = MSN
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"PictureProject In Touch Downloader" = PictureProject In Touch Downloader 1.0
"PROSet" = Intel(R) Network Connections Drivers
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.7.44
"RealPlayer 6.0" = RealPlayer Basic
"Reference Point Software Template for APA format, Word 2003" = Reference Point Software Template for APA format, Word 2003
"Rhapsody" = Rhapsody
"Shockwave" = Shockwave
"SpyEraser_is1" = Uniblue SpyEraser
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip Registry Optimizer_is1" = WinZip Registry Optimizer
"WMFDist11" = Windows Media Format 11 runtime
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"Yahtzeev1" = Yahtzee

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-46454073-1413157185-2471623333-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Verizon Call Assistant" = Verizon Call Assistant

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/16/2011 11:50:31 AM | Computer Name = CHEAPY | Source = Application Error | ID = 1001
Description = Fault bucket 00000009.

Error - 7/17/2011 5:42:49 AM | Computer Name = CHEAPY | Source = Application Hang | ID = 1002
Description = Hanging application Boggle.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/17/2011 5:44:41 AM | Computer Name = CHEAPY | Source = Application Hang | ID = 1002
Description = Hanging application Boggle.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/17/2011 6:03:05 AM | Computer Name = CHEAPY | Source = Application Hang | ID = 1002
Description = Hanging application Boggle.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/17/2011 6:49:32 AM | Computer Name = CHEAPY | Source = Application Hang | ID = 1002
Description = Hanging application Boggle.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/17/2011 8:24:17 PM | Computer Name = CHEAPY | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 10.3.1.55, faulting module
quicktime.qts, version 7.69.80.9, fault address 0x00104124.

Error - 7/19/2011 4:23:19 PM | Computer Name = CHEAPY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 7/23/2011 6:15:53 AM | Computer Name = CHEAPY | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8328.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 4:31:15 PM | Computer Name = CHEAPY | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8328.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/28/2011 5:29:02 PM | Computer Name = CHEAPY | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.

[ System Events ]
Error - 1/5/2012 8:07:36 PM | Computer Name = CHEAPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service lxbx_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441076}

Error - 1/5/2012 8:07:36 PM | Computer Name = CHEAPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service lxbx_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441076}

Error - 1/5/2012 8:07:36 PM | Computer Name = CHEAPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service lxbx_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441076}

Error - 1/5/2012 8:07:36 PM | Computer Name = CHEAPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service lxbx_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441076}

Error - 1/5/2012 8:07:36 PM | Computer Name = CHEAPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service lxbx_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441076}

Error - 1/5/2012 8:07:36 PM | Computer Name = CHEAPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service lxbx_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441076}

Error - 1/5/2012 8:07:36 PM | Computer Name = CHEAPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service lxbx_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441076}

Error - 1/5/2012 8:09:36 PM | Computer Name = CHEAPY | Source = DCOM | ID = 10010
Description = The server {A1F4E726-8CF1-11D1-BF92-0060081ED811} did not register
with DCOM within the required timeout.

Error - 1/5/2012 8:11:36 PM | Computer Name = CHEAPY | Source = DCOM | ID = 10010
Description = The server {A1F4E726-8CF1-11D1-BF92-0060081ED811} did not register
with DCOM within the required timeout.

Error - 1/5/2012 8:16:15 PM | Computer Name = CHEAPY | Source = DCOM | ID = 10010
Description = The server {A1F4E726-8CF1-11D1-BF92-0060081ED811} did not register
with DCOM within the required timeout.


< End of report >

------------ NO GMER -----------


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.29.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
RUFFUS :: CHEAPY [administrator]

Protection: Enabled

12/30/2011 6:39:38 AM
mbam-log-2011-12-30 (06-39-38).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 341944
Time elapsed: 7 hour(s), 30 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Documents and Settings\All Users\Start Menu\Programs\SpyEraser (Rogue.SpyEraser) -> Quarantined and deleted successfully.

Files Detected: 4
C:\Documents and Settings\All Users\Desktop\SpyEraser.lnk (Rogue.SpyEraser) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SpyEraser\SpyEraser Help.lnk (Rogue.SpyEraser) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SpyEraser\SpyEraser.lnk (Rogue.SpyEraser) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SpyEraser\Uninstall SpyEraser.lnk (Rogue.SpyEraser) -> Quarantined and deleted successfully.

(end)

[troy3636]

Hi bushmire1,

Step 1
Back up your registry again with ERUNT

1. Please navigate to Start >> All Programs >> ERUNT, then double-click ERUNT from the menu.
2. Click on OK within the pop-up menu.
3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
   
   • System registry.
   • Current user registry.
4. Next click on "OK"... at the prompt... reply "Yes".
5. When you see a pop up message saying Registry backup is complete! click OK to finish. If you do not see this message DO NOT continue let me know.

Registry Cleaners
While analysing your logs, I noticed Uniblue RegistryBooster and WinZip Registry Optimizer

I don't personally recommend the use of ANY registry cleaners. Here is an excerpt from a discussion on reg cleaners.

Most reg cleaners aren't bad as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop.

This post by Bill Castner is very informative: WhatTheTech Forum


Outdated Java and Adobe Reader are vulnerable to malware.

Step 2
Add/Remove programs

• Click on start
• Then Run
• In the open text entry box please copy/paste appwiz.cpl Then click enter.
• Press the "Remove" or "Change/Remove"...button to uninstall the following.

Java(TM) 6 Update 25
Java Auto Updater
Java 2 Runtime Environment, SE v1.4.2
Adobe Reader 8.3.1
Uniblue SpyEraser
Uniblue RegistryBooster
Viewpoint Media Player <---- Optional
WinZip Registry Optimizer

We will update your Java and Adobe Reader when the system is clean.


Hard-Drive Free Space Advice:

Drive C: | 70.90 Gb Total Space | 3.85 Gb Free Space | 5.44% Space Free

This is considered dangerously low. A Hard-Drive requires a bare minimum of 15% available free space to be able to function correctly, but at least 25% is better in my opinion.

I advise you read this article: What to do if your Computer's running slowly and choose to uninstall some software you do not need, or move any large files you don't use often to CDs, DVDs, or a remote hard drive. This is just my advice as the lack of current Hard-Drive space will be impacting on overall system performance. Plus eventually any type of system maintenance will prove to be problematic.


Step 3
OTL - Script

1. Double click on OTL.exe to run it.
2. Copy the following text... do not include the code box title "code"
   

   Code: Select all

   :OTL
   IE - HKU\S-1-5-21-46454073-1413157185-2471623333-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
   FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6BC6A3C8-853C-4239-AAB8-AC6B0A726F59}: C:\Documents and Settings\RUFFUS\Local Settings\Application Data\{6BC6A3C8-853C-4239-AAB8-AC6B0A726F59}\
   O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - No CLSID value found.
   O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
   O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
   O3 - HKLM\..\Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
   O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
   O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
   O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
   O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
   O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
   O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
   O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
   O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
   O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
   O3 - HKU\S-1-5-21-46454073-1413157185-2471623333-1009\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
   O3 - HKU\S-1-5-21-46454073-1413157185-2471623333-1009\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
   O3 - HKU\S-1-5-21-46454073-1413157185-2471623333-1009\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
   O3 - HKU\S-1-5-21-46454073-1413157185-2471623333-1009\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
   O4 - HKLM..\Run: [Easy SpyRemover] C:\Program Files\Easy SpyRemover\EasySpyRemover.exe /smart File not found
   O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
   O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
   O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
   [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
   [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
   [2012/01/05 19:07:25 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job
   [2012/01/05 15:01:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_DEFAULT.job
   [2012/01/04 07:46:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_UPDATES.job
   @Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57DC3B52
   @Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:548AE60C
   :Files
   c:\windows\system32\REN7A.tmp
   c:\windows\system32\REN79.tmp
   c:\windows\system32\REN78.tmp
   :reg
   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
   "AntiVirusOverride"=dword:00000000
   :Commands
   [emptytemp]
   [resethosts]
   

3. Click under the Custom Scan/Fixes box and paste the copied text.
4. Close all other applications and windows so that you have nothing open except OTL
5. Click the Run Fix button. If prompted... click OK.
6. When the scan completes, Notepad will open with the scan results. The report is saved in the same location as OTL.
7. Please post the contents of report in your next reply.

Step 4
No Anti-Virus!
It is extremely important to keep one up to date Anti-Virus program running on your computer.
I personally recommend one of these free programs.

• Avast Free Version
• Microsoft Security Essentials

Installing new Anti-Virus Software

1. Download the new Anti-virus product to your computer desktop.
2. Save any work. Close all applications, especially your Internet connection.
3. Uninstall any existing anti-virus product... Use the AV uninstall option if available.
4. Reboot your computer, if not done during the uninstall.
5. Install the new AV product... following installation instructions.
6. Check for updates to the new AV product, if not done during install setup.
7. Run a full scan of your computer.

Please include in your next reply:

• Any problems with the instructions above
• OTL log
• How is your computer behaving now?

[Cypher]

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.