View Full Version : Click.GiftLoad appears to be common today
jhornbr225
2011-04-21, 22:59
I am having trouble with a Click.giftload malware infection. Seeing that there are several other posts on it, it seems to be the Malware that's "In Style" today.
My problem began last Friday 4/15/11 with my computer shutting down for no reason. It would them attempt to restart, but would make it to the Windows startup screen (with the indeterminate blue scrolling dots), and then throw a very quick "Blue screen" (it's so fast I have no chance of reading it), then try to restart again with the same result. I found that If I disconnected my extra hard drive (Basically a Media Drive), it would then boot normally. I then thought that perhaps I had a power supply issue, (which I may still have), but everything seemed normal, as long as that extra hard drive is unplugged, until I tried Internet Explorer. It began taking me to websites I didn't click on, mostly ads. I tried to go to Trend Micro Housecall, but got redirected. Only by downloading housecall to a USB stick was I able to run it. After running it, I still had the hijacking problem.
I installed a new version of Ad-Aware two days ago and it didn't find it.
I installed Spybot S+D and it found it, says it fixed it, but after I reboot, it's still there.
I have downloaded and ran ERUNT as requested in the "Read this Before Posting"
I have downloaded DDS.com and ran it per the "Read this before posting"
Thank you in advance for the help. I've read through several of the other forum's postings and the people who are helping seem VERY knowledgeable.
Here is the DDS.com log
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jason at 15:32:20.14 on Thu 04/21/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.750 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Anti-Virus - SBC Yahoo! Online Protection *Enabled/Updated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\bpowmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\SoniqCast\SoniqSync\SsSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\PV92Tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Jason\Desktop\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://search.yahoo.com
uSearch Bar = hxxp://www.yahoo.com/ext/search/search.html
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://search.yahoo.com
mSearch Page = hxxp://search.yahoo.com
mSearch Bar = hxxp://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110225174931.dll
BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.9.0\ViewBarBHO.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - SidebarAutoLaunch Class
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - &Yahoo! Messenger
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [WebCamRT.exe]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB0_0_0 -reboot 1
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [PCTVOICE] pctspk.exe
mRun: [PV92TRAY] PV92Tray.exe
IE: &Search - ?p=ZKxdm021YYUS
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: Microsoft XML Parser for Java
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D9EA64B2-B966-E177-332C-78B69886526D} - hxxp://download.newaol.com/bkpromo/download/PerformerSetup.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://www.trueswitch.com/sbc/TrueInstallSBC.exe
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-4-18 64512]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-2-25 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-2-25 84072]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\Vet-Filt.sys [2005-9-16 21031]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\Vet-Rec.sys [2005-9-16 15478]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\VetEFile.sys [2005-9-16 879832]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\VetFDDNT.sys [2005-9-16 15735]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2006-8-3 26787]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2001-8-23 14336]
R2 BPowMon;Broadcom Power monitoring service v1.0.1;c:\windows\system32\BPowMon.exe [2002-11-27 65536]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-17 1753048]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-29 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-12 47640]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-3 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-2-25 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-2-25 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-2-25 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-2-25 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-2-25 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-2-25 141792]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2005-10-12 45696]
R2 SoniqSync Service;SoniqSync Service;c:\program files\soniqcast\soniqsync\SsSvc.exe [2005-1-6 294912]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-25 24652]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-2-25 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-2-25 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-2-25 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-2-25 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-2-25 88544]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2005-10-12 56960]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\VetEBoot.sys [2005-9-16 108360]
S2 CAISafe;CAISafe;c:\program files\yahoo!\antivirus\isafe.exe --> c:\program files\yahoo!\antivirus\ISafe.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DILUSBCamera;Agfa ePhoto CL18 Camera Stream Driver;c:\windows\system32\drivers\stream18.sys [2007-9-13 70708]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2010-8-1 94208]
S2 VETMSGNT;VET Message Service;c:\program files\yahoo!\antivirus\vetmsg.exe --> c:\program files\yahoo!\antivirus\VetMsg.exe [?]
S3 csaudio;AVerDVD EZMaker USB Audio Device Driver;c:\windows\system32\drivers\csaud.sys [2002-11-5 11008]
S3 DCamUSB20;AVerDVD EZMaker USB 2.0 Video Capture;c:\windows\system32\drivers\CsMini20.sys [2003-3-18 46248]
S3 DCamUSBSTK018;STK018 Camera;c:\windows\system32\drivers\STK018W2.sys [2005-6-20 99476]
S3 iMSPCLOj;iMSPCLOj;\??\c:\docume~1\jason\locals~1\temp\imspcloj.sys --> c:\docume~1\jason\locals~1\temp\iMSPCLOj.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-4-17 15232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-2-25 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-2-25 84264]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2007-4-4 38272]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2007-4-4 21376]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-04-19 02:52:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-19 02:52:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-04-19 01:33:00 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-18 20:20:28 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-04-18 20:20:10 -------- d-----w- c:\docume~1\jason\locals~1\applic~1\Sunbelt Software
2011-04-18 20:20:09 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-18 20:16:57 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{727F038C-857C-49B8-8541-BFCEB1009A3E}
2011-04-16 05:43:23 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-16 05:43:23 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-11 21:53:07 -------- d-----w- c:\program files\Chessware
2011-04-03 19:57:43 -------- d-----w- c:\docume~1\jason\applic~1\FLV Extract
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ------w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ------w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HDS722580VLAT20 rev.V32OA60A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A4E84E7]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a4ee7d0]; MOV EAX, [0x8a4ee84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A50EAB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000079[0x8A587338]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> [0x8A511940]
\Driver\atapi[0x8A528930] -> IRP_MJ_CREATE -> 0x8A4E84E7
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A4E8332
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 15:37:02.28 ===============
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Your computer is infected with a nasty Rootkit, I am going to have you run TDSSKiller but this rootkits latest version may prevent it from running , if it runs it will clean it , if it does not we will have to use another method
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
jhornbr225
2011-04-29, 03:09
Yes, still here. I had to go out of town for work. Thank you for responding. I was checking the forum until I left on Monday, but I realize this was a holiday weekend.
I tried the TDSSkiller.zip and TDSSKiller.exe downloaded straight from Kaparsky. Whenever I tried to run it, it would not run. I even tried to rename it, as I saw that in another post someone suggested the renaming trick. It makes it to 80% and shuts the TDSSkiller down.
I did read the "read before you post". I hope that my actions are proving that.
Since TDSSKiller is a no-go, it looks like we are going to have to move to use the "other method" you suggested.
Thanks for the help.
Jason
Hello Jason,
This is what we need to do, your Master Boot Record is infected and we will have to write a new one via the Recovery Console, I am going to have you run Combofix which should clear out more garbage, as it loads it will prompt you to install a Recovery Console if it cant find one, do so as we need that to fix the MBR, cant do it without it.
What is the brand of your computer ???
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif
http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
jhornbr225
2011-04-29, 20:07
OK, I have followed the directions about downloading Combofix and stopping Malware and antivirus programs, but I still get a warning when I try to run Combofix:
"ComboFix has detected the following real time scanner(s) to be active:
antivirus: Anti-Virus - SBC Yahoo! Online Protection"
I have gone to my Mcafee program that comes with my DSL service and shut off or disabled every setting that I can get to.
I still have a program running in task manager Mcshield.exe. I try to end the process, but it says "Operation could not be completed Access Is Denied"
I have gone to "services.msc" and attempted to stop the service, but it won't let me. Again it says "Access Is Denied"
I am an administrator on this machine.
Combofix warns of errors and damage if you run it while Antivirus programs are still running. When I get that warning, the only option is to click "OK" and that appears to run the scan regardless of the status of the anti-virus. WHen I get that warning, I try to stop the service, or make other changes, then reboot. I then try Combofix again and get the same warning.
Got any ideas?
Jason
Go ahead and run it in Safemode with Network Support
Safemode with Network Support
To Enter Safemode
Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)
jhornbr225
2011-04-29, 22:55
OK, I've uninstalled McAfee and anything I can find referencing SBC Yahoo.
I ran Abexo Free Registry cleaner to hopefully get rid of any unused entries. I still get the warning that
"ComboFix has detected the following real time scanner(s) to be active:
antivirus: Anti-Virus - SBC Yahoo! Online Protection"
I went into safe mode and it says the same thing.
How do I proceed?
Should I run the ComboFix in safe mode regardless of the warning?
Thanks,
Jason
Yes, please do, you will be alright
jhornbr225
2011-04-30, 00:49
ComboFix 11-04-29.02 - Jason 04/29/2011 17:14:05.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1245 [GMT -4:00]
Running from: c:\documents and settings\Jason\Desktop\Combo-Fix.exe
AV: Anti-Virus - SBC Yahoo! Online Protection *Enabled/Updated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jason\Application Data\inst.exe
c:\documents and settings\Jason\GoToAssistDownloadHelper.exe
c:\documents and settings\Jason\Local Settings\Temporary Internet Files\temp.dmf
c:\documents and settings\Jason\WINDOWS
c:\program files\JavaCore
c:\program files\NoDNS
c:\program files\NoDNS\UnInstall.exe
c:\program files\RcvSystem
c:\windows\MailSwitch.ocx
c:\windows\system32\42KJE738.ocx
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-29 )))))))))))))))))))))))))))))))
.
.
2011-04-29 21:03 . 2011-04-29 21:04 -------- d-----w- C:\32788R22FWJFW
2011-04-29 17:36 . 2011-04-29 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2011-04-29 17:31 . 2011-04-29 17:31 -------- d-----w- c:\program files\Citrix
2011-04-29 17:29 . 2011-04-29 17:29 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\Citrix
2011-04-21 19:30 . 2011-04-21 19:31 -------- d-----w- c:\program files\ERUNT
2011-04-19 02:52 . 2011-04-19 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-04-19 02:52 . 2011-04-19 02:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-18 20:20 . 2011-04-18 20:20 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\Sunbelt Software
2011-04-18 20:20 . 2011-04-18 20:20 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-16 05:43 . 2011-04-16 05:43 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-16 04:39 . 2011-04-16 04:39 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-04-11 21:53 . 2011-04-11 21:53 -------- d-----w- c:\program files\Chessware
2011-04-03 19:57 . 2011-04-03 19:58 -------- d-----w- c:\documents and settings\Jason\Application Data\FLV Extract
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2004-08-29 03:32 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2001-08-23 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2001-08-23 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-01-08 20:23 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2001-08-23 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2001-08-23 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-16 21:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2001-08-23 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-08-04 07:56 270848 ------w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 07:56 186880 ------w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2001-08-23 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2001-08-23 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2004-08-29 03:31 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCTVOICE"="pctspk.exe" [2003-07-17 180224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-08 18:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
backup=c:\windows\pss\SBC Self Support Tool.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetModule21
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetPack21
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LyraHD2TrayApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 14:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mfevtp"=2 (0x2)
"mfefire"=2 (0x2)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"McNaiAnn"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McMPFSvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SoniqCast\\SoniqSync\\SoniqSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\WINDOWS\\system32\\lxdxcoms.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=
"c:\\WINDOWS\\system32\\lxdxcfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\Wireless\\lxdxwpss.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\frun.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1069:TCP"= 1069:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/23/2001 8:00 AM 14336]
R2 BPowMon;Broadcom Power monitoring service v1.0.1;c:\windows\system32\BPowMon.exe [11/27/2002 5:57 PM 65536]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/29/2010 1:37 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/27/2010 12:22 PM 12856]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [10/12/2005 7:02 PM 45696]
R2 SoniqSync Service;SoniqSync Service;c:\program files\SoniqCast\SoniqSync\SsSvc.exe [1/6/2005 5:25 PM 294912]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/25/2009 2:20 PM 24652]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [10/12/2005 7:02 PM 56960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 DILUSBCamera;Agfa ePhoto CL18 Camera Stream Driver;c:\windows\system32\drivers\stream18.sys [9/13/2007 10:32 PM 70708]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [8/1/2010 3:02 PM 94208]
S3 csaudio;AVerDVD EZMaker USB Audio Device Driver;c:\windows\system32\drivers\csaud.sys [11/5/2002 4:56 PM 11008]
S3 DCamUSB20;AVerDVD EZMaker USB 2.0 Video Capture;c:\windows\system32\drivers\CsMini20.sys [3/18/2003 3:55 PM 46248]
S3 DCamUSBSTK018;STK018 Camera;c:\windows\system32\drivers\STK018W2.sys [6/20/2005 2:08 PM 99476]
S3 iMSPCLOj;iMSPCLOj;\??\c:\docume~1\Jason\LOCALS~1\Temp\iMSPCLOj.sys --> c:\docume~1\Jason\LOCALS~1\Temp\iMSPCLOj.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [4/4/2007 7:50 PM 38272]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [4/4/2007 7:56 PM 21376]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
LSP: c:\windows\system32\VetRedir.dll
DPF: Microsoft XML Parser for Java
DPF: {D9EA64B2-B966-E177-332C-78B69886526D} - hxxp://download.newaol.com/bkpromo/download/PerformerSetup.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-WebCamRT.exe - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-29 17:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HDS722580VLAT20 rev.V32OA60A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A427332
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2052111302-838170752-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
@DACL=(02 0010)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@DACL=(02 0010)
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(996)
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(1252)
c:\windows\system32\WININET.dll
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
.
- - - - - - - > 'explorer.exe'(4012)
c:\windows\system32\WININET.dll
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\lxdxcoms.exe
c:\windows\system32\pctspk.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2011-04-29 17:39:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-29 21:39
.
Pre-Run: 1,663,410,176 bytes free
Post-Run: 4,736,348,160 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 71830851AABC5D8DA2324B6FBEE98B96
Wonderful :bigthumb:
Jason, before we proceed to fix your Master Boot Record I need to know the brand of your computer
jhornbr225
2011-04-30, 01:14
Well, the motherboard is an abit is-10. The computer does not have a brand name. I ordered it custom, and installed XP by myself. Does that help?
Ok, this will work, only with a Dell do we have some issues that need to be resolved first
After you run this fix and all boots up normally, run DDS and post a new log please
Earlier on ComboFix installed the Recovery Console. We're going to use that now.
Reboot your machine and when the Boot Menu flashes up - select "Microsoft Windows Recovery Console"
(you need to be very fast with the arrow key as you only have a couple of seconds before it defaults to the windows XP bootup)
http://i582.photobucket.com/albums/ss269/Cat_Byte/images/RC_BootMenu.gif
When you get to the above screen, take note of the number that references your operating system.
http://i582.photobucket.com/albums/ss269/Cat_Byte/images/RConsole_A.png
If it's '1' like the picture above, type 1 and press Enter
It will then prompt you for the Administrator's password. If there is no password, simply press enter. Otherwise type in the password and then press enter.
http://i582.photobucket.com/albums/ss269/Cat_Byte/images/RConsole_Fixmbr.png
Next type FIXMBR
http://i582.photobucket.com/albums/ss269/Cat_Byte/images/RConsole_FixmbrB.png
If it asks if you're sure you want to write a new MBR, answer 'Y'
Then type EXIT to reboot the machine.
jhornbr225
2011-04-30, 01:52
OK Done, now what?
After you run this fix and all boots up normally, run DDS and post a new log please
jhornbr225
2011-04-30, 04:11
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jason at 21:07:30.48 on Fri 04/29/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1170 [GMT -4:00]
.
AV: Anti-Virus - SBC Yahoo! Online Protection *Enabled/Updated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\bpowmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\SoniqCast\SoniqSync\SsSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Jason\Desktop\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.9.0\ViewBarBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - SidebarAutoLaunch Class
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - &Yahoo! Messenger
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PCTVOICE] pctspk.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
LSP: c:\windows\system32\VetRedir.dll
DPF: Microsoft XML Parser for Java
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D9EA64B2-B966-E177-332C-78B69886526D} - hxxp://download.newaol.com/bkpromo/download/PerformerSetup.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://www.trueswitch.com/sbc/TrueInstallSBC.exe
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\Vet-Filt.sys [2005-9-16 21031]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\Vet-Rec.sys [2005-9-16 15478]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\VetEFile.sys [2005-9-16 879832]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\VetFDDNT.sys [2005-9-16 15735]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2006-8-3 26787]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2001-8-23 14336]
R2 BPowMon;Broadcom Power monitoring service v1.0.1;c:\windows\system32\BPowMon.exe [2002-11-27 65536]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-29 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-12 47640]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2005-10-12 45696]
R2 SoniqSync Service;SoniqSync Service;c:\program files\soniqcast\soniqsync\SsSvc.exe [2005-1-6 294912]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-25 24652]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2005-10-12 56960]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\VetEBoot.sys [2005-9-16 108360]
S2 CAISafe;CAISafe;c:\program files\yahoo!\antivirus\isafe.exe --> c:\program files\yahoo!\antivirus\ISafe.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DILUSBCamera;Agfa ePhoto CL18 Camera Stream Driver;c:\windows\system32\drivers\stream18.sys [2007-9-13 70708]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2010-8-1 94208]
S2 VETMSGNT;VET Message Service;c:\program files\yahoo!\antivirus\vetmsg.exe --> c:\program files\yahoo!\antivirus\VetMsg.exe [?]
S3 csaudio;AVerDVD EZMaker USB Audio Device Driver;c:\windows\system32\drivers\csaud.sys [2002-11-5 11008]
S3 DCamUSB20;AVerDVD EZMaker USB 2.0 Video Capture;c:\windows\system32\drivers\CsMini20.sys [2003-3-18 46248]
S3 DCamUSBSTK018;STK018 Camera;c:\windows\system32\drivers\STK018W2.sys [2005-6-20 99476]
S3 iMSPCLOj;iMSPCLOj;\??\c:\docume~1\jason\locals~1\temp\imspcloj.sys --> c:\docume~1\jason\locals~1\temp\iMSPCLOj.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2007-4-4 38272]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2007-4-4 21376]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-04-29 21:10:52 -------- d-sha-r- C:\cmdcons
2011-04-29 21:04:52 98816 ----a-w- c:\windows\sed.exe
2011-04-29 21:04:52 89088 ----a-w- c:\windows\MBR.exe
2011-04-29 21:04:52 256512 ----a-w- c:\windows\PEV.exe
2011-04-29 21:04:52 161792 ----a-w- c:\windows\SWREG.exe
2011-04-29 17:36:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\Citrix
2011-04-29 17:31:41 -------- d-----w- c:\program files\Citrix
2011-04-29 17:29:49 -------- d-----w- c:\docume~1\jason\locals~1\applic~1\Citrix
2011-04-19 02:52:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-19 02:52:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-04-18 20:20:10 -------- d-----w- c:\docume~1\jason\locals~1\applic~1\Sunbelt Software
2011-04-18 20:20:09 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-16 05:43:23 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-16 05:43:23 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-11 21:53:07 -------- d-----w- c:\program files\Chessware
2011-04-03 19:57:43 -------- d-----w- c:\docume~1\jason\applic~1\FLV Extract
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ------w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ------w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
============= FINISH: 21:08:49.25 ===============
Looks like that fixed it but with these rootkits sometimes friends like to hop on for a ride, lets check a bit more
Your system should be running much better now, any redirects or unwanted pop up windows ??
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
jhornbr225
2011-05-01, 04:07
I never had any popups, just the redirects. A few times it would not boot up, I had to do a reset then it was OK. This all started when it shut down on it's own and I had to remove my media hard drive (Not my OS) to get it to boot. I thought I may have a power supply problem, and I may still, but spybot showed the click.giftload, leading me here. I have not checked to see if it redirects still.
MBM Log
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6480
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4/30/2011 8:43:23 PM
mbam-log-2011-04-30 (20-43-23).txt
Scan type: Quick scan
Objects scanned: 201060
Time elapsed: 4 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{5C9DA244-A571-4fe7-AB8C-CA47703C686B} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{DDBC293E-52E4-45E8-A684-2C3C96EFC069} (Adware.SearchAid) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BndAero6.DLL (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
OTL SCAN
OTL logfile created on: 4/30/2011 8:47:36 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jason\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 4.34 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive D: | 37.63 Gb Total Space | 37.49 Gb Free Space | 99.63% Space Free | Partition Type: NTFS
Computer Name: 3-GHZ | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Jason\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\WINDOWS\system32\lxdxcoms.exe ( )
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SoniqCast\SoniqSync\SsSvc.exe ()
PRC - C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)
PRC - C:\WINDOWS\system32\pctspk.exe ()
PRC - C:\WINDOWS\system32\BPowMon.exe ()
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Jason\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (VETMSGNT) -- File not found
SRV - (CAISafe) -- File not found
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll ()
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (lxdx_device) -- C:\WINDOWS\System32\lxdxcoms.exe ( )
SRV - (lxdxCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe ()
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (SoniqSync Service) -- C:\Program Files\SoniqCast\SoniqSync\SsSvc.exe ()
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)
SRV - (BPowMon) -- C:\WINDOWS\system32\BPowMon.exe ()
========== Driver Services (SafeList) ==========
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (VETEFILE) -- C:\WINDOWS\System32\drivers\VetEFile.sys (Computer Associates International, Inc.)
DRV - (VETEBOOT) -- C:\WINDOWS\System32\drivers\VetEBoot.sys (Computer Associates International, Inc.)
DRV - (SUSTUCAU) -- C:\WINDOWS\system32\drivers\sustucau.sys (Susteen, Inc.)
DRV - (SUSTUCAM) -- C:\WINDOWS\system32\drivers\sustucam.sys (Susteen, Inc.)
DRV - (VETMONNT) -- C:\WINDOWS\System32\drivers\vetmonnt.sys (Computer Associates International, Inc.)
DRV - (VET-FILT) -- C:\WINDOWS\System32\drivers\Vet-Filt.sys (Computer Associates International, Inc.)
DRV - (VETFDDNT) -- C:\WINDOWS\System32\drivers\VetFDDNT.sys (Computer Associates International, Inc.)
DRV - (VET-REC) -- C:\WINDOWS\System32\drivers\Vet-Rec.sys (Computer Associates International, Inc.)
DRV - (ousb2hub) -- C:\WINDOWS\system32\drivers\ousb2hub.sys (OrangeWare Corporation)
DRV - (ousbehci) -- C:\WINDOWS\system32\drivers\ousbehci.sys (OrangeWare Corporation)
DRV - (DCamUSBSTK018) -- C:\WINDOWS\system32\drivers\STK018W2.sys (Syntek Ltd.)
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmHidLo) -- C:\WINDOWS\system32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (MTDVC2) -- C:\WINDOWS\system32\drivers\mtdv2ku2.sys (Matsushita Electric Industrial Co., Ltd.)
DRV - (MTDVC2_ENUM) -- C:\WINDOWS\system32\drivers\mtdv2ks2.sys (Matsushita Electric Industrial Co., Ltd.)
DRV - (Ptserial) -- C:\WINDOWS\system32\drivers\ptserial.sys (PCTEL, INC.)
DRV - (Vvoice) -- C:\WINDOWS\system32\drivers\vvoice.sys (PCtel, Inc.)
DRV - (Vmodem) -- C:\WINDOWS\system32\drivers\vmodem.sys (PCTEL, INC.)
DRV - (Vpctcom) -- C:\WINDOWS\system32\drivers\vpctcom.sys (PCtel, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BASFND) -- C:\WINDOWS\system32\drivers\BASFND.sys (Broadcom Corporation)
DRV - (DCamUSB20) -- C:\WINDOWS\system32\drivers\CsMini20.sys (Crescentec Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (DumaNT) -- C:\WINDOWS\system32\drivers\dumant.sys (NVIDIA Corporation)
DRV - (csaudio) -- C:\WINDOWS\system32\drivers\csaud.sys (Windows (R) 2000 DDK provider)
DRV - (Usb20Scan) -- C:\WINDOWS\system32\drivers\cresscan.sys ()
DRV - (SbcpHid) -- C:\WINDOWS\system32\drivers\SbcpHid.sys ()
DRV - (QCDonner) Logitech QuickCam Express(PID_0840) -- C:\WINDOWS\system32\drivers\lvcd.sys (Logitech Inc.)
DRV - (IPFilter) -- C:\WINDOWS\system32\drivers\ipfilter.sys (Microsoft Corporation)
DRV - (DILUSBCamera) -- C:\WINDOWS\system32\drivers\stream18.sys (Sound Vision Inc.)
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.viewpoint.com/landing/v38a.html
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.viewpoint.com/landing/v38a.html
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2052111302-838170752-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2052111302-838170752-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2052111302-838170752-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2052111302-838170752-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2052111302-838170752-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2052111302-838170752-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2052111302-838170752-682003330-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2052111302-838170752-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2052111302-838170752-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
========== FireFox ==========
[2009/08/10 21:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Extensions
[2009/08/10 21:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2008/04/12 21:25:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\obo7rcwq.default\extensions
[2008/04/12 21:25:15 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\obo7rcwq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/09/09 15:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/11 14:59:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
O1 HOSTS File: ([2011/04/29 17:30:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (Viewpoint Corporation)
O2 - BHO: (no name) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\S-1-5-21-2052111302-838170752-682003330-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [PCTVOICE] C:\WINDOWS\System32\pctspk.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2052111302-838170752-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2052111302-838170752-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2052111302-838170752-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2052111302-838170752-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKU\S-1-5-21-2052111302-838170752-682003330-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (PhotosCtrl Class)
O16 - DPF: {D9EA64B2-B966-E177-332C-78B69886526D} http://download.newaol.com/bkpromo/download/PerformerSetup.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://www.trueswitch.com/sbc/TrueInstallSBC.exe (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/28 23:34:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/30 20:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\Malwarebytes
[2011/04/30 20:35:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/30 20:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/30 20:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/30 20:35:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/30 20:35:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/30 20:34:10 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jason\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/30 20:33:39 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
[2011/04/30 20:30:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/30 20:28:41 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Jason\Desktop\ATF-Cleaner.exe
[2011/04/29 17:24:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/29 17:10:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/29 17:04:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/29 17:04:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/29 17:04:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/29 17:04:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/29 17:03:52 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/04/29 15:46:24 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/04/29 13:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/04/29 13:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2011/04/29 13:29:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\Citrix
[2011/04/29 12:04:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/21 15:31:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/21 15:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/04/21 15:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/21 15:21:19 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Jason\Desktop\erunt-setup.exe
[2011/04/18 22:52:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/18 22:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/18 22:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/04/18 16:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\Sunbelt Software
[2011/04/18 16:20:09 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/04/17 19:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/16 01:36:40 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/04/16 00:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/16 00:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/11 17:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\Chessware
[2011/04/03 15:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\FLV Extract
[2010/08/01 15:02:45 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcoin.dll
[2010/08/01 14:58:51 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDXhcp.dll
[2010/08/01 14:58:50 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxusb1.dll
[2010/08/01 14:58:50 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxinpa.dll
[2010/08/01 14:58:50 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxiesc.dll
[2010/08/01 14:58:49 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxserv.dll
[2010/08/01 14:58:49 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxpmui.dll
[2010/08/01 14:58:49 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxprox.dll
[2010/08/01 14:58:48 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxlmpm.dll
[2010/08/01 14:58:47 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxhbn3.dll
[2010/08/01 14:58:47 | 000,315,392 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxih.exe
[2010/08/01 14:58:45 | 000,589,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcoms.exe
[2010/08/01 14:58:44 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomc.dll
[2010/08/01 14:58:44 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomm.dll
[2010/08/01 14:58:44 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcfg.exe
[2007/01/09 19:48:48 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Jason\Application Data\pcouffin.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/04/30 20:35:07 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/30 20:34:10 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jason\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/30 20:33:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
[2011/04/30 20:28:41 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Jason\Desktop\ATF-Cleaner.exe
[2011/04/30 20:20:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/30 20:20:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/29 18:39:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/29 17:30:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/29 17:10:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/29 17:03:44 | 004,333,524 | R--- | M] () -- C:\Documents and Settings\Jason\Desktop\Combo-Fix.exe
[2011/04/29 12:42:42 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/04/21 15:21:19 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Jason\Desktop\erunt-setup.exe
[2011/04/21 13:42:04 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\dds.com
[2011/04/18 16:20:09 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/04/18 16:08:39 | 000,161,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/18 14:33:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/17 17:33:40 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\housecall.guid.cache
[2011/04/17 17:16:42 | 000,001,536 | ---- | M] () -- C:\WINDOWS\System32\TrueSoft.dat
[2011/04/16 01:06:18 | 000,493,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/16 01:06:18 | 000,083,598 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/14 19:03:32 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\MediaMAX.~5~
[2011/04/12 11:01:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/05 13:47:07 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/04/30 20:35:07 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/29 17:10:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/29 17:10:53 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/29 17:04:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/29 17:04:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/29 17:04:52 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/29 17:04:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/29 17:04:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/29 11:23:46 | 004,333,524 | R--- | C] () -- C:\Documents and Settings\Jason\Desktop\Combo-Fix.exe
[2011/04/21 13:42:04 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\dds.com
[2011/04/17 17:33:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\housecall.guid.cache
[2010/08/01 15:02:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdxvs.dll
[2010/08/01 15:01:44 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdxdrs.dll
[2010/08/01 15:01:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdxcaps.dll
[2010/08/01 15:01:43 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdxcnv4.dll
[2010/08/01 15:01:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2010/08/01 15:01:17 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2010/08/01 15:00:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2010/08/01 15:00:57 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2010/08/01 14:59:16 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdxrwrd.ini
[2010/08/01 14:58:52 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDXinst.dll
[2010/08/01 14:58:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdxgrd.dll
[2010/07/01 21:49:15 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/05/25 12:16:00 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/04/18 20:20:07 | 000,000,173 | ---- | C] () -- C:\WINDOWS\dvdtompegconverter.ini
[2010/04/18 20:15:08 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SysDVDtoMPeg.dat
[2010/03/10 19:24:04 | 000,000,222 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\PrimoPDFSet.xml
[2010/03/05 20:02:09 | 000,011,024 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2009/08/11 11:51:09 | 000,006,479 | ---- | C] () -- C:\Documents and Settings\Jason\Application Data\PrimoPDFSet.xml
[2009/08/11 11:31:08 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/04/27 00:13:36 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/02/07 15:50:03 | 000,000,616 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2008/01/30 16:50:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/08/09 13:08:04 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/01/09 19:55:11 | 000,000,065 | ---- | C] () -- C:\Documents and Settings\Jason\Application Data\Printer.ini
[2007/01/09 19:48:48 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Jason\Application Data\ezpinst.exe
[2007/01/09 19:48:48 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Jason\Application Data\pcouffin.cat
[2007/01/09 19:48:48 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jason\Application Data\pcouffin.inf
[2007/01/09 18:58:46 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/01/09 18:58:46 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\tomsmocomp_ff.dll
[2007/01/09 18:58:46 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/01/09 18:58:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2007/01/09 18:58:45 | 001,953,792 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/01/09 18:58:45 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/01/09 18:58:45 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2007/01/09 18:58:45 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/01/09 18:58:45 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\ff_kerneldeint.dll
[2007/01/09 18:58:45 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/01/09 18:58:45 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/01/09 18:58:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/01/09 18:58:45 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/01/09 18:58:45 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/01/09 18:58:45 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/01/09 18:58:45 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/01/09 18:58:45 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/01/09 18:58:45 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/01/09 18:58:45 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2007/01/09 18:58:45 | 000,084,992 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007/01/09 18:58:45 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2007/01/09 18:58:45 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2007/01/09 18:58:45 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll
[2007/01/09 18:58:45 | 000,049,664 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/01/09 18:58:45 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2007/01/09 18:58:45 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2007/01/09 18:58:44 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\ffavisynth.dll
[2006/05/20 15:22:11 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/02/03 23:35:00 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2006/02/03 23:33:56 | 000,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/01/08 17:27:10 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2005/10/12 20:36:19 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2005/10/04 21:21:48 | 000,000,060 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/09/16 16:29:15 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/09/02 18:50:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/09/01 22:11:37 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/09/01 21:51:24 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/06/20 14:08:12 | 000,032,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\STK018W1.sys
[2005/02/26 17:11:34 | 000,000,022 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/10/08 22:27:40 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/10/08 21:52:32 | 000,002,181 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat
[2004/10/08 21:46:11 | 003,494,576 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2004/10/08 21:46:11 | 000,015,341 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2004/09/12 11:25:46 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2004/09/12 11:22:19 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys
[2004/09/12 11:22:19 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys
[2004/09/10 22:24:23 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIDBD32.dll
[2004/09/10 22:23:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\ntiembed.dll
[2004/09/10 22:23:32 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2004/09/10 22:21:57 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2004/09/05 07:49:51 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/08/30 21:29:55 | 000,000,139 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2004/08/30 21:28:25 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/30 19:29:47 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/08/30 19:29:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2004/08/30 19:22:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/08/30 19:19:39 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS56.DLL
[2004/08/30 19:01:32 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/08/29 00:11:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/29 00:08:17 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2004/08/28 23:56:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\instdll.dll
[2004/08/28 23:55:25 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/08/28 23:49:06 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\WinSys.exe
[2004/08/28 23:49:06 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\memtest.dll
[2004/08/28 23:49:06 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\msiuins.exe
[2004/08/28 23:49:06 | 000,036,076 | R--- | C] () -- C:\WINDOWS\System32\drivers\msicpl.sys
[2004/08/28 23:49:05 | 000,036,076 | R--- | C] () -- C:\WINDOWS\System32\drivers\vgauti.sys
[2004/08/28 23:47:53 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\TrueSoft.dat
[2004/08/28 23:47:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\PTPTT.dat
[2004/08/28 23:47:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\PTHSP.dat
[2004/08/28 23:46:54 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\pctspk.exe
[2004/08/28 23:41:38 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2004/08/28 23:39:42 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/08/28 23:36:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/28 23:31:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/28 19:24:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/28 19:23:51 | 000,161,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/01/30 09:37:50 | 000,000,092 | R--- | C] () -- C:\WINDOWS\System32\FTDIUN2K.INI
[2003/05/31 20:43:38 | 000,005,632 | ---- | C] () -- C:\WINDOWS\TrueProcess.exe
[2003/03/27 15:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2002/12/18 22:48:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\cresvfw.dll
[2002/11/27 17:57:52 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\BPowMon.exe
[2002/11/18 14:29:28 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\nvimage.dll
[2002/11/18 14:29:28 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\nvstreg.exe
[2002/11/18 14:29:28 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\stereoi.dll
[2002/11/05 16:56:48 | 000,099,672 | ---- | C] () -- C:\WINDOWS\dibapi32.dll
[2002/11/05 16:56:48 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\preview.dll
[2002/11/05 16:56:48 | 000,012,692 | ---- | C] () -- C:\WINDOWS\System32\drivers\cresscan.sys
[2002/11/05 16:56:46 | 000,191,976 | ---- | C] () -- C:\WINDOWS\cres1100.exe
[2002/09/02 10:15:10 | 000,038,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2002/04/11 14:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/03/14 13:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/12/03 16:50:58 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\LTTLS13N.DLL
[2001/12/03 16:50:20 | 000,708,608 | R--- | C] () -- C:\WINDOWS\System32\LTCRY13N.DLL
[2001/10/24 16:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,493,054 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,083,598 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2000/11/10 15:57:04 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat
[2000/07/07 06:49:30 | 000,069,120 | R--- | C] () -- C:\WINDOWS\System32\LTDLL.DLL
[2000/04/12 16:28:12 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/04/12 16:24:10 | 000,338,944 | R--- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
========== LOP Check ==========
[2004/08/30 21:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\broderbund
[2006/12/16 15:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/09/23 10:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2011/04/29 13:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/04/30 20:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/05/05 20:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2007/01/09 20:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smilebox
[2007/01/09 19:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/05/09 19:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/25 12:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Aim
[2008/04/12 11:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Artweaver
[2004/08/30 21:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Broderbund
[2010/03/05 20:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\dBpoweramp
[2005/04/11 20:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\DeductionPro 2004-05
[2011/04/03 15:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\FLV Extract
[2010/08/01 16:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Lexmark Productivity Studio
[2009/10/26 20:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Mp3tag
[2006/01/08 17:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\MyFamily.com
[2007/01/09 20:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Netscape
[2007/01/09 20:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Photodex
[2011/04/14 22:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\RipIt4Me
[2009/08/22 22:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\rockbox.org
[2007/01/09 18:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Smilebox
[2008/01/13 19:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Snapfish
[2007/01/09 18:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Ulead Systems
[2008/06/01 11:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Viewpoint
[2010/06/22 11:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Vso
[2010/04/26 14:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\WinFF
[2009/12/13 11:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2006/10/22 13:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steph\Application Data\MyFamily.com
========== Purity Check ==========
< End of report >
jhornbr225
2011-05-01, 04:07
EXTRAS SCAN LOG
OTL Extras logfile created on: 4/30/2011 8:47:36 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jason\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 4.34 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive D: | 37.63 Gb Total Space | 37.49 Gb Free Space | 99.63% Space Free | Partition Type: NTFS
Computer Name: 3-GHZ | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1059:TCP" = 1059:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SoniqCast\SoniqSync\SoniqSync.exe" = C:\Program Files\SoniqCast\SoniqSync\SoniqSync.exe:*:Enabled:SoniqSync Application Plug-in -- (SoniqCast, LLC)
"C:\WINDOWS\system32\lxdxcoms.exe" = C:\WINDOWS\system32\lxdxcoms.exe:*:Enabled:3600-4600 Series Server -- ( )
"C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe" = C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\lxdxcfg.exe" = C:\WINDOWS\system32\lxdxcfg.exe:*:Enabled:Printer Communication System -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxtime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\Lexmark 3600-4600 Series\Wireless\lxdxwpss.exe" = C:\Program Files\Lexmark 3600-4600 Series\Wireless\lxdxwpss.exe:*:Enabled: -- (Lexmark International, Inc.)
"C:\Program Files\Lexmark 3600-4600 Series\frun.exe" = C:\Program Files\Lexmark 3600-4600 Series\frun.exe:*:Enabled:Printing Application -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}" = USB-IrDA Adapter
"{14980FD9-5BAF-4AD1-8051-7F2E9BB13EEC}" = Canon PhotoRecord
"{1A22C818-D44D-4691-BF27-8884CB5B44B1}" = AVerDVD EZMaker USB 2.0 Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A1E9CF-BFC1-4309-80CD-C182D80922DB}_is1" = Artweaver 0.5
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 23
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic (TM)
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3374B4A6-5595-4667-882D-755ABE093806}" = Lyra Jukebox Applications
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = ABBYY FineReader OCR Engine for Microtek
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3F695596-85E6-4224-BC70-538F9036797A}" = MovieShop
"{4475560E-9418-4908-A158-472D873AE139}" = LogMeIn
"{4677AAF8-8D7A-4EE2-BCE4-0068BB052353}" = ArcSoft Camera Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E68EAA3-775A-4542-A08A-47DB8E8E74A6}" = NTI Backup NOW! 3
"{56B9EC21-BCF5-4B86-B908-D8A2C5F48C10}" = Camera Window
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{5C1DA723-24FC-48AD-93BA-925695C3EF26}" = Logitech Gaming Software
"{5DF68560-292A-11D5-99D1-00010256D40E}" = DV Studio3
"{6304CCF6-3343-4DA5-96B6-84B3A644B93B}" = USB Driver for Panasonic DVC
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F1974D6-4249-43B6-88B0-9A9B8A33956C}" = OpenMG Secure Module 4.0.00
"{71620587-44A5-48E4-AB94-B55144FE4FEA}" = SoniqSync
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}" = File Viewer Utility 1.2.2
"{7E33F78B-E29C-4946-AC6B-047E0AE93932}" = S.M.A.R.T.
"{87B481FA-1E4A-40B0-80C3-157E9770F436}" = DataPilot Pix 'n Tunes
"{880017F9-2548-42DB-9A3C-B6BE0136B624}" = 3D Home Architect 5.0 Deluxe
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Advanced Control Suite
"{8FDD2A92-9F75-4706-B8C2-08499A9863E6}" = NTI DriveBackup! 3
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9024562E-CBEC-48B5-894A-1C59269302FE}" = Broderbund Home Design 5.1
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{938DB54D-B302-4594-A782-32219F1734AB}" = Canon Camera WIA Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE006A5-B384-4EDE-A760-0F217136B9EA}" = Microsoft IntelliType Pro 2.2
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB3AC39D-9915-435D-ACC4-9881E75326BC}" = RemoteCapture 2.7.2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA2D4D22-0B99-4D63-BCEE-D2EA4736F27F}" = LogMeIn
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD-Maker
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and Free Tools
"{D1AD7439-FBCA-4345-A780-2A5617EBA9DE}" = neoDVDstandard4
"{DC1D7AD2-583A-4024-9041-387E8FFA5D8C}" = MediaFACE II
"{EBC91840-41E1-4CC3-AC11-0B889546223C}" = Microsoft IntelliPoint 5.5
"{EBE171CC-C465-43FE-AA82-F0B4333764DD}" = WebCam Driver for Panasonic DVC
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EF45B43B-D526-49F7-A2CD-4050A939AA1E}" = Lyra Digital Audio Player
"{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = PhotoStitch
"{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}" = Family Tree Maker 2006
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCE50DB8-C610-4C42-BE5C-193F46C6F812}" = Windows Live Messenger
"Abexo Free Registry Cleaner" = Abexo Free Registry Cleaner
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agfa ePhoto CL18 Digital Camera Driver" = Agfa ePhoto CL18 Digital Camera Driver
"Akamai" = Akamai NetSession Interface
"Audacity_is1" = Audacity 1.2.6
"BroadJump Client Foundation" = BroadJump Client Foundation
"Cisco Connect" = Cisco Connect
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpowerAMP Music Converter" = dBpoweramp Music Converter
"dBpowerAMP WMA V9 Codec" = dBpowerAMP WMA V9 Codec
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.5.0
"DVDFab 7_is1" = DVDFab 7.0.8.0 (14/07/2010)
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"ERUNT_is1" = ERUNT 1.1j
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Indeo® Software" = Indeo® Software
"Installing HSP56 MicroModem Drivers" = HSP56 Modem Drivers
"InstallShield_{1A22C818-D44D-4691-BF27-8884CB5B44B1}" = AVerDVD EZMaker USB 2.0 Driver
"InstallShield_{4E68EAA3-775A-4542-A08A-47DB8E8E74A6}" = NTI Backup NOW! 3
"InstallShield_{56B9EC21-BCF5-4B86-B908-D8A2C5F48C10}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"InstallShield_{6304CCF6-3343-4DA5-96B6-84B3A644B93B}" = USB Driver for Panasonic DVC
"InstallShield_{6F1974D6-4249-43B6-88B0-9A9B8A33956C}" = OpenMG Secure Module 4.0.00
"InstallShield_{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}" = Canon Utilities File Viewer Utility 1.2
"InstallShield_{87B481FA-1E4A-40B0-80C3-157E9770F436}" = DataPilot Pix 'n Tunes
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Advanced Control Suite
"InstallShield_{8FDD2A92-9F75-4706-B8C2-08499A9863E6}" = NTI DriveBackup! 3
"InstallShield_{9024562E-CBEC-48B5-894A-1C59269302FE}" = Broderbund Home Design 5.1
"InstallShield_{938DB54D-B302-4594-A782-32219F1734AB}" = Canon PowerShot S45 WIA Driver
"InstallShield_{AB3AC39D-9915-435D-ACC4-9881E75326BC}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD-Maker 6 Gold
"InstallShield_{D1AD7439-FBCA-4345-A780-2A5617EBA9DE}" = neoDVDstandard
"InstallShield_{EBE171CC-C465-43FE-AA82-F0B4333764DD}" = WebCam Driver for Panasonic DVC
"InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = Canon Utilities PhotoStitch 3.1
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"LucasArts' X-Wing vs. TIE Fighter" = LucasArts' X-Wing vs. TIE Fighter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Money2005b" = Microsoft Money 2005
"Mp3tag" = Mp3tag v2.47b
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIAStereo" = NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
"OpenMG HotFix4.0-04-06-21-01" = OpenMG Limited Patch 4.0-04-08-02-01
"PhotoRecord" = Canon PhotoRecord
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinFF_is1" = WinFF 1.2
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2052111302-838170752-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/18/2011 2:29:36 PM | Computer Name = 3-GHZ | Source = Application Error | ID = 1000
Description = Faulting application TDSSKiller.exe, version 2.4.21.0, faulting module
TDSSKiller.exe, version 2.4.21.0, fault address 0x00056ec9.
Error - 4/18/2011 4:17:31 PM | Computer Name = 3-GHZ | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 4/18/2011 10:33:32 PM | Computer Name = 3-GHZ | Source = Application Error | ID = 1000
Description = Faulting application TDSSKiller.exe, version 2.4.21.0, faulting module
TDSSKiller.exe, version 2.4.21.0, fault address 0x00056ec9.
Error - 4/21/2011 1:21:48 PM | Computer Name = 3-GHZ | Source = Application Error | ID = 1000
Description = Faulting application mytdsskiller.exe, version 2.4.21.0, faulting
module mytdsskiller.exe, version 2.4.21.0, fault address 0x00056ec9.
Error - 4/21/2011 1:23:24 PM | Computer Name = 3-GHZ | Source = Application Error | ID = 1000
Description = Faulting application 123.exe, version 2.4.21.0, faulting module 123.exe,
version 2.4.21.0, fault address 0x00056ec9.
Error - 4/21/2011 1:54:10 PM | Computer Name = 3-GHZ | Source = Application Error | ID = 1000
Description = Faulting application 123.exe, version 2.4.21.0, faulting module 123.exe,
version 2.4.21.0, fault address 0x00056ec9.
Error - 4/24/2011 10:54:26 AM | Computer Name = 3-GHZ | Source = McLogEvent | ID = 5051
Description =
Error - 4/29/2011 11:35:30 AM | Computer Name = 3-GHZ | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.
Error - 4/29/2011 11:56:03 AM | Computer Name = 3-GHZ | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/29/2011 9:21:25 PM | Computer Name = 3-GHZ | Source = Application Error | ID = 1000
Description = Faulting application QuickTimePlayer.exe, version 7.60.92.0, faulting
module QuickTimePlayer.exe, version 7.60.92.0, fault address 0x0000130d.
[ System Events ]
Error - 4/19/2011 11:22:53 AM | Computer Name = 3-GHZ | Source = Service Control Manager | ID = 7000
Description = The Agfa ePhoto CL18 Camera Stream Driver service failed to start
due to the following error: %%1058
Error - 4/19/2011 11:22:53 AM | Computer Name = 3-GHZ | Source = Service Control Manager | ID = 7000
Description = The CAISafe service failed to start due to the following error: %%2
Error - 4/19/2011 11:22:53 AM | Computer Name = 3-GHZ | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdxCATSCustConnectService
service to connect.
Error - 4/19/2011 11:22:53 AM | Computer Name = 3-GHZ | Source = Service Control Manager | ID = 7000
Description = The lxdxCATSCustConnectService service failed to start due to the
following error: %%1053
Error - 4/19/2011 11:22:53 AM | Computer Name = 3-GHZ | Source = Service Control Manager | ID = 7000
Description = The My Web Search Service service failed to start due to the following
error: %%3
Error - 4/19/2011 11:22:53 AM | Computer Name = 3-GHZ | Source = Service Control Manager | ID = 7001
Description = The VET Message Service service depends on the CAISafe service which
failed to start because of the following error: %%2
Error - 4/19/2011 12:50:02 PM | Computer Name = 3-GHZ | Source = Service Control Manager | ID = 7000
Description = The Agfa ePhoto CL18 Camera Stream Driver service failed to start
due to the following error: %%1058
Error - 4/19/2011 12:50:02 PM | Computer Name = 3-GHZ | Source = Service Control Manager | ID = 7000
Description = The CAISafe service failed to start due to the following error: %%2
Error - 4/19/2011 12:50:02 PM | Computer Name = 3-GHZ | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdxCATSCustConnectService
service to connect.
Error - 4/19/2011 12:50:02 PM | Computer Name = 3-GHZ | Source = Service Control Manager | ID = 7000
Description = The lxdxCATSCustConnectService service failed to start due to the
following error: %%1053
< End of report >
Are you still having bootup problems or has that cleared up ?
Your extra log is showing a virus causing problems, its a Back door info stealer, not sure what it may have done but if you do online banking or purchases with your credit card you need to go to those sites from a known clean computer and change those passwords, dont use this system for any banking or online purchases until we deem you completely clean.
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
jhornbr225
2011-05-01, 06:52
Results of ESET Scan
C:\Documents and Settings\Jason\My Documents\CarPC\RideRunnerSetup.exe probably unknown NewHeur_PE virus
I don't think this is a virus. It the setup program for my car PC's Front End. You can read more about it if you wish at MP3Car.com look for Front Ends, and Road Runner. I tried Google and didn't get any redirects. The first site I tried when all this happened was Trend Micro Housecall, and I got redirected. I tried it tonight, and it took me to the correct site.
Great, if you feel that file is ok than lets just leave it be.
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups
Malwarebytes and ATF Cleaner will not be removed but there great free programs and yours to keep
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
jhornbr225
2011-05-01, 20:23
So from what you can tell, am I clean?
I'm still curious about the SBC Yahoo Virus scan. There is no control console for it, and it shows no indication that it is running other than the DDS scan. I have uninstalled everything I can find referring to SBC Yahoo, and it's still there. I downloaded a utility called AutoRun for Windows XP to see if that leads me to it. Do you have any experience with SBC Yahoo AV?
This is actually my secondary compter, so it does not get used every day. I use it to search the web while I am working on the car PC, at the moment the car PC is on the same desk. I also use it to archive my music collection and store photos.
Thanks so much for all the help!
Jason
I still see it running and causing problems.
Lets do this
Download and Run SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:filefind
123.exe
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
jhornbr225
2011-05-02, 02:53
SystemLook 04.09.10 by jpshortstuff
Log created at 19:48 on 01/05/2011 by Jason
Administrator - Elevation successful
========== filefind ==========
Searching for "123.exe"
No files found.
-= EOF =-
So what does this mean?
Latest DDS Log
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jason at 19:51:57.42 on Sun 05/01/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1087 [GMT -4:00]
.
AV: Anti-Virus - SBC Yahoo! Online Protection *Enabled/Updated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\bpowmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\SoniqCast\SoniqSync\SsSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Jason\Desktop\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.9.0\ViewBarBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - SidebarAutoLaunch Class
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - &Yahoo! Messenger
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PCTVOICE] pctspk.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
LSP: c:\windows\system32\VetRedir.dll
DPF: Microsoft XML Parser for Java
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D9EA64B2-B966-E177-332C-78B69886526D} - hxxp://download.newaol.com/bkpromo/download/PerformerSetup.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://www.trueswitch.com/sbc/TrueInstallSBC.exe
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\Vet-Filt.sys [2005-9-16 21031]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\Vet-Rec.sys [2005-9-16 15478]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\VetEFile.sys [2005-9-16 879832]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\VetFDDNT.sys [2005-9-16 15735]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2006-8-3 26787]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2001-8-23 14336]
R2 BPowMon;Broadcom Power monitoring service v1.0.1;c:\windows\system32\BPowMon.exe [2002-11-27 65536]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-29 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-12 47640]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2005-10-12 45696]
R2 SoniqSync Service;SoniqSync Service;c:\program files\soniqcast\soniqsync\SsSvc.exe [2005-1-6 294912]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-25 24652]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2005-10-12 56960]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\VetEBoot.sys [2005-9-16 108360]
S2 CAISafe;CAISafe;c:\program files\yahoo!\antivirus\isafe.exe --> c:\program files\yahoo!\antivirus\ISafe.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DILUSBCamera;Agfa ePhoto CL18 Camera Stream Driver;c:\windows\system32\drivers\stream18.sys [2007-9-13 70708]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2010-8-1 94208]
S2 VETMSGNT;VET Message Service;c:\program files\yahoo!\antivirus\vetmsg.exe --> c:\program files\yahoo!\antivirus\VetMsg.exe [?]
S3 csaudio;AVerDVD EZMaker USB Audio Device Driver;c:\windows\system32\drivers\csaud.sys [2002-11-5 11008]
S3 DCamUSB20;AVerDVD EZMaker USB 2.0 Video Capture;c:\windows\system32\drivers\CsMini20.sys [2003-3-18 46248]
S3 DCamUSBSTK018;STK018 Camera;c:\windows\system32\drivers\STK018W2.sys [2005-6-20 99476]
S3 iMSPCLOj;iMSPCLOj;\??\c:\docume~1\jason\locals~1\temp\imspcloj.sys --> c:\docume~1\jason\locals~1\temp\iMSPCLOj.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2007-4-4 38272]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2007-4-4 21376]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-05-01 02:00:44 -------- d-----w- c:\program files\ESET
2011-05-01 00:35:10 -------- d-----w- c:\docume~1\jason\applic~1\Malwarebytes
2011-05-01 00:35:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-01 00:35:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-01 00:35:03 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-01 00:35:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-29 21:10:52 -------- d-sha-r- C:\cmdcons
2011-04-29 21:04:52 98816 ----a-w- c:\windows\sed.exe
2011-04-29 21:04:52 89088 ----a-w- c:\windows\MBR.exe
2011-04-29 21:04:52 256512 ----a-w- c:\windows\PEV.exe
2011-04-29 21:04:52 161792 ----a-w- c:\windows\SWREG.exe
2011-04-29 17:36:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\Citrix
2011-04-29 17:31:41 -------- d-----w- c:\program files\Citrix
2011-04-29 17:29:49 -------- d-----w- c:\docume~1\jason\locals~1\applic~1\Citrix
2011-04-19 02:52:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-19 02:52:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-04-18 20:20:10 -------- d-----w- c:\docume~1\jason\locals~1\applic~1\Sunbelt Software
2011-04-18 20:20:09 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-16 05:43:23 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-16 05:43:23 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-11 21:53:07 -------- d-----w- c:\program files\Chessware
2011-04-03 19:57:43 -------- d-----w- c:\docume~1\jason\applic~1\FLV Extract
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ------w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ------w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
============= FINISH: 19:52:28.68 ===============
jhornbr225
2011-05-02, 02:58
What's funny at this point is that I should have NO Anti Virus Programs installed. I uninstalled McAfee when I could not shut it off.
I saw that 123 file but it most be gone.
SBC Yahoo<--You got this from your isp , you need to contact them for help removing it.
Looks like McAfee is still running.
What AV do you want to keep , you have to have one
Please download JavaRa (http://raproducts.org/click/click.php?id=1) to your desktop and unzip it to its own folder
Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
1. Click Start > Settings > Control Panel.
2. Double-click the Java Plug-in icon in the control panel.
3. Click the Cache tab.
4. Click Clear A confirmation dialog box appears.
5. Click Yes to confirm.
6. Click Apply.
jhornbr225
2011-05-02, 04:24
This must have been a newer version of Java. There is no Cache tab.
jhornbr225
2011-05-02, 04:31
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "PCTVOICE" "pctvoice MFC Application" "" "c:\windows\system32\pctspk.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "SunJavaUpdateSched" "Java(TM) Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "cdo" "Microsoft SharePoint Portal Server Object Model" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web folders\pkmcdo.dll"
+ "livecall" "MSN Messenger Protocol Handler" "Microsoft Corporation" "c:\program files\msn messenger\msgrapp.8.0.0812.00.dll"
+ "msnim" "MSN Messenger Protocol Handler" "Microsoft Corporation" "c:\program files\msn messenger\msgrapp.8.0.0812.00.dll"
+ "mso-offdap" "Microsoft Office XP Web Components" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\10\owc10.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "CA_AntiVirus" "CA Antivirus Shell Extension Handler" "Computer Associates International, Inc." "c:\windows\avshlext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing LP" "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing LP" "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing LP" "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "nView" "NVIDIA Desktop Explorer, Version 53.03 " "NVIDIA Corporation" "c:\windows\system32\nvshell.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "dBpShell Class" "Provides dBpoweramp Shell Interaction" "Illustrate" "c:\program files\illustrate\dbpoweramp\dbshell.dll"
+ "NeroDigitalColumnHandler Class" "Nero Digital Shell Extension" "Nero AG" "c:\program files\common files\ahead\lib\nerodigitalext.dll"
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "CA_AntiVirus" "CA Antivirus Shell Extension Handler" "Computer Associates International, Inc." "c:\windows\avshlext.dll"
+ "MBAMShlExt" "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing LP" "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing LP" "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java(tm) Plug-In 2 SSV Helper" "Java(TM) Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java(TM) Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "Viewpoint Toolbar BHO" "ViewBarBHO Module" "Viewpoint Corporation" "c:\program files\viewpoint\viewpoint toolbar\3.9.0\viewbarbho.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Easy-WebPrint" "Easy-WebPrint" "" "c:\program files\canon\easy-webprint\toolband.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "PDFill PDF Editor" "Download PDF Files" "PlotSoft LLC" "c:\program files\plotsoft\pdfill\downloadpdf.exe"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "AppleSoftwareUpdate.job" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Akamai" "Provides networking protocol and file transfer technologies. If the service is stopped, those applications that depend on the service may fail to transfer files or otherwise function properly." "" "c:\program files\common files\akamai\netsession_win_a35e6b9.dll"
+ "AOL ACS" "AOL Connectivity Service" "America Online, Inc." "c:\program files\common files\aol\acs\acsd.exe"
+ "BPowMon" "Power monitoring service for Broadcom applications." "" "c:\windows\system32\bpowmon.exe"
+ "CAISafe" "" "" "File not found: C:\Program Files\Yahoo!\Antivirus\ISafe.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\1150\intel 32\idrivert.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "LMIGuardianSvc" "Support LogMeIn processes with quality assurance feedback" "LogMeIn, Inc." "c:\program files\logmein\x86\lmiguardiansvc.exe"
+ "LMIMaint" "LogMeIn Maintenance Service" "LogMeIn, Inc." "c:\program files\logmein\x86\ramaint.exe"
+ "LogMeIn" "LogMeIn" "LogMeIn, Inc." "c:\program files\logmein\x86\logmein.exe"
+ "lxdx_device" "Printer Communication System" " " "c:\windows\system32\lxdxcoms.exe"
+ "lxdxCATSCustConnectService" "Lexmark Connect Service Executable" "Lexmark International, Inc." "c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe"
+ "PACSPTISVR" "PACSPTISVR Module" "Sony Corporation" "c:\program files\common files\sony shared\avlib\pacsptisvr.exe"
+ "SoniqSync Service" "" "" "c:\program files\soniqcast\soniqsync\sssvc.exe"
+ "SPTISRV" "SPTISRV Module" "Sony Corporation" "c:\program files\common files\sony shared\avlib\sptisrv.exe"
+ "usnsvc" "Service installed by Messenger to enable sharing scenarios" "Microsoft Corporation" "c:\program files\msn messenger\usnsvc.dll"
+ "VETMSGNT" "" "" "File not found: C:\Program Files\Yahoo!\Antivirus\VetMsg.exe"
+ "Viewpoint Manager Service" "Ensures Viewpoint 3D and Rich Media Technologies are up to date" "Viewpoint Corporation" "c:\program files\viewpoint\common\viewpointservice.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ALCXWDM" "Realtek AC'97 Audio Driver (WDM)" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\alcxwdm.sys"
+ "ASPI32" "ASPI for WIN32 Kernel Driver" "Adaptec" "c:\windows\system32\drivers\aspi32.sys"
+ "BASFND" "Broadcom NetDetect Driver." "Broadcom Corporation" "c:\windows\system32\drivers\basfnd.sys"
+ "bcm4sbxp" "Broadcom Corporation NDIS 5.1 ethernet driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcm4sbxp.sys"
+ "catchme" "" "" "File not found: C:\Combo-Fix\catchme.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "csaudio" "Toaster Device Driver" "Windows (R) 2000 DDK provider" "c:\windows\system32\drivers\csaud.sys"
+ "DCamUSB20" "Crescentec Universal Serial Bus 2.0 Camera Driver" "Crescentec Corporation" "c:\windows\system32\drivers\csmini20.sys"
+ "DCamUSBSTK018" "" "Syntek Ltd." "c:\windows\system32\drivers\stk018w2.sys"
+ "DILUSBCamera" "Sound Vision Stream Class Minidriver" "Sound Vision Inc." "c:\windows\system32\drivers\stream18.sys"
+ "DumaNT" "DUMA NT Keyboard Filter" "NVIDIA Corporation" "c:\windows\system32\drivers\dumant.sys"
+ "GMSIPCI" "" "" "File not found: E:\INSTALL\GMSIPCI.SYS"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "iMSPCLOj" "" "" "File not found: C:\DOCUME~1\Jason\LOCALS~1\Temp\iMSPCLOj.sys"
+ "Lavasoft Kernexplorer" "" "" "File not found: C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "LMIInfo" "RemotelyAnywhere Kernel Information Provider" "LogMeIn, Inc." "c:\program files\logmein\x86\rainfo.sys"
+ "LMImirr" "LogMeIn Mirror Miniport Driver" "LogMeIn, Inc." "c:\windows\system32\drivers\lmimirr.sys"
+ "LMIRfsDriver" "LogMeIn Rfs Drivemap Driver" "LogMeIn, Inc." "c:\windows\system32\drivers\lmirfsdriver.sys"
+ "mbr" "" "" "File not found: C:\DOCUME~1\Jason\LOCALS~1\Temp\mbr.sys"
+ "MTDVC2" "Panasonic DVC SERIAL-USB Driver" "Matsushita Electric Industrial Co., Ltd." "c:\windows\system32\drivers\mtdv2ku2.sys"
+ "MTDVC2_ENUM" "Panasonic DVC SERIAL Port Driver" "Matsushita Electric Industrial Co., Ltd." "c:\windows\system32\drivers\mtdv2ks2.sys"
+ "MxlW2k" "MusicMatch Access Layer KMD" "MusicMatch, Inc." "c:\windows\system32\drivers\mxlw2k.sys"
+ "NTACCESS" "" "" "File not found: E:\NTACCESS.sys"
+ "NTIDrvr" "NTI CD-ROM Filter Driver" "NewTech Infosystems, Inc." "c:\windows\system32\drivers\ntidrvr.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "ousb2hub" "USB 2.0 Hub Driver" "OrangeWare Corporation" "c:\windows\system32\drivers\ousb2hub.sys"
+ "ousbehci" "USB 2.0 Enhanced Host Controller Driver" "OrangeWare Corporation" "c:\windows\system32\drivers\ousbehci.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "Pcouffin" "" "" "File not found: System32\Drivers\Pcouffin.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "Ptserial" "HSP Modem Serial Device Driver" "PCTEL, INC." "c:\windows\system32\drivers\ptserial.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "QCDonner" "Video Minidriver" "Logitech Inc." "c:\windows\system32\drivers\lvcd.sys"
+ "SbcpHid" "" "" "c:\windows\system32\drivers\sbcphid.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SetupNTGLM7X" "" "" "File not found: E:\NTGLM7X.sys"
+ "SUSTUCAM" "Susteen USB Cable Driver" "Susteen, Inc." "c:\windows\system32\drivers\sustucam.sys"
+ "SUSTUCAU" "Susteen USB Cable USB Driver" "Susteen, Inc." "c:\windows\system32\drivers\sustucau.sys"
+ "Usb20Scan" "" "" "c:\windows\system32\drivers\cresscan.sys"
+ "VET-FILT" "CA Antivirus File Protection Driver" "Computer Associates International, Inc." "c:\windows\system32\drivers\vet-filt.sys"
+ "VET-REC" "CA Antivirus File Protection Driver" "Computer Associates International, Inc." "c:\windows\system32\drivers\vet-rec.sys"
+ "VETEBOOT" "RealTime Anti-Virus Protection Driver" "Computer Associates International, Inc." "c:\windows\system32\drivers\veteboot.sys"
+ "VETEFILE" "RealTime Anti-Virus Protection Driver" "Computer Associates International, Inc." "c:\windows\system32\drivers\vetefile.sys"
+ "VETFDDNT" "CA Antivirus File Protection Driver" "Computer Associates International, Inc." "c:\windows\system32\drivers\vetfddnt.sys"
+ "VETMONNT" "CA Antivirus File Protection Driver" "Computer Associates International, Inc." "c:\windows\system32\drivers\vetmonnt.sys"
+ "Vmodem" "HSP Modem Modem Device Driver" "PCTEL, INC." "c:\windows\system32\drivers\vmodem.sys"
+ "Vpctcom" "HSP Modem Virtual Control Device" "PCtel, Inc." "c:\windows\system32\drivers\vpctcom.sys"
+ "Vvoice" "HSP Modem device driver" "PCtel, Inc." "c:\windows\system32\drivers\vvoice.sys"
+ "wanatw" "Wan Miniport (ATW)" "America Online, Inc." "c:\windows\system32\drivers\wanatw4.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "WmBEnum" "Logitech WingMan Virtual Bus Enumerator Driver " "Logitech Inc." "c:\windows\system32\drivers\wmbenum.sys"
+ "WmFilter" "Logitech WingMan Hid Filter Driver" "Logitech Inc." "c:\windows\system32\drivers\wmfilter.sys"
+ "WmHidLo" "Logitech WingMan Hid Lower Filter Driver" "Logitech Inc." "c:\windows\system32\drivers\wmhidlo.sys"
+ "WmVirHid" "Logitech WingMan Virtual Hid Device Driver" "Logitech Inc." "c:\windows\system32\drivers\wmvirhid.sys"
+ "WmXlCore" "Logitech WingMan Translation Driver" "Logitech Inc." "c:\windows\system32\drivers\wmxlcore.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® Audio Software" "Ligos Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.scg726" "SHARP G.726 ACM Audio Decoder" "SHARP Corporation" "c:\windows\system32\scg726.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech(TM) Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "msacm.voxacm160" "Voxware Audio Compression Manager Driver" "Voxware, Inc." "c:\windows\system32\vct3216.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "Ligos Indeo® Video 3.2" "Ligos Corporation" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "Ligos Indeo® Video 3.2" "Ligos Corporation" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Ligos Indeo® Video 5.11" "Ligos Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Audio Source" "Windows Media Preview Object" "Microsoft Corporation" "c:\program files\windows media components\encoder\wmprevu.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CyberLink Audio Decoder" "CyberLink Audio Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdvd\claudfx.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\clnav.ax"
+ "CyberLink DxVA Filter 2" "" "" "c:\program files\cyberlink\powerdvd\cldxva.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\clvsd.ax"
+ "DV Scenes" "DV-Timecode based Scenechange Detection" "Ahead Software AG" "c:\program files\ahead\nerovision\nvdv.dll"
+ "DV Source Filter" "DV-Timecode based Scenechange Detection" "Ahead Software AG" "c:\program files\ahead\nerovision\nvdv.dll"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Honestech VCD/SVCD Encoder" "honest technology, VCD/SVCD encoder" "honest technology" "c:\windows\system32\htvcdsvcd.ax"
+ "Indeo Video (r) 5.11 Progressive Download Source" "Ligos Indeo® Video IVF Source Filter 5.11" "Ligos Corporation" "c:\windows\system32\ivfsrc.ax"
+ "Indeo® Audio Software" "Indeo® Audio Software" "Ligos Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® Video 5.11 Compression Filter" "Ligos Indeo® Video 5.11" "Ligos Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® Video 5.11 Decompression Filter" "Ligos Indeo® Video 5.11" "Ligos Corporation" "c:\windows\system32\ir50_32.dll"
+ "Logitech Video/Audio Tee" "Video/Audio Tee Filter" "Logitech Inc." "c:\windows\system32\vatee.ax"
+ "Logitech Virtual Camera Filter" "vsf source filter" "Logitech Inc." "c:\program files\common files\logitech\qcdriver3\vsf.ax"
+ "LogMeIn Video Decoder" "LogMeIn Video Codec" "LogMeIn, Inc." "c:\program files\logmein\x86\racodec.ax"
+ "LogMeIn Video Encoder" "LogMeIn Video Codec" "LogMeIn, Inc." "c:\program files\logmein\x86\racodec.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Nero Audio CD Filter" "Nero Audio CD Source Filter" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\neaudcd.ax"
+ "Nero Audio Processor" "Nero Audio Processor" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudioconv.ax"
+ "Nero Audio Source" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Digital Audio Decoder" "Nero Digital Audio Decoding Filter" "Ahead Software AG and its licensors" "c:\program files\common files\ahead\dsfilter\neaudio.ax"
+ "Nero Digital AVC Audio Encoder" "LC AAC and HE AAC encoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendaud.ax"
+ "Nero Digital AVC File Writer" "Muxing filter for NeroDigital file format" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Muxer" "Muxing filter for NeroDigital file format" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Null Renderer" "Muxing filter for NeroDigital file format" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital Parser" "NeroDigital / mp4 / avi / mov parser" "Nero AG" "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero DV Splitter" "DV Splitter Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nedvsplitter.ax"
+ "Nero DVD Decoder" "MPEG-1/2/4 & AVC video decoder w/ DxVA" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero DVD Navigator" "Nero DVD Navigator Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nedvd.ax"
+ "Nero ES Video Reader" "NeroDigital / mp4 / avi / mov parser" "Nero AG" "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero File Source" "Nero Library" "Nero AG " "c:\program files\common files\ahead\dsfilter\nefilesrc.ax"
+ "Nero File Source (Async.)" "NeFileSourceAsync" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nefilesourceasync.ax"
+ "Nero File Source / Splitter" "Push Mode VOB Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nefsource.ax"
+ "Nero Format Converter" "NeroFormatConv" "Nero AG" "c:\program files\common files\ahead\dsfilter\neroformatconv.ax"
+ "Nero Frame Capture" "Direct Show frame grabber filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\necapture.ax"
+ "Nero Mpeg2 Encoder" "MPEG 1/2 encoder filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevcr.ax"
+ "Nero Photo Source" "NePhotoSource" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nephotosource.ax"
+ "Nero PS Muxer" "PS Muxer Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nepsmuxer.ax"
+ "Nero QuickTime(tm) Audio Decoder" "QuickTime(tm) Decoder Wrapper" "Nero AG" "c:\program files\common files\ahead\dsfilter\neqtdec.ax"
+ "Nero QuickTime(tm) Video Decoder" "QuickTime(tm) Decoder Wrapper" "Nero AG" "c:\program files\common files\ahead\dsfilter\neqtdec.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Nero AG" "c:\program files\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Nero AG" "c:\program files\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Splitter" "Splitter Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nesplitter.ax"
+ "Nero Vcd Navigator" "Nero Vcd Navigator Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevcd.ax"
+ "Nero Video Analyzer" "Nero Video Analyzer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideoanalyzer.ax"
+ "Nero Video Decoder" "MPEG-1/2/4 & AVC video decoder w/ DxVA" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero Video Processor" "Resize / Deinterlace / Color Correction / Film Effect / Frame Capture Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerovideoproc.ax"
+ "Nero Video Source" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "OMG TRANSFORM" "OmgTransform Filter " "Sony Corporation" "c:\program files\common files\sony shared\openmg\omgtrans.ax"
+ "OmgPushSrc" "" "" "c:\program files\common files\sony shared\openmg\omgpushsrc.ax"
+ "OpenMG Async. File Source" "OpenMG Async. File Source" "Sony Corporation" "c:\program files\common files\sony shared\avlib\omgafs.ax"
+ "OpenMG Audio Decrypt" "OpenMG Decrypt Filter" "Sony Corporation" "c:\program files\common files\sony shared\openmg\omgdec.ax"
+ "OpenMG OmgSource Filter" "OpenMG OmgSource Filter" "Sony Corporation" "c:\program files\common files\sony shared\openmg\omgsrc.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "SAL Input Converter" "SAL Input Converter Source Filter" "Sony Corporation" "c:\program files\common files\sony shared\openmg\saliconv.ax"
+ "SAL Output Converter" "SAL Output Converter RendererFilter" "Sony Corporation" "c:\program files\common files\sony shared\openmg\saloconv.ax"
+ "Screen capture Filter" "WMESrcWp Module" "Microsoft Corporation" "c:\program files\windows media components\encoder\wmesrcwp.dll"
+ "Seamless Play" "Seamless-Play Filter (Sample)" "Sony Corporation" "c:\program files\common files\sony shared\openmg\seamless.ax"
+ "Sharp G.726 Audio Codec" "SHARP DirectShow G.726 Audio Decoder" "SHARP Corporation" "c:\windows\system32\sc726dec.ax"
+ "ShotBoundaryDet" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Sony Audio CD Source Filter" "OpenMG CdSource Filter" "Sony Corporation" "c:\program files\common files\sony shared\avlib\cdsrc.ax"
+ "SonyMSAConv" "OpenMG Converter Filter" "Sony Corporation" "c:\program files\common files\sony shared\avlib\sonycdsrcwriter.ax"
+ "SonyMSAConv" "OpenMG Converter Filter" "Sony Corporation" "c:\program files\common files\sony shared\avlib\sonymsaconverter3.ax"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "TrueMotion 2.0 Decompressor" "TrueMotion 2.0 Decompressor" "The Duck Corporation" "c:\windows\system32\tm20dec.ax"
+ "Video Resize" "Special Effects Sample" "MyCompanyName" "c:\windows\system32\ezrgb24.ax"
+ "Video Source" "Windows Media Preview Object" "Microsoft Corporation" "c:\program files\windows media components\encoder\wmprevu.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "Windows Media Pad VU Data Grabber" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMEncSourceSink" "WMESrcWp Module" "Microsoft Corporation" "c:\program files\windows media components\encoder\wmesrcwp.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "LMIinit" "LogMeIn Remote Control Helper" "LogMeIn, Inc." "c:\windows\system32\lmiinit.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries" "" "" ""
+ "000000000001" "CA ISafe LSP DLL" "Computer Associates International, Inc." "c:\windows\system32\vetredir.dll"
+ "000000000002" "CA ISafe LSP DLL" "Computer Associates International, Inc." "c:\windows\system32\vetredir.dll"
+ "000000000003" "CA ISafe LSP DLL" "Computer Associates International, Inc." "c:\windows\system32\vetredir.dll"
+ "000000000009" "CA ISafe LSP DLL" "Computer Associates International, Inc." "c:\windows\system32\vetredir.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "3600-4600 Series Port" "Printer Communication System" " " "c:\windows\system32\lxdxlmpm.dll"
+ "Canon BJ Language Monitor i860" "BJ Language Monitor" "CANON INC." "c:\windows\system32\cnmlm56.dll"
+ "Lexmark Print-2-Fax Port" "Print Monitor (Win2k/WinXP)" "" "c:\windows\system32\lxf3pmon.dll"
+ "LogMeIn Printer Port Monitor" "RemotelyAnywhere Printer Port Monitor" "LogMeIn, Inc." "c:\windows\system32\lmiport.dll"
+ "PDFill Writer Monitor" "DDK Local Monitor DLL" "Windows (R) Codename Longhorn DDK provider" "c:\program files\plotsoft\pdfill\pdfwriter\driver\pdfillwritermon.dll"
+ "PrimoMon" "" "" "c:\windows\system32\primomonnt.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "LMIRfsClientNP" "LogMeIn Virtual Disk Network" "LogMeIn, Inc." "c:\windows\system32\lmirfsclientnp.dll"
Here is a log from my Autoruns.
I am sitting on a computer most likely thousands of mile from you and not sitting right down in front of your computer, your my eyes and ears, you need to answer my questions if you expect me to help you
Previously Posted
What AV do you want to keep , you have to have one ?
jhornbr225
2011-05-02, 19:17
Sorry, didn't mean to not answer the question.
I'll be re-installing the McAfee when this is all done. I'd love to get rid of this SBC Yahoo Anti-Virus as it most likely is sucking resources. I believe that this was in use years ago, before my SBC Yahoo paired up with McAfee. I would have thought the install of the McAfee years ago from SBC would have included provisions to uninstall the older version. Like I said, there is no command console and no method of changing any settings that I can find. I uninstalled everything I could find that had anything to do with SBC Yahoo. On that note, I also uninstalled everything I could find with McAfee, but yet DDS still shows it as running. Do you know what process DDS is using to determine that these programs are running? Is it checking for running processes? Or is it simply looking at registry entries?
I do see in the latest log fron Autorun that I posted that there are some things from Computer Associates AntiVirus running during startup. I don't recall ever installing anything from Computer Associates, and there is no folder in program files referring to Computer Associates.
This computer is older (2002 or 2003 perhaps?). Although it is older, it as a decently fast machine (3-GHZ), and it does just fine for most operations that I do.
Over the years, so much stuff has been installed and uninstalled, I'm considering starting over, clearing it off, repartitioning the hard drive, and re-installing XP. Originally when I got this computer, I split the 80GB hard drive into 2 40GB drives, one for OS, and one for media. Lately I am banging up against that 40GB limit on the OS Drive, and the other partition is empty, as I've added a 300GB second phyiscal hard drive to the system for media.
My other machine is an AMD Phenom II X4 965 3.4GHZ Quad Core. I use that one for video editing, and it's awesome, so this machine is kind of a spare, and used for storage. This way both the wife and I can use a computer at the same time.
Why dont you post a new OTL log and we can remove anything we see for AV except for McAfee
jhornbr225
2011-05-02, 19:43
At this point, there should be no third party Anti-Virus or Firewall running.
I'm still seeing references to AOL, I have not used that in years.
Here is the OTL log, Minimal output, scan all users, LOP Check and Purity Check.
OTL logfile created on: 5/2/2011 12:34:01 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jason\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 77.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 4.19 Gb Free Space | 10.74% Space Free | Partition Type: NTFS
Drive D: | 37.63 Gb Total Space | 37.49 Gb Free Space | 99.63% Space Free | Partition Type: NTFS
Computer Name: 3-GHZ | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Jason\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\WINDOWS\system32\lxdxcoms.exe ( )
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SoniqCast\SoniqSync\SsSvc.exe ()
PRC - C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)
PRC - C:\WINDOWS\system32\pctspk.exe ()
PRC - C:\WINDOWS\system32\BPowMon.exe ()
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Jason\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (VETMSGNT) -- File not found
SRV - (CAISafe) -- File not found
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll ()
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (lxdx_device) -- C:\WINDOWS\System32\lxdxcoms.exe ( )
SRV - (lxdxCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe ()
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (SoniqSync Service) -- C:\Program Files\SoniqCast\SoniqSync\SsSvc.exe ()
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)
SRV - (BPowMon) -- C:\WINDOWS\system32\BPowMon.exe ()
========== Driver Services (SafeList) ==========
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (VETEFILE) -- C:\WINDOWS\System32\drivers\VetEFile.sys (Computer Associates International, Inc.)
DRV - (VETEBOOT) -- C:\WINDOWS\System32\drivers\VetEBoot.sys (Computer Associates International, Inc.)
DRV - (SUSTUCAU) -- C:\WINDOWS\system32\drivers\sustucau.sys (Susteen, Inc.)
DRV - (SUSTUCAM) -- C:\WINDOWS\system32\drivers\sustucam.sys (Susteen, Inc.)
DRV - (VETMONNT) -- C:\WINDOWS\System32\drivers\vetmonnt.sys (Computer Associates International, Inc.)
DRV - (VET-FILT) -- C:\WINDOWS\System32\drivers\Vet-Filt.sys (Computer Associates International, Inc.)
DRV - (VETFDDNT) -- C:\WINDOWS\System32\drivers\VetFDDNT.sys (Computer Associates International, Inc.)
DRV - (VET-REC) -- C:\WINDOWS\System32\drivers\Vet-Rec.sys (Computer Associates International, Inc.)
DRV - (ousb2hub) -- C:\WINDOWS\system32\drivers\ousb2hub.sys (OrangeWare Corporation)
DRV - (ousbehci) -- C:\WINDOWS\system32\drivers\ousbehci.sys (OrangeWare Corporation)
DRV - (DCamUSBSTK018) -- C:\WINDOWS\system32\drivers\STK018W2.sys (Syntek Ltd.)
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmHidLo) -- C:\WINDOWS\system32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (MTDVC2) -- C:\WINDOWS\system32\drivers\mtdv2ku2.sys (Matsushita Electric Industrial Co., Ltd.)
DRV - (MTDVC2_ENUM) -- C:\WINDOWS\system32\drivers\mtdv2ks2.sys (Matsushita Electric Industrial Co., Ltd.)
DRV - (Ptserial) -- C:\WINDOWS\system32\drivers\ptserial.sys (PCTEL, INC.)
DRV - (Vvoice) -- C:\WINDOWS\system32\drivers\vvoice.sys (PCtel, Inc.)
DRV - (Vmodem) -- C:\WINDOWS\system32\drivers\vmodem.sys (PCTEL, INC.)
DRV - (Vpctcom) -- C:\WINDOWS\system32\drivers\vpctcom.sys (PCtel, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BASFND) -- C:\WINDOWS\system32\drivers\BASFND.sys (Broadcom Corporation)
DRV - (DCamUSB20) -- C:\WINDOWS\system32\drivers\CsMini20.sys (Crescentec Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (DumaNT) -- C:\WINDOWS\system32\drivers\dumant.sys (NVIDIA Corporation)
DRV - (csaudio) -- C:\WINDOWS\system32\drivers\csaud.sys (Windows (R) 2000 DDK provider)
DRV - (Usb20Scan) -- C:\WINDOWS\system32\drivers\cresscan.sys ()
DRV - (SbcpHid) -- C:\WINDOWS\system32\drivers\SbcpHid.sys ()
DRV - (QCDonner) Logitech QuickCam Express(PID_0840) -- C:\WINDOWS\system32\drivers\lvcd.sys (Logitech Inc.)
DRV - (IPFilter) -- C:\WINDOWS\system32\drivers\ipfilter.sys (Microsoft Corporation)
DRV - (DILUSBCamera) -- C:\WINDOWS\system32\drivers\stream18.sys (Sound Vision Inc.)
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.viewpoint.com/landing/v38a.html
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.viewpoint.com/landing/v38a.html
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2052111302-838170752-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2052111302-838170752-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2052111302-838170752-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2052111302-838170752-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2052111302-838170752-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2052111302-838170752-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2052111302-838170752-682003330-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2052111302-838170752-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2052111302-838170752-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
========== FireFox ==========
[2009/08/10 21:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Extensions
[2009/08/10 21:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2008/04/12 21:25:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\obo7rcwq.default\extensions
[2008/04/12 21:25:15 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\obo7rcwq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/09/09 15:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/11 14:59:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
O1 HOSTS File: ([2011/04/29 17:30:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (Viewpoint Corporation)
O2 - BHO: (no name) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\S-1-5-21-2052111302-838170752-682003330-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [PCTVOICE] C:\WINDOWS\System32\pctspk.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2052111302-838170752-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2052111302-838170752-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2052111302-838170752-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2052111302-838170752-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKU\S-1-5-21-2052111302-838170752-682003330-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (PhotosCtrl Class)
O16 - DPF: {D9EA64B2-B966-E177-332C-78B69886526D} http://download.newaol.com/bkpromo/download/PerformerSetup.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://www.trueswitch.com/sbc/TrueInstallSBC.exe (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/28 23:34:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/01 21:19:43 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/01 21:19:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/01 21:19:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/01 21:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Desktop\JavaRa
[2011/04/30 22:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/30 20:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\Malwarebytes
[2011/04/30 20:35:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/30 20:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/30 20:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/30 20:35:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/30 20:35:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/30 20:34:10 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jason\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/30 20:33:39 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
[2011/04/30 20:30:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/30 20:28:41 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Jason\Desktop\ATF-Cleaner.exe
[2011/04/29 17:24:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/29 17:10:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/29 17:04:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/29 17:04:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/29 17:04:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/29 17:04:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/29 17:03:52 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/04/29 15:46:24 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/04/29 13:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/04/29 13:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2011/04/29 13:29:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\Citrix
[2011/04/29 12:04:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/21 15:31:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/21 15:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/04/21 15:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/21 15:21:19 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Jason\Desktop\erunt-setup.exe
[2011/04/18 22:52:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/18 22:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/18 22:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/04/18 16:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\Sunbelt Software
[2011/04/18 16:20:09 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/04/17 19:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/16 01:36:40 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/04/16 00:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/16 00:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/11 17:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\Chessware
[2011/04/03 15:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\FLV Extract
[2010/08/01 15:02:45 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcoin.dll
[2010/08/01 14:58:51 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDXhcp.dll
[2010/08/01 14:58:50 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxusb1.dll
[2010/08/01 14:58:50 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxinpa.dll
[2010/08/01 14:58:50 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxiesc.dll
[2010/08/01 14:58:49 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxserv.dll
[2010/08/01 14:58:49 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxpmui.dll
[2010/08/01 14:58:49 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxprox.dll
[2010/08/01 14:58:48 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxlmpm.dll
[2010/08/01 14:58:47 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxhbn3.dll
[2010/08/01 14:58:47 | 000,315,392 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxih.exe
[2010/08/01 14:58:45 | 000,589,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcoms.exe
[2010/08/01 14:58:44 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomc.dll
[2010/08/01 14:58:44 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomm.dll
[2010/08/01 14:58:44 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcfg.exe
[2007/01/09 19:48:48 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Jason\Application Data\pcouffin.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/05/02 12:33:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/02 12:32:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/01 21:19:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/05/01 21:19:28 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/01 21:19:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/01 21:19:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/01 21:19:28 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/05/01 21:07:41 | 000,159,877 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\JavaRa.zip
[2011/05/01 19:48:10 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\SystemLook.exe
[2011/04/30 20:35:07 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/30 20:34:10 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jason\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/30 20:33:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
[2011/04/30 20:28:41 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Jason\Desktop\ATF-Cleaner.exe
[2011/04/29 18:39:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/29 17:30:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/29 17:10:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/29 17:03:44 | 004,333,524 | R--- | M] () -- C:\Documents and Settings\Jason\Desktop\Combo-Fix.exe
[2011/04/29 12:42:42 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/04/21 15:21:19 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Jason\Desktop\erunt-setup.exe
[2011/04/21 13:42:04 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\dds.com
[2011/04/18 16:20:09 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/04/18 16:08:39 | 000,161,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/18 14:33:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/17 17:33:40 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\housecall.guid.cache
[2011/04/17 17:16:42 | 000,001,536 | ---- | M] () -- C:\WINDOWS\System32\TrueSoft.dat
[2011/04/16 01:06:18 | 000,493,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/16 01:06:18 | 000,083,598 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/14 19:03:32 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\MediaMAX.~5~
[2011/04/12 11:01:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/05 13:47:07 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/05/01 21:07:39 | 000,159,877 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\JavaRa.zip
[2011/05/01 19:48:10 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\SystemLook.exe
[2011/04/30 20:35:07 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/29 17:10:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/29 17:10:53 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/29 17:04:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/29 17:04:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/29 17:04:52 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/29 17:04:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/29 17:04:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/29 11:23:46 | 004,333,524 | R--- | C] () -- C:\Documents and Settings\Jason\Desktop\Combo-Fix.exe
[2011/04/21 13:42:04 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\dds.com
[2011/04/17 17:33:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\housecall.guid.cache
[2010/08/01 15:02:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdxvs.dll
[2010/08/01 15:01:44 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdxdrs.dll
[2010/08/01 15:01:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdxcaps.dll
[2010/08/01 15:01:43 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdxcnv4.dll
[2010/08/01 15:01:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2010/08/01 15:01:17 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2010/08/01 15:00:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2010/08/01 15:00:57 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2010/08/01 14:59:16 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdxrwrd.ini
[2010/08/01 14:58:52 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDXinst.dll
[2010/08/01 14:58:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdxgrd.dll
[2010/07/01 21:49:15 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/05/25 12:16:00 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/04/18 20:20:07 | 000,000,173 | ---- | C] () -- C:\WINDOWS\dvdtompegconverter.ini
[2010/04/18 20:15:08 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SysDVDtoMPeg.dat
[2010/03/10 19:24:04 | 000,000,222 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\PrimoPDFSet.xml
[2010/03/05 20:02:09 | 000,011,024 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2009/08/11 11:51:09 | 000,006,479 | ---- | C] () -- C:\Documents and Settings\Jason\Application Data\PrimoPDFSet.xml
[2009/08/11 11:31:08 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/04/27 00:13:36 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/02/07 15:50:03 | 000,000,616 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2008/01/30 16:50:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/08/09 13:08:04 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/01/09 19:55:11 | 000,000,065 | ---- | C] () -- C:\Documents and Settings\Jason\Application Data\Printer.ini
[2007/01/09 19:48:48 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Jason\Application Data\ezpinst.exe
[2007/01/09 19:48:48 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Jason\Application Data\pcouffin.cat
[2007/01/09 19:48:48 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jason\Application Data\pcouffin.inf
[2007/01/09 18:58:46 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/01/09 18:58:46 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\tomsmocomp_ff.dll
[2007/01/09 18:58:46 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/01/09 18:58:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2007/01/09 18:58:45 | 001,953,792 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/01/09 18:58:45 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/01/09 18:58:45 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2007/01/09 18:58:45 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/01/09 18:58:45 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\ff_kerneldeint.dll
[2007/01/09 18:58:45 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/01/09 18:58:45 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/01/09 18:58:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/01/09 18:58:45 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/01/09 18:58:45 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/01/09 18:58:45 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/01/09 18:58:45 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/01/09 18:58:45 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/01/09 18:58:45 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/01/09 18:58:45 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2007/01/09 18:58:45 | 000,084,992 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007/01/09 18:58:45 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2007/01/09 18:58:45 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2007/01/09 18:58:45 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll
[2007/01/09 18:58:45 | 000,049,664 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/01/09 18:58:45 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2007/01/09 18:58:45 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2007/01/09 18:58:44 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\ffavisynth.dll
[2006/05/20 15:22:11 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/02/03 23:35:00 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2006/02/03 23:33:56 | 000,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/01/08 17:27:10 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2005/10/12 20:36:19 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2005/10/04 21:21:48 | 000,000,060 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/09/16 16:29:15 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/09/02 18:50:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/09/01 22:11:37 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/09/01 21:51:24 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/06/20 14:08:12 | 000,032,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\STK018W1.sys
[2005/02/26 17:11:34 | 000,000,022 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/10/08 22:27:40 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/10/08 21:52:32 | 000,002,181 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat
[2004/10/08 21:46:11 | 003,494,576 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2004/10/08 21:46:11 | 000,015,341 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2004/09/12 11:25:46 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2004/09/12 11:22:19 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys
[2004/09/12 11:22:19 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys
[2004/09/10 22:24:23 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIDBD32.dll
[2004/09/10 22:23:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\ntiembed.dll
[2004/09/10 22:23:32 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2004/09/10 22:21:57 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2004/09/05 07:49:51 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/08/30 21:29:55 | 000,000,139 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2004/08/30 21:28:25 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/30 19:29:47 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/08/30 19:29:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2004/08/30 19:22:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/08/30 19:19:39 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS56.DLL
[2004/08/30 19:01:32 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/08/29 00:11:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/29 00:08:17 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2004/08/28 23:56:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\instdll.dll
[2004/08/28 23:55:25 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/08/28 23:49:06 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\WinSys.exe
[2004/08/28 23:49:06 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\memtest.dll
[2004/08/28 23:49:06 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\msiuins.exe
[2004/08/28 23:49:06 | 000,036,076 | R--- | C] () -- C:\WINDOWS\System32\drivers\msicpl.sys
[2004/08/28 23:49:05 | 000,036,076 | R--- | C] () -- C:\WINDOWS\System32\drivers\vgauti.sys
[2004/08/28 23:47:53 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\TrueSoft.dat
[2004/08/28 23:47:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\PTPTT.dat
[2004/08/28 23:47:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\PTHSP.dat
[2004/08/28 23:46:54 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\pctspk.exe
[2004/08/28 23:41:38 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2004/08/28 23:39:42 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/08/28 23:36:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/28 23:31:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/28 19:24:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/28 19:23:51 | 000,161,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/01/30 09:37:50 | 000,000,092 | R--- | C] () -- C:\WINDOWS\System32\FTDIUN2K.INI
[2003/05/31 20:43:38 | 000,005,632 | ---- | C] () -- C:\WINDOWS\TrueProcess.exe
[2003/03/27 15:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2002/12/18 22:48:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\cresvfw.dll
[2002/11/27 17:57:52 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\BPowMon.exe
[2002/11/18 14:29:28 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\nvimage.dll
[2002/11/18 14:29:28 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\nvstreg.exe
[2002/11/18 14:29:28 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\stereoi.dll
[2002/11/05 16:56:48 | 000,099,672 | ---- | C] () -- C:\WINDOWS\dibapi32.dll
[2002/11/05 16:56:48 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\preview.dll
[2002/11/05 16:56:48 | 000,012,692 | ---- | C] () -- C:\WINDOWS\System32\drivers\cresscan.sys
[2002/11/05 16:56:46 | 000,191,976 | ---- | C] () -- C:\WINDOWS\cres1100.exe
[2002/09/02 10:15:10 | 000,038,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2002/04/11 14:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/03/14 13:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/12/03 16:50:58 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\LTTLS13N.DLL
[2001/12/03 16:50:20 | 000,708,608 | R--- | C] () -- C:\WINDOWS\System32\LTCRY13N.DLL
[2001/10/24 16:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,493,054 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,083,598 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2000/11/10 15:57:04 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat
[2000/07/07 06:49:30 | 000,069,120 | R--- | C] () -- C:\WINDOWS\System32\LTDLL.DLL
[2000/04/12 16:28:12 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/04/12 16:24:10 | 000,338,944 | R--- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
========== LOP Check ==========
[2004/08/30 21:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\broderbund
[2006/12/16 15:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/09/23 10:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2011/04/29 13:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/05/02 12:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/05/05 20:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2007/01/09 20:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smilebox
[2007/01/09 19:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/05/09 19:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/25 12:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Aim
[2008/04/12 11:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Artweaver
[2004/08/30 21:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Broderbund
[2010/03/05 20:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\dBpoweramp
[2005/04/11 20:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\DeductionPro 2004-05
[2011/04/03 15:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\FLV Extract
[2010/08/01 16:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Lexmark Productivity Studio
[2009/10/26 20:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Mp3tag
[2006/01/08 17:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\MyFamily.com
[2007/01/09 20:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Netscape
[2007/01/09 20:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Photodex
[2011/04/14 22:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\RipIt4Me
[2009/08/22 22:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\rockbox.org
[2007/01/09 18:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Smilebox
[2008/01/13 19:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Snapfish
[2007/01/09 18:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Ulead Systems
[2008/06/01 11:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Viewpoint
[2010/06/22 11:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Vso
[2010/04/26 14:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\WinFF
[2009/12/13 11:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2006/10/22 13:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steph\Application Data\MyFamily.com
========== Purity Check ==========
< End of report >
I see a lot of entries for Computer Associates, have you looked in Add Remove to see if you can uninstall it, removing the entries with OTL would be removing a lot of driver files and that can cause some problems if there needed by another program
jhornbr225
2011-05-02, 20:30
I've attached screen shots of the Add remove program listing.
jhornbr225
2011-05-02, 20:34
Other things that make me believe I should start over:
I have an old camera driver Agfa that won't uninstall.
Quicktime has some sort of error, I can't use it, I can't repair, I can't uninstall, I can't update.
I uninstalled everything McAfee and Yahoo I can find, but they obviously didn't clean up too well. DDS still shows AV and Firewall to be installed.
Starting over may be a good thing, it will bring windows back nice and clean. It tends to build up over the years.
You can remove Viewpoint from Add Remove along with the Java updates, all except version 23
If you decide to reinstall let me know and I will link you to a good windows forum that can guide you , do you have your windows CD ?
jhornbr225
2011-05-02, 21:17
Yes, I have my windows CD. I bought this computer assembled with no operating system back in 02-03. So I have installed everything. After the year warranty was up, I opened the case and installed more memory and a DVD writer, by then the price of memory had come down. Not that I mind doing it, it'll just take time. But a squeaky clean install is always so nice...and fast. That would definitely get rid of all this garbage that got installed over the years. I could also then get rid of this constricting partition, and have one 80GB hard drive for the OS. I can also pull the firewire card out of this PC and put it in the newer PC. I won't be editing video on this box anymore. I know firewire is almost out, but I have a Panasonic camcorder that has firewire. All the video editing software won't get re-installed. There are also games on here that worked OK, but work much better on the new PC. Lego Star Wars needed some kind of graphics capability (Pixel shader perhaps) that this motherboard didn't have, so I had to install an emulator. It actually worked OK, but I don't need to emulate on the new PC and the game flys on that machine. I can also then reinstall a clean version of McAfee from my ISP.
I suppose I'm really just trying to talk myself into taking the plunge...
Hey,
I was a system builder myself a while back. But then got hooked on malware removal. I have built about 6 systems from the ground up , starting with two when Win 98 was popular, hung out on many tech forums looking for tips and tricks. My company that had over a hundred win 98 systems about 8 years ago upgraded to Win XP, they gave me about 20 of the systems and I took them and rebuilt them to 10 good systems, gave most away to charity and a couple for my kids . Actually I just retired my Win XP Home computer a few months ago, it was built about 8 years ago and although its still chugging along its a bit outdated.
The people I knew back in the days of win 95 and win 98 would just format and reinstall windows every year just to keep it running smoothly.
Some links for you
This is where I cut my teeth
http://forums.hardwareguys.com/
I would buy memory from these people only
http://www.crucial.com/
I only used Intel Motherboards and CPU, the AMD at that time seemed to run hotter, may have changed, dont know. I found it easier just to order a new laptop from Dell :)
Anyway, your call on what you want to do, if you need me to link you to a good windows forum let me know
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.