XP Pro x64 Edition Ver 2003 SP2

J

joselepiu

New member
Hello, its been a while since the last time I had to come here for help, but now I have a problem again. I read the "before you post" post and I tried to run the erunt program but I got a message that it says that my system is not supported. Well let me continue by telling you the problem that im having. Since about a week ago my comp started taking longer to boot up it usually booted up in about a minute or minute and 1/2, now it takes up to 3 to 4 minutes. Also every time I connect to the internet it takes up to 3 minutes before the browser opens. I use firefox 3.6.7. I want to upgrade to the newest but first I want to fix the problem(s) I have. Any help would be really appreciated. Thanks again.
 
:snwelcome:


Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.


Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.com
  • DDS.scr
  • DDS.pif
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control Here
 
Thanks for answering my post. I made a mistake in my original post, I posted the program that a received a from is the DDS. It says that my system is not supported, and as you can see in the title I have XP Pro x64 Edition Ver 2003 SP2 o my computer. Thanks again and sorry for the misunderstanding.
 
Lets see if any of these will run, havent seen XP Pro 64bit in awhile so I will have to look into it


Please download Malwarebytes from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    MBAMCapture.jpg
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please





OTL by OldTimer
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
 
Malwarebytes scan log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6357

Windows 5.2.3790 Service Pack 2
Internet Explorer 6.0.3790.3959

4/13/2011 9:31:38 PM
mbam-log-2011-04-13 (21-31-38).txt

Scan type: Quick scan
Objects scanned: 191429
Time elapsed: 4 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\Homepage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
OTL logfile

OTL logfile created on: 4/13/2011 9:50:16 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Robert\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 6.0.3790.3959)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.75 Gb Total Space | 295.46 Gb Free Space | 63.44% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 330.39 Gb Free Space | 70.93% Space Free | Partition Type: NTFS

Computer Name: FAM-PUTTER | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Robert\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Mozilla Firefox 3 6 7\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 1 6 2 15 65 mb\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Robert\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_8D2E3180\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\comres.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\nview.dll ()
MOD - C:\WINDOWS\SysWOW64\nvwimg.dll ()
MOD - C:\WINDOWS\SysWOW64\nvwddi.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\SysWOW64\wbem\framedyn.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\Toolbar\ToolbarBroker.exe ()
SRV - (avg9emc) -- C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (sprtlisten) -- C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe (SupportSoft, Inc.)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (lxcy_device) -- C:\WINDOWS\SysWow64\lxcycoms.exe ( )
SRV - (helpsvc) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (APC UPS Service) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)


========== Driver Services (SafeList) ==========

DRV - (BIOS) -- C:\WINDOWS\SysWOW64\Drivers\BIOS64.sys (BIOSTAR Group)
DRV - (mnmdd) -- C:\WINDOWS\SysWow64\mnmdd.dll (Microsoft Corporation)
DRV - (zntport) -- C:\WINDOWS\System32\drivers\zntport.sys (Zeal SoftStudio)
DRV - (PxHelp64) -- C:\WINDOWS\system32\DRIVERS\PxHelp64.sys (Sonic Solutions)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2820187517-4051032034-1020665380-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://my.screenname.aol.com/_cqr/...nName&offerId=mail-second-en-us&seamless=novl
IE - HKU\S-1-5-21-2820187517-4051032034-1020665380-1002\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2820187517-4051032034-1020665380-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2820187517-4051032034-1020665380-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com&lang=en&locale=us&authLev=0&siteState=ver%3a4%7crt%3aSTANDARD%7cac%3aWS%7cat%3aSNS%7cld%3awebmail.aol.com%7cuv%3aAOL%7clc%3aen-us%7cmt%3aAOL%7csnt%3aScreenName&offerId=mail-second-en-us&seamless=novl"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: cliptatoolbar@clipta.com:1.4.5
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.367
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0
FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=62781&p="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\Firefox [2010/11/24 09:08:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\Toolbar\Firefox\avg@igeared [2011/03/24 22:05:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 3 6 7\components [2010/09/02 13:11:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 3 6 7\plugins [2010/10/11 14:57:16 | 000,000,000 | ---D | M]

[2010/08/30 15:26:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Extensions
[2011/04/12 17:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\0dhcf81x.default\extensions
[2010/09/01 16:31:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\0dhcf81x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/24 22:03:09 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\0dhcf81x.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/03/25 16:09:27 | 000,000,000 | ---D | M] (Gamers Unite! Snag Bar) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\0dhcf81x.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}
[2010/11/25 02:47:52 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\0dhcf81x.default\extensions\battlefieldheroespatcher@ea.com
[2010/09/02 12:49:32 | 000,000,000 | ---D | M] ("Clipta.com Toolbar") -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\0dhcf81x.default\extensions\cliptatoolbar@clipta.com
[2010/11/24 09:08:24 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG ANTI-VIRUS FREE EDITION 9 0 851\FIREFOX
[2011/03/24 22:05:40 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.103.018.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES (X86)\AVG ANTI-VIRUS FREE EDITION 9 0 851\TOOLBAR\FIREFOX\AVG@IGEARED
[2010/10/11 14:56:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES (X86)\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/10/11 14:57:19 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 3 6 7\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

Hosts file not found
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 1 6 2 15 65 mb\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\Toolbar\IEToolbar.dll ()
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\Toolbar\IEToolbar.dll ()
O3:64bit: - HKU\S-1-5-21-2820187517-4051032034-1020665380-1002\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - File not found
O3:64bit: - HKU\S-1-5-21-2820187517-4051032034-1020665380-1002\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - File not found
O3:64bit: - HKU\S-1-5-21-2820187517-4051032034-1020665380-1002\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - File not found
O3:64bit: - HKU\S-1-5-21-2820187517-4051032034-1020665380-1002\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - File not found
O3 - HKU\S-1-5-21-2820187517-4051032034-1020665380-1002\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-2820187517-4051032034-1020665380-1002\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] File not found
O4:64bit: - HKLM..\Run: [NvMediaCenter] File not found
O4:64bit: - HKLM..\Run: [nwiz] File not found
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-2820187517-4051032034-1020665380-1002..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy 1 6 2 15 65 mb\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 [2010/09/16 07:26:46 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 [2010/09/16 07:26:46 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 [2010/09/16 07:26:46 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2010/09/16 07:26:46 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2010/09/16 07:26:46 | 000,000,000 | ---D | M]
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2820187517-4051032034-1020665380-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2820187517-4051032034-1020665380-1002\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2820187517-4051032034-1020665380-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 1 6 2 15 65 mb\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1260315332015 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - File not found
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20:64bit: - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Soap Bubbles.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Soap Bubbles.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/20 22:48:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f5879bfd-6a6e-11df-8a07-00e04d1c5274}\Shell - "" = AutoRun
O33 - MountPoints2\{f5879bfd-6a6e-11df-8a07-00e04d1c5274}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f5879bfd-6a6e-11df-8a07-00e04d1c5274}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/13 21:48:17 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2011/04/13 21:17:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[2011/04/13 21:17:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware setup ver 1 50 1 1100
[2011/04/13 21:17:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware setup ver 1 50 1 1100
[2011/04/13 18:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Beneton Movie GIF
[2011/04/13 18:42:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Beneton Movie GIF
[2011/04/13 18:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDFab HD Decrypter 6 2 1 8
[2011/04/13 18:42:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDFab HD Decrypter 7 0 2 5 Beta
[2011/04/13 18:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab HD Decrypter 6 2 1 8
[2011/04/13 18:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/04/13 18:41:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab HD Decrypter 7 0 2 5 Beta
[2011/04/13 18:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Start Menu\Programs\Google Chrome
[2011/04/13 18:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/04/13 18:41:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/04/13 18:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/13 18:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/13 18:40:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Robert\Recent
[2011/04/13 18:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/04/13 17:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes(2)
[2011/04/07 09:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Desktop\4-7-2011
[2011/04/05 14:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/04/05 14:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Local Settings\Application Data\PMB Files
[2011/04/05 14:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/03/26 00:55:30 | 012,580,112 | ---- | C] (Mozilla) -- C:\Documents and Settings\Robert\Desktop\Mozilla Firefox v4.0 setup.exe
[2011/03/17 14:48:48 | 000,000,000 | -HSD | C] -- C:\found.000
[2009/11/14 14:29:33 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxcypmui.dll
[2009/11/14 14:29:33 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxcyinpa.dll
[2009/11/14 14:29:33 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxcyiesc.dll
[2009/11/14 14:29:32 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxcyusb1.dll
[2009/11/14 14:29:31 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxcyserv.dll
[2009/11/14 14:29:31 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxcylmpm.dll
[2009/11/14 14:29:31 | 000,180,912 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxcyppls.exe
[2009/11/14 14:29:31 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxcyprox.dll
[2009/11/14 14:29:31 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxcypplc.dll
[2009/11/14 14:29:30 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxcyhbn3.dll
[2009/11/14 14:29:30 | 000,537,264 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxcycoms.exe
[2009/11/14 14:29:30 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxcycomm.dll
[2009/11/14 14:29:30 | 000,385,712 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxcyih.exe
[2009/11/14 14:29:29 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxcycomc.dll
[2009/11/14 14:29:29 | 000,381,616 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxcycfg.exe
[2009/04/28 15:29:30 | 000,082,816 | ---- | C] (VSO Software) -- C:\Documents and Settings\Robert\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/04/13 21:48:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2011/04/13 21:41:02 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/13 21:38:33 | 2078,846,976 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/13 21:17:58 | 000,000,991 | ---- | M] () -- C:\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/04/13 21:17:58 | 000,000,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 21:17:01 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/07 09:45:58 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2011/04/07 09:41:27 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\dds.scr
[2011/03/30 00:24:34 | 000,122,368 | ---- | M] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/27 23:10:29 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2011/03/26 00:56:17 | 012,580,112 | ---- | M] (Mozilla) -- C:\Documents and Settings\Robert\Desktop\Mozilla Firefox v4.0 setup.exe
[2011/03/17 10:37:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

========== Files Created - No Company Name ==========

[2011/04/13 21:17:58 | 000,000,973 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 20:58:23 | 2078,846,976 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/13 18:28:48 | 000,000,991 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/04/07 09:45:58 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2011/04/07 09:41:30 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\dds.scr
[2010/07/20 11:40:49 | 000,000,298 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/12/29 00:57:41 | 000,000,838 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/12/29 00:57:41 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/12/29 00:57:29 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/12/29 00:57:29 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/12/29 00:54:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/12/29 00:49:59 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/11/14 14:29:34 | 000,385,024 | ---- | C] () -- C:\WINDOWS\SysWow64\lxcycomx.dll
[2009/11/14 14:29:34 | 000,274,432 | ---- | C] () -- C:\WINDOWS\SysWow64\lxcyinst.dll
[2009/08/11 01:12:10 | 000,065,536 | ---- | C] () -- C:\WINDOWS\SysWow64\dmcrypto.dll
[2009/08/11 01:10:55 | 000,163,840 | ---- | C] () -- C:\WINDOWS\SysWow64\hcwChDB.dll
[2009/08/11 01:07:53 | 000,003,720 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2009/08/11 01:05:12 | 000,202,240 | ---- | C] () -- C:\WINDOWS\SysWow64\PsisDecd.dll
[2009/06/22 01:11:46 | 000,597,716 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2009/05/23 17:27:47 | 000,027,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AVSredirect.dll
[2009/05/21 15:54:55 | 000,577,536 | ---- | C] () -- C:\WINDOWS\SysWow64\rtl4.dat
[2009/04/30 11:54:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/28 15:29:30 | 000,099,384 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\inst.exe
[2009/04/28 15:29:30 | 000,007,859 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\pcouffin.cat
[2009/04/28 15:29:30 | 000,001,167 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\pcouffin.inf
[2009/04/22 00:46:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/22 00:29:00 | 000,122,368 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/20 23:17:28 | 000,032,135 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/04/20 23:06:23 | 000,000,483 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/20 23:00:27 | 000,000,529 | ---- | C] () -- C:\WINDOWS\CDFACE32.INI
[2009/04/20 23:00:26 | 000,118,784 | ---- | C] () -- C:\WINDOWS\SysWow64\LFKODAK.DLL
[2009/04/20 22:52:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/20 22:39:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\SysWow64\ChCfg.exe
[2009/04/20 22:39:12 | 000,143,360 | ---- | C] () -- C:\WINDOWS\SysWow64\RtlCPAPI.dll
[2009/04/20 22:39:11 | 000,037,376 | ---- | C] () -- C:\WINDOWS\CPLUtl64.exe
[2009/04/20 22:36:37 | 000,046,080 | R--- | C] () -- C:\WINDOWS\SysWow64\itevio.dll
[2006/12/31 19:58:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/03/31 20:54:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\SysWow64\nview.dll
[2006/03/31 20:54:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\SysWow64\nvwimg.dll
[2006/03/31 20:54:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\SysWow64\nvapi.dll
[2006/03/29 06:00:00 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2006/03/29 06:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2006/03/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2006/03/29 06:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2006/03/29 06:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2006/03/29 06:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2006/03/29 06:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2006/03/29 06:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2006/03/29 06:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2006/03/29 06:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2006/03/29 06:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2006/03/29 06:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2006/03/29 06:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2006/03/29 06:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2006/03/29 06:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2006/03/29 06:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2006/03/29 06:00:00 | 000,055,808 | ---- | C] () -- C:\WINDOWS\SysWow64\dvdplay.exe
[2006/03/29 06:00:00 | 000,046,907 | ---- | C] () -- C:\WINDOWS\mib.bin
[2006/03/29 06:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2006/03/29 06:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2006/03/29 06:00:00 | 000,012,498 | ---- | C] () -- C:\WINDOWS\SysWow64\append.exe
[2006/03/29 06:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2006/03/29 06:00:00 | 000,001,129 | ---- | C] () -- C:\WINDOWS\SysWow64\vwipxspx.exe
[2003/09/30 20:52:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\px.ini
[2001/01/24 00:31:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\SysWow64\prntfix.exe
[2000/04/14 16:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\SysWow64\Lffpx7.dll

========== LOP Check ==========

[2010/09/04 13:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/09/01 15:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/14 09:46:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/04/24 14:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2011/04/05 14:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/12/30 21:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Qwest
[2009/12/29 00:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/01/27 22:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/29 19:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2009/06/22 13:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lety\Application Data\Windows Desktop Search
[2009/06/22 13:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lety\Application Data\Windows Search
[2010/09/02 07:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\AVG9
[2009/06/17 07:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DVDFab
[2009/05/17 13:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\GetRightToGo
[2009/06/04 17:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\IObit
[2010/01/06 17:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\PC-FAX TX
[2011/04/13 17:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Vso
[2011/04/13 21:33:31 | 000,032,568 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
[2011/03/27 23:10:29 | 000,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
 
OTL Extras logfile

OTL Extras logfile created on: 4/13/2011 9:50:16 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Robert\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 6.0.3790.3959)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.75 Gb Total Space | 295.46 Gb Free Space | 63.44% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 330.39 Gb Free Space | 70.93% Space Free | Partition Type: NTFS

Computer Name: FAM-PUTTER | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
.vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %*

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2820187517-4051032034-1020665380-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 3 6 7\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 File not found
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" File not found
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 File not found
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 File not found
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 File not found
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 File not found
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" File not found
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp 5 52\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp 5 52\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp 5 52\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp 5 52\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp 5 52\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp 5 52\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1 -- [2010/09/16 07:26:46 | 000,000,000 | ---D | M]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1 -- [2010/09/16 07:26:46 | 000,000,000 | ---D | M]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"57806:TCP" = 57806:TCP:*:Enabled:Pando Media Booster
"57806:UDP" = 57806:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1 -- [2010/09/16 07:26:46 | 000,000,000 | ---D | M]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Disabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Disabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Disabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Disabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Disabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Disabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Disabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Disabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Disabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Disabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Disabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Disabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Disabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Disabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Disabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Disabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Disabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Disabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Disabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Disabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Disabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Disabled:TCP Port 5020
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"57806:TCP" = 57806:TCP:*:Enabled:Pando Media Booster
"57806:UDP" = 57806:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" = C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" = C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\BitComet v1 10 5 42 mb\BitComet.exe" = C:\Program Files (x86)\BitComet v1 10 5 42 mb\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 686\AVG9\avgemc.exe" = C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 686\AVG9\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 686\AVG9\avgupd.exe" = C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 686\AVG9\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 686\AVG9\avgnsa.exe" = C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 686\AVG9\avgnsa.exe:*:Enabled:avgnsa.exe
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\SysWOW64\lxcycoms.exe" = C:\WINDOWS\SysWOW64\lxcycoms.exe:*:Disabled:3400 Series Server -- ( )
"C:\WINDOWS\system32\lxcycoms.exe" = C:\WINDOWS\system32\lxcycoms.exe:*:Disabled:Lexmark Communications System
"C:\Program Files (x86)\StationRipper 2 93\StationRipperConsole.exe" = C:\Program Files (x86)\StationRipper 2 93\StationRipperConsole.exe:*:Disabled:StationRipperConsole -- ()
"C:\Program Files (x86)\Winamp 5 56\winamp.exe" = C:\Program Files (x86)\Winamp 5 56\winamp.exe:*:Enabled:Winamp
"C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\avgemc.exe" = C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\avgupd.exe" = C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\avgnsa.exe" = C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\avgnsa.exe:*:Enabled:avgnsa.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files (x86)\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" = C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\BitComet v1 10 5 42 mb\BitComet.exe" = C:\Program Files (x86)\BitComet v1 10 5 42 mb\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 686\AVG9\avgemc.exe" = C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 686\AVG9\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 686\AVG9\avgupd.exe" = C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 686\AVG9\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 686\AVG9\avgnsa.exe" = C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 686\AVG9\avgnsa.exe:*:Enabled:avgnsa.exe
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\SysWOW64\lxcycoms.exe" = C:\WINDOWS\SysWOW64\lxcycoms.exe:*:Disabled:3400 Series Server -- ( )
"C:\WINDOWS\system32\lxcycoms.exe" = C:\WINDOWS\system32\lxcycoms.exe:*:Disabled:Lexmark Communications System -- ( )
"C:\Program Files (x86)\StationRipper 2 93\StationRipperConsole.exe" = C:\Program Files (x86)\StationRipper 2 93\StationRipperConsole.exe:*:Disabled:StationRipperConsole -- ()
"C:\Program Files (x86)\Winamp 5 56\winamp.exe" = C:\Program Files (x86)\Winamp 5 56\winamp.exe:*:Enabled:Winamp
"C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\avgemc.exe" = C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\avgupd.exe" = C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\avgnsa.exe" = C:\Program Files (x86)\AVG Anti-Virus Free Edition 9 0 851\avgnsa.exe:*:Enabled:avgnsa.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files (x86)\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" = C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0+ (r404)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"9E140F48C9836B9B78539C08FB2B17146BDB3F65" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
"Lexmark 3400 Series" = Lexmark 3400 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64
"NVIDIA Drivers" = NVIDIA Drivers
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows x64 Service Pack" = Windows XP Service Pack 2
"WMFDist11-64" = Windows Media Format 11 runtime
"wmp11-64" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{05AB8EF0-F783-11DF-83AC-001279CD8240}" = Google Earth Plug-in
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{242FBF70-03A3-4317-931F-FA7798F39A13}" = Winflash64
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite MFC-250C
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{417E7710-C77B-4CB9-839A-D586A12C64E2}" = Smart Guardian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}" = HP Precisionscan Pro 3.1
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6CB33A-AA86-446C-8C4D-304A7FA51033}" = Nero 8 Essentials
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7646-A70000000000}" = Adobe Reader 7.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C96FF998-45BD-411E-9253-B7F2660FE280}" = Qwest Installer
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio Brother Edition
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"1-Click YouTube Downloader_is1" = 1-Click YouTube Downloader 3.2
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG9Uninstall" = AVG Free 9.0
"Belarc Advisor 2.0" = Belarc Advisor 7.2
"Beneton Movie GIF_is1" = Beneton Movie GIF 1.1.2
"BitComet" = BitComet 1.10
"Catz" = Catz (remove only)
"CCleaner" = CCleaner (remove only)
"Diagram Designer" = Diagram Designer
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"DVDFab 7_is1" = DVDFab 7.0.2.5 Beta (20/03/2010)
"DVDFab 8_is1" = DVDFab 8.0.7.3 (29/01/2011)
"ERUNT_is1" = ERUNT 1.1j
"FastStone Photo Resizer" = FastStone Photo Resizer 2.8
"Fellowes/NEATO MediaFACE" = Fellowes/NEATO MediaFACE
"FrRefEng" = French Spelling Settings
"GOM Player" = GOM Player
"Hauppauge English Help Files and Resources" = Hauppauge English Help Files and Resources
"Hauppauge Signal Monitor Utility" = Hauppauge Signal Monitor Utility
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV Soft PVR" = Hauppauge WinTV Soft PVR
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"Smart Defrag_is1" = Smart Defrag 1.10
"SpywareBlaster_is1" = SpywareBlaster 4.0
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2820187517-4051032034-1020665380-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"StationRipper" = StationRipper 2.93

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/2/2011 9:01:55 PM | Computer Name = FAM-PUTTER | Source = ESENT | ID = 490
Description = Catalog Database (724) Catalog Database: An attempt to open the file
"C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for
read / write access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 4/2/2011 9:01:55 PM | Computer Name = FAM-PUTTER | Source = ESENT | ID = 439
Description = Catalog Database (724) Catalog Database: Unable to write a shadowed
header for file C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.
Error -1032.

Error - 4/2/2011 9:01:55 PM | Computer Name = FAM-PUTTER | Source = ESENT | ID = 470
Description = Catalog Database (724) Catalog Database: Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
is partially attached. Attachment stage: 1. Error: -1032.

Error - 4/4/2011 2:03:53 PM | Computer Name = FAM-PUTTER | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.2.3790.3959, hang module
hungapp, version 0.0.0.0, hang address 0x0000000000000000.

Error - 4/5/2011 3:51:47 PM | Computer Name = FAM-PUTTER | Source = Application Hang | ID = 1002
Description = Hanging application HijackThis.exe, version 2.0.0.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/5/2011 3:54:54 PM | Computer Name = FAM-PUTTER | Source = VSS | ID = 8211
Description =

Error - 4/5/2011 4:04:59 PM | Computer Name = FAM-PUTTER | Source = VSS | ID = 8211
Description =

Error - 4/12/2011 8:10:00 PM | Computer Name = FAM-PUTTER | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Error - 4/13/2011 7:31:09 PM | Computer Name = FAM-PUTTER | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.3790.1830, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/13/2011 8:35:37 PM | Computer Name = FAM-PUTTER | Source = VSS | ID = 8211
Description =

[ System Events ]
Error - 4/5/2011 4:06:26 PM | Computer Name = FAM-PUTTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error - 4/5/2011 4:12:39 PM | Computer Name = FAM-PUTTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/5/2011 4:13:47 PM | Computer Name = FAM-PUTTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 4/6/2011 9:16:12 PM | Computer Name = FAM-PUTTER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 4/13/2011 8:36:27 PM | Computer Name = FAM-PUTTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/13/2011 8:36:53 PM | Computer Name = FAM-PUTTER | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the AFD service which failed to
start because of the following error: %%31

Error - 4/13/2011 8:36:53 PM | Computer Name = FAM-PUTTER | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 4/13/2011 8:36:53 PM | Computer Name = FAM-PUTTER | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 4/13/2011 8:36:53 PM | Computer Name = FAM-PUTTER | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 4/13/2011 8:36:53 PM | Computer Name = FAM-PUTTER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK8 AvgLdx64 AvgMfx64 AvgTdiA BIOS Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip


< End of report >
 
Hi,

Your IE Browser is very outdated and insecure, you should upgrade to version 8.

64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Is this a company computer ?
 
Hello, I have not up date the IE because I only use it to up date windows. But if I need to I will. And no, is not a company computer, is the family computer. Thanks again.
 
See if you can run this Rootkit scanner


Scan With RootKitUnHooker

  • Please choose one link and download Rootkit Unhooker and save it to your desktop.
    Link 1
    Link 2
    Link 3
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers and Stealth
  • Uncheck the rest. then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished and then click File > Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in your next reply.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
 
Hi, I downloaded the file, but I could not run it. I received a pop up that says: Error loading driver, NTSTATUS CODE: 0Xc00036B. I tried all three links with the same results.
Sorry to ask, but is there any way to do this a little faster?... I think this is taking a bit to long with 1 message a day. Perhaps a way to sync our been online? Please let me know. Thanks.
 
Hi,

I guess a lot of our tools wont run correctly on your operating system, what I would do is upgrade it to either XP Home, Vista. Your system may be to old to upgrade to Win 7, may not have the firing power it needs.

As far as taking to long, this forum is all run by volunteers, we do this in our spare time for no pay and no cost to you, we do this because we hate the bad guys and like helping people like your self. We all have families and jobs that come first. I have always prided my self on quick replies but the last few days I have been really hung up at work with very limited internet access. The only thing I can suggest is if you want it fixed pronto than take it to a shop.

If you want to proceed see if you can run this free online virus scanner

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the
    esetOnline.png
    button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on
      esetSmartInstall.png
      to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the
      esetSmartInstallDesktopIcon.png
      icon on your desktop.
  4. Check
    esetAcceptTerms.png
  5. Click the
    esetStart.png
    button.
  6. Accept any security warnings from your browser.
  7. Check
    esetScanArchives.png
  8. Make sure that the option "Remove found threats" is Unchecked
  9. Push the Start button.
  10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  11. When the scan completes, push
    esetListThreats.png
  12. Push
    esetExport.png
    , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  13. Push the
    esetBack.png
    button.
  14. Push
    esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
 
C:\Documents and Settings\user1R\Desktop\converters\Free FLV Converter 6 7 4 6 05MB.exe Win32/Adware.Toolbar.Dealio application
C:\Documents and Settings\user1R\Desktop\converters\Free Videos To DVD 2 1 7 18MB.exe Win32/Adware.Toolbar.Dealio application
C:\Documents and Settings\user1R\Desktop\converters\Koyote Free Video Converter 2 3 3 99MB.exe Win32/Adware.Toolbar.Dealio application
C:\Documents and Settings\user1R\Desktop\music programs\River Past Wave@MP3 3 6 4 3 56 mb\waveatmp3_setup.exe probably a variant of Win32/Spy.Banker.MENCWKJ trojan
C:\Documents and Settings\user1R\Desktop\Robert\Tools\Set Up Files\2 Install\dvd encode\Koyote Free Video Converter 2 0 3 86 mb\Koyote Free Video Converter 2 0 3 86 mb.exe Win32/Adware.Toolbar.Dealio application
C:\Documents and Settings\user1R\Desktop\Robert\Tools\Set Up Files\2 Install\YouTube Clip Extractor 2 0 4 05 mb\setupbasic.exe a variant of Win32/Adware.ADON application
C:\Documents and Settings\user1R\Desktop\Robert\Tools from hp\set-up files\installed\SDfix\SDFix.exe Win32/PrcView application
C:\System Volume Information\_restore{7484F3E5-BA00-429C-BC81-A1D3A05381DC}\RP189\A0028501.exe multiple threats
C:\tosh\done\Tools\Set-up Files\installed\Beneton Movie GIF 1 1 2\Beneton Movie GIF 1 1 2.exe.exe multiple threats
 
You want to look over what ESET found and remove those entries.

You also had a nasty entry in your System Restore

System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.

Please follow the steps below to create a clean restore point:
  1. Click Start > Run > copy and paste the following into the run box:
    %SystemRoot%\System32\restore\rstrui.exe
  2. Press OK. Choose Create a Restore Point then click Next.
  3. Name it (something you'll remember) and click Create.
  4. When the confirmation screen shows the restore point has been created click Close.

Then remove all previous Restore Points
  1. Click Start > Run > copy and paste the following into the run box:
    cleanmgr
  2. Choose to scan drive C:\ (if C:\ is your main drive).
  3. At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
  4. Click on the Yes button.
  5. When finished, click on Cancel button to exit.





Download CKScanner by askey127 from Here & save it to your Desktop.
  • Doubleclick CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
 
CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\user1R\desktop\user1R\tools from hp\set-up files\installed\convertxtodvd\vso software convertxtodvd v2.2.3.258h \file_id.diz
c:\documents and settings\user1R\desktop\user1R\tools from hp\set-up files\installed\convertxtodvd\vso software convertxtodvd v2.2.3.258h \te.nfo
c:\documents and settings\user1R\desktop\user1R\tools from hp\set-up files\installed\convertxtodvd\vso software convertxtodvd v2.2.3.258h \convertxtodvd.exe
c:\documents and settings\user1R\desktop\user1R\tools from hp\set-up files\installed\convertxtodvd\vso software convertxtodvd v2.2.3.258h \registration.reg
scanner sequence 3.BB.11
----- EOF -----
 
Those files where downloaded illegally though one of the torrents and there infected, you need to delete them and then run CKScanner again and post the new log
 
Thanks for understanding , we do not support the use of illegal software. Almost 100% of illegal software is infected and the greater percentage of files downloaded from P2P ( File Sharing ) is infected also, you need to stay away from those, its easier to just purchase on CD or download directly from the manufacturer of the product you want to install, will save you tons of grief.

See if you can run this program

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
 
I had a family emergency, out of town & i just got back. I turn on my comp & it did not displayed all the user names, it only showed the ones with administrative properties. I can see the folders on the C drive but when I looked on the user accounts on control panel they are not there, & if I tried to create an account with one of the names I get a "An account named -123- already exist. Type a different name." message. Also almost half of the programs dont respond. Im using a laptop to post because I can not get the internet going on my desktop. I tried to use the combofix program but it said is not for my system.
 
You must log in or register to reply here.
Back
Top