Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Hijacked browser - request help

Mr Haiku

By Mr Haiku
in Spyware-Malware Removal Help!

Recommended Posts

Mr Haiku Newbie

Mr Haiku

Posted
Posted

Hello,

 

I believe my Firefox browser has been hijacked. Diverted pages, blocked pages, etc. I've spent the entire day looking for a fix (loaded malwarebytes, superspyware, and IObit Security.

I have been unsuccessful in finding the solution.

Any help you could give me would be most appreciated

Below is the report created from IObit Security 360. Thanks.

 

 

Logfile of IObit HijackScan v1.0.2.0

Scan saved at 17:54:7, on 2010-10-3

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\S24EvMon.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe

C:\Program Files\Panasonic\MEITBMAN\meitbman.exe

C:\WINDOWS\system32\ZCfgSvc.exe

C:\WINDOWS\SYSTEM32\WISPTIS.EXE

C:\WINDOWS\System32\tabbtnu.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Panasonic\Disprot\IDRot.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe

C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\WINDOWS\System32\RegSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svc8021x.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe

C:\Program Files\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Roxio 2010\5.0\CPMonitor.exe

C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Location Finder\LocationFinder.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\SUPERAntiSpyware\sas renamed to run.exe

C:\WINDOWS\system32\VxBlockServer.exe

C:\Program Files\Panasonic\DispRot\IDRot.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Panasonic\WLANSW\WLANSW.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\mgr8021x.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\WINDOWS\system32\dwwin.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\sas renamed to run.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Hotkey] C:\WINDOWS\System32\hkeyman.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Panasonic HotKey Manager] C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: []

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [CPMonitor] "C:\Program Files\Roxio 2010\5.0\CPMonitor.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Desktop Disc Tool] "C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe

O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_18 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}Java Plug-in 1.6.0_18 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_18 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus (avast! Antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner (avast! Mail Scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner (avast! Web Scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: CinemaNow Service (CinemaNow Service) - CinemaNow, Inc. - C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McciCMService (McciCMService) - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: RegSrvc (RegSrvc) - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe

O23 - Service: RoxMediaDB12 (RoxMediaDB12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe

O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

O23 - Service: WLAN Security Client (SVC8021X) - Meetinghouse Data Communications - C:\WINDOWS\System32\svc8021x.exe

O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

Link to comment
Share on other sites
markusg Newbie

markusg

Posted
Posted

We need to create an OTL Report

 

1. Please download OTL

http://oldtimer.geekstogo.com/OTL.exe

 

2. Save it to your desktop.

3. Double click on the icon on your desktop.

4. Click the "Scan All Users" checkbox.

5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.

6. Copy and Paste the following into the textbox.

 

 

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

winlogon.exe

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

 

7. Push "scan"

8. Two reports will open, copy and paste them in a reply here:

• OTListIt.txt <-- Will be opened

• Extra.txt <-- Will be minimized

attach to your next reply

Link to comment
Share on other sites
Mr Haiku Newbie

Mr Haiku

Posted
  • Author
Posted

remainder of OTL log...

 

========== LOP Check ==========

 

[2010/03/03 05:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon

[2010/05/19 23:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ChessRally 2

[2003/05/20 15:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust

[2010/10/03 17:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit

[2009/08/08 20:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\pokerth

[2009/12/14 21:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Simple Star

[2009/06/03 12:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland

[2010/02/19 15:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ChessRally 2

[2009/12/14 21:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CinemaNow

[2010/10/03 17:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit

[2009/12/14 21:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoShow Shared Assets

[2009/12/14 21:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall

[2003/05/20 15:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %ALLUSERSPROFILE%\Application Data\*. >

[2009/06/03 12:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland

[2010/02/19 15:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ChessRally 2

[2009/12/14 21:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CinemaNow

[2009/06/03 12:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel

[2010/09/13 12:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google

[2009/02/17 16:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GRETECH

[2009/06/03 12:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield

[2010/04/14 09:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit

[2010/10/03 17:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit

[2009/12/14 20:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision

[2010/10/03 11:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/02/17 16:00:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2010/04/17 13:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive

[2010/02/28 17:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6

[2009/12/14 21:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoShow Shared Assets

[2009/12/14 21:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio

[2010/10/03 12:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic

[2010/03/25 19:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/10/03 15:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2009/12/14 21:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall

[2010/05/07 00:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser

 

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

[2008/09/26 10:19:04 | 001,021,216 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\11\agent.exe

[2007/03/20 16:25:36 | 000,205,744 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\11\dwusplay.exe

[2008/09/26 10:19:06 | 000,279,840 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\11\ISDM.exe

[2008/09/26 10:19:04 | 000,079,136 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\11\issch.exe

[2008/09/26 10:19:04 | 000,210,208 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\11\ISUSPM.exe

[2009/07/22 09:14:26 | 004,890,096 | R--- | M] (Sonic Solutions) -- C:\Documents and Settings\All Users\Application Data\Uninstall\{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}\setup.exe

 

< %APPDATA%\*. >

[2009/12/16 11:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe

[2010/03/03 05:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon

[2010/05/19 23:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ChessRally 2

[2009/06/03 14:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Corel

[2009/12/14 21:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Google

[2009/02/17 16:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GRETECH

[2003/05/20 14:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities

[2003/05/20 15:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust

[2010/04/14 09:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Intuit

[2010/10/03 17:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit

[2009/12/16 11:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia

[2009/12/14 21:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macrovision

[2010/10/03 12:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2010/03/28 11:59:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft

[2010/09/13 12:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla

[2010/02/28 17:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSN6

[2009/08/08 20:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\pokerth

[2009/12/30 05:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Roxio

[2009/12/14 20:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Roxio Log Files

[2009/12/14 21:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Simple Star

[2010/03/25 19:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun

[2010/10/03 15:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com

[2010/05/13 20:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!

[2010/04/14 08:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ZoomBrowser EX

 

< %APPDATA%\*.exe /s >

[2004/05/11 14:34:28 | 000,643,072 | ---- | M] (Corel Corporation) -- C:\Documents and Settings\Administrator\Application Data\Corel\WordPerfect Office X3\User Config\InitLBar.exe

[2007/03/22 06:46:40 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\GRETECH\GomPlayer\GrLauncher.exe

[2009/02/17 16:09:48 | 000,022,798 | R--- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{9D18F7F8-B984-4249-8512-CC621BC59F12}\_18be6784.exe

[2009/02/17 16:09:48 | 000,022,798 | R--- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{9D18F7F8-B984-4249-8512-CC621BC59F12}\_294823.exe

[2009/12/14 20:54:14 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}\ARPPRODUCTICON.exe

[2009/06/03 12:40:53 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe

[2009/06/03 12:40:52 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe

[2010/02/04 22:16:22 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1r123v9v.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe

 

< %SYSTEMDRIVE%\*.exe >

 

 

< MD5 for: AGP440.SYS >

[2008/04/14 09:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2008/04/14 09:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008/04/14 04:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/14 04:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 

< MD5 for: ATAPI.SYS >

[2002/08/29 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys

[2008/04/14 09:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2002/08/30 00:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys

[2008/04/14 09:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2002/08/28 21:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2008/04/14 04:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/14 04:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

 

< MD5 for: EVENTLOG.DLL >

[2008/04/14 09:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/14 09:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[2002/08/29 08:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 

< MD5 for: NETLOGON.DLL >

[2008/04/14 09:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/14 09:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[2002/08/29 08:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 

< MD5 for: SCECLI.DLL >

[2002/08/29 08:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/14 09:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/14 09:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

 

< MD5 for: USERINIT.EXE >

[2008/04/14 09:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/14 09:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

[2002/08/29 08:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 

< MD5 for: WINLOGON.EXE >

[2002/08/29 08:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008/04/14 09:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008/04/14 09:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

[2003/05/20 07:18:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2003/05/20 07:18:42 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2003/05/20 07:18:42 | 000,421,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

Link to comment
Share on other sites
Mr Haiku Newbie

Mr Haiku

Posted
  • Author
Posted

Extras log...

 

 

OTL Extras logfile created on: 10/4/2010 1:42:22 PM - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.25 Gb Total Space | 21.96 Gb Free Space | 58.95% Space Free | Partition Type: NTFS

Drive D: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

E: Drive not present or media not loaded

Drive F: | 1862.36 Gb Total Space | 1706.44 Gb Free Space | 91.63% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: USER-2Z7RAZUZ7Y

Current User Name: Administrator

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_USERS\S-1-5-21-3244484535-3162346911-3820060285-500\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Roxio 2010\Venue\Venue.exe" = C:\Program Files\Roxio 2010\Venue\Venue.exe:*:Enabled:Roxio Venue -- (Sonic Solutions)

"C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" = C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:*:Enabled:CinemaNow Media Manager -- (CinemaNow Inc.)

"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{000425D5-C69B-4C02-943D-73713516D8EF}" = Intel® PROSet

"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver

"{235B3B96-A129-411C-A0DE-DA154590F5D3}" = ChessRally 2.6

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3818E081-EAA2-012B-AD94-000000000000}" = TurboTax 2009 WinBizFedFormset

"{3830D551-EAA2-012B-AD9A-000000000000}" = TurboTax 2009 WinBizReleaseEngine

"{383CBC31-EAA2-012B-AD9D-000000000000}" = TurboTax 2009 WinBizTaxSupport

"{38F44C61-EAA2-012B-ADCA-000000000000}" = TurboTax 2009 wkycbpm

"{3C5A81D1-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper

"{45D39011-AD99-4980-ADF9-B8202173668D}" = HotKey Appendix

"{46578609-AD6D-4E69-AC8F-28B89C090F3B}" = Roxio Creator 2010 Pro

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51559F52-2FAC-11D6-9FBF-0050DA5BC5D1}" = WLAN Security Client

"{5491453D-8C3E-4785-AC5C-E9A4DABF378A}" = Roxio Venue

"{5639BE8E-33DA-402A-B414-1FBED9CC50E1}" = DMI Viewer

"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack

"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup

"{65A79175-3C4C-41F4-92AF-BA1DDDBA0626}" = Roxio Burn Manager CDB

"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager

"{733CDF24-0A93-426E-AA89-DF281EB54793}" = Roxio CinePlayer

"{74DC8A26-4E05-40B6-AD11-C9428A1AE150}" = Roxio Creator 2010 Pro

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006

"{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}" = WordPerfect Office X3

"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB

"{87A83C6F-F53C-448A-B078-FF00E3EAEB29}" = Roxio Disaster Recovery

"{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}" = Roxio Creator 2010 Pro

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{906C01EE-B242-4197-AE85-6C506E1B869B}" = Roxio Burn Manager

"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser

"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack

"{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder

"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime

"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn

"{AF758B2C-348F-4B43-9818-08895BDCFC1C}" = Wireless LAN Switch

"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime

"{B766CBAA-5944-4888-A498-7139EE6A01C4}" = Tablet Button Manager

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C6A55E65-1784-4E84-8EAA-DB4386E11ACF}" = Display Rotation Tool

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DEEFA812-64A6-4083-BB38-87F68B6BA820}" = Hotkey Settings

"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Agere Systems Soft Modem" = Agere Systems AC'97 Modem

"avast!" = avast! Antivirus

"CAL" = Canon Camera Access Library

"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX

"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX

"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX

"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder

"CSCLIB" = Canon Camera Support Core Library

"EOS Utility" = Canon Utilities EOS Utility

"FIDMOU" = touchpad

"Firefox Windows Media Player XPI" = Firefox Windows Media Player XPI

"Foxit Reader" = Foxit Reader

"GOM Player" = GOM Player

"IObit Security 360_is1" = IObit Security 360

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)

"PanasonicHotkeyDriver" = Hotkey Driver for Panasonic PC

"PhotoStitch" = Canon Utilities PhotoStitch

"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX

"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX

"Roxio PhotoShow" = Roxio PhotoShow

"TurboTax Business 2009" = TurboTax Business 2009

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinZip" = WinZip

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

 

========== Last 10 Event Log Errors ==========

 

[ Antivirus Events ]

Error - 5/20/2009 7:59:16 PM | Computer Name = USER-2Z7RAZUZ7Y | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

D:\Dynex.exe failed, 0000001E.

 

Error - 5/20/2009 8:04:37 PM | Computer Name = USER-2Z7RAZUZ7Y | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

D:\Dynex.exe failed, 0000001E.

 

[ Application Events ]

Error - 10/3/2010 9:41:39 PM | Computer Name = USER-2Z7RAZUZ7Y | Source = MDC8021X | ID = 1000

Description = SYSTEM ERROR: A device attached to the system is not functioning.

 

Error - 10/3/2010 9:41:44 PM | Computer Name = USER-2Z7RAZUZ7Y | Source = MDC8021X | ID = 1000

Description = SYSTEM ERROR: A device attached to the system is not functioning.

 

Error - 10/3/2010 9:41:44 PM | Computer Name = USER-2Z7RAZUZ7Y | Source = MDC8021X | ID = 1000

Description = SYSTEM ERROR: A device attached to the system is not functioning.

 

Error - 10/3/2010 9:42:35 PM | Computer Name = USER-2Z7RAZUZ7Y | Source = MDC8021X | ID = 1000

Description = SYSTEM ERROR: A device attached to the system is not functioning.

 

Error - 10/3/2010 9:42:35 PM | Computer Name = USER-2Z7RAZUZ7Y | Source = MDC8021X | ID = 1000

Description = SYSTEM ERROR: A device attached to the system is not functioning.

 

Error - 10/3/2010 9:42:35 PM | Computer Name = USER-2Z7RAZUZ7Y | Source = MDC8021X | ID = 1000

Description = SYSTEM ERROR: A device attached to the system is not functioning.

 

Error - 10/3/2010 9:42:40 PM | Computer Name = USER-2Z7RAZUZ7Y | Source = MDC8021X | ID = 1000

Description = SYSTEM ERROR: A device attached to the system is not functioning.

 

Error - 10/3/2010 9:42:40 PM | Computer Name = USER-2Z7RAZUZ7Y | Source = MDC8021X | ID = 1000

Description = SYSTEM ERROR: A device attached to the system is not functioning.

 

Error - 10/3/2010 9:42:45 PM | Computer Name = USER-2Z7RAZUZ7Y | Source = MDC8021X | ID = 1000

Description = SYSTEM ERROR: A device attached to the system is not functioning.

 

Error - 10/3/2010 9:42:45 PM | Computer Name = USER-2Z7RAZUZ7Y | Source = MDC8021X | ID = 1000

Description = SYSTEM ERROR: A device attached to the system is not functioning.

 

[ System Events ]

Error - 10/3/2010 2:33:32 PM | Computer Name = USER-2Z7RAZUZ7Y | Source = Ftdisk | ID = 262193

Description = Configuring the Page file for crash dump failed. Make sure there is

a page file on the boot partition and that is large enough to contain all physical

memory.

 

Error - 10/3/2010 2:34:31 PM | Computer Name = USER-2Z7RAZUZ7Y | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher

12 service to connect.

 

Error - 10/3/2010 2:49:34 PM | Computer Name = USER-2Z7RAZUZ7Y | Source = Service Control Manager | ID = 7031

Description = The Print Spooler service terminated unexpectedly. It has done this

1 time(s). The following corrective action will be taken in 60000 milliseconds:

Restart the service.

 

Error - 10/3/2010 4:20:14 PM | Computer Name = USER-2Z7RAZUZ7Y | Source = Ftdisk | ID = 262189

Description = The system could not sucessfully load the crash dump driver.

 

Error - 10/3/2010 4:20:14 PM | Computer Name = USER-2Z7RAZUZ7Y | Source = Ftdisk | ID = 262193

Description = Configuring the Page file for crash dump failed. Make sure there is

a page file on the boot partition and that is large enough to contain all physical

memory.

 

Error - 10/3/2010 4:20:53 PM | Computer Name = USER-2Z7RAZUZ7Y | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher

12 service to connect.

 

Error - 10/3/2010 5:36:24 PM | Computer Name = USER-2Z7RAZUZ7Y | Source = Service Control Manager | ID = 7031

Description = The Print Spooler service terminated unexpectedly. It has done this

1 time(s). The following corrective action will be taken in 60000 milliseconds:

Restart the service.

 

Error - 10/3/2010 9:40:53 PM | Computer Name = USER-2Z7RAZUZ7Y | Source = Ftdisk | ID = 262189

Description = The system could not sucessfully load the crash dump driver.

 

Error - 10/3/2010 9:40:53 PM | Computer Name = USER-2Z7RAZUZ7Y | Source = Ftdisk | ID = 262193

Description = Configuring the Page file for crash dump failed. Make sure there is

a page file on the boot partition and that is large enough to contain all physical

memory.

 

Error - 10/3/2010 9:41:34 PM | Computer Name = USER-2Z7RAZUZ7Y | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher

12 service to connect.

 

 

< End of report >

Link to comment
Share on other sites
enoskype Newbie

enoskype

Posted
Posted

Mr Haiku,

 

Most probably your text's character count is more than permisible # of characters in a post.

 

Please divide the log file and post in more than one post.

OR

Compress the file and attach it as a zip file.

 

Cheers.

 

NOTE: your remainder of OTL log... and Extras log... are posted and readable.

Link to comment
Share on other sites
Mr Haiku Newbie

Mr Haiku

Posted
  • Author
Posted

OTL log part 1

 

OTL logfile created on: 10/4/2010 1:42:22 PM - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.25 Gb Total Space | 21.96 Gb Free Space | 58.95% Space Free | Partition Type: NTFS

Drive D: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

E: Drive not present or media not loaded

Drive F: | 1862.36 Gb Total Space | 1706.44 Gb Free Space | 91.63% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: USER-2Z7RAZUZ7Y

Current User Name: Administrator

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 

========== Processes (SafeList) ==========

 

PRC - [2010/10/04 13:40:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

PRC - [2010/09/28 10:04:57 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sas renamed to run.exe

PRC - [2010/08/24 22:31:10 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/06/11 18:14:24 | 001,280,344 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360tray.exe

PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe

PRC - [2009/07/21 12:50:02 | 000,084,464 | ---- | M] () -- C:\Program Files\Roxio 2010\5.0\CPMonitor.exe

PRC - [2009/06/23 18:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe

PRC - [2009/06/23 02:18:52 | 000,494,064 | ---- | M] () -- C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe

PRC - [2009/06/02 20:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe

PRC - [2009/03/24 02:01:00 | 000,113,136 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\VxBlockServer.exe

PRC - [2009/02/25 18:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

PRC - [2009/02/05 17:08:45 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2009/02/05 17:08:40 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2009/02/05 17:01:25 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2008/04/14 09:42:42 | 000,293,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wisptis.exe

PRC - [2008/04/14 09:42:38 | 000,271,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Ink\tabtip.exe

PRC - [2008/04/14 09:42:38 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Ink\tcserver.exe

PRC - [2008/04/14 09:42:24 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Ink\keyboardsurrogate.exe

PRC - [2008/04/14 09:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

PRC - [2005/08/24 22:25:00 | 000,101,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Location Finder\LocationFinder.exe

PRC - [2005/08/11 16:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

PRC - [2004/08/16 13:00:00 | 000,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE

PRC - [2003/04/08 22:07:44 | 000,851,968 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\HotKey Appendix\hkeyapp.exe

PRC - [2003/04/06 16:39:12 | 000,086,016 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) -- C:\Program Files\Panasonic\DispRot\IDRot.exe

PRC - [2003/04/06 15:25:30 | 000,053,248 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\MEITBMAN\MeiTBMan.exe

PRC - [2003/04/02 13:20:52 | 000,065,536 | ---- | M] (Panasonic) -- C:\Program Files\Panasonic\WLANSW\WLANSW.EXE

PRC - [2003/03/24 15:24:54 | 000,323,584 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ZCfgSvc.exe

PRC - [2003/03/24 14:22:24 | 000,299,075 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe

PRC - [2003/03/24 14:21:44 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe

PRC - [2002/12/31 17:00:30 | 000,053,248 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\svc8021x.exe

PRC - [2002/12/31 16:58:26 | 000,159,744 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\mgr8021x.exe

PRC - [2002/11/24 21:23:20 | 000,172,032 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe

PRC - [2002/08/29 06:41:28 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tabbtnu.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2010/10/04 13:40:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

MOD - [2010/07/30 10:18:26 | 000,232,960 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360mon.dll

MOD - [2008/04/14 09:42:08 | 000,250,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\sptip.dll

MOD - [2008/04/14 09:42:08 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Ink\tiptsf.dll

MOD - [2008/04/14 09:42:08 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Ink\tipcomponentsps.dll

MOD - [2008/04/14 09:42:02 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll

MOD - [2008/04/14 09:42:00 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfp.dll

MOD - [2008/04/14 09:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2008/04/14 03:09:26 | 002,897,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll

MOD - [2008/04/14 02:13:20 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\spgrmr.dll

MOD - [2002/08/29 06:41:08 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Journal\nbmaptip.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)

SRV - [2009/07/24 09:33:34 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe -- (RoxWatch12)

SRV - [2009/07/24 09:33:10 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe -- (RoxMediaDB12)

SRV - [2009/06/23 18:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)

SRV - [2009/06/02 20:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)

SRV - [2009/02/25 18:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2009/02/05 17:08:40 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)

SRV - [2009/02/05 17:08:26 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)

SRV - [2009/02/05 17:06:04 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)

SRV - [2009/02/05 17:01:25 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)

SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

SRV - [2003/03/24 14:22:24 | 000,299,075 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)

SRV - [2003/03/24 14:21:44 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)

SRV - [2002/12/31 17:00:30 | 000,053,248 | ---- | M] (Meetinghouse Data Communications) [Auto | Running] -- C:\WINDOWS\system32\svc8021x.exe -- (SVC8021X)

SRV - [2002/11/26 14:27:12 | 000,139,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)

DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2009/06/11 19:34:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)

DRV - [2009/06/02 02:00:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SaibVd32.sys -- (SaibVd32)

DRV - [2009/06/02 02:00:00 | 000,021,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SahdIa32.sys -- (SahdIa32)

DRV - [2009/06/02 02:00:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SaibIa32.sys -- (SaibIa32)

DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)

DRV - [2009/02/05 17:08:10 | 000,094,032 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2009/02/05 17:07:23 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2009/02/05 17:07:12 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2009/02/05 17:06:20 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2009/02/05 17:06:10 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2009/02/05 17:05:11 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2007/11/16 21:34:21 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2007/11/16 21:34:21 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2004/06/28 00:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)

DRV - [2003/03/27 23:57:30 | 000,004,608 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Kernel | System | Running] -- C:\Program Files\Panasonic\WLANSW\WLANSW.SYS -- (WLANSW)

DRV - [2003/03/27 01:57:24 | 002,379,776 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel®

DRV - [2003/03/19 08:04:42 | 000,010,368 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\meitbtn.sys -- (MEITBTN)

DRV - [2003/03/16 21:06:34 | 000,009,216 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HOTKEY.SYS -- (HOTKEY)

DRV - [2003/03/13 01:59:38 | 000,219,024 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) Audio Driver (WDM)

DRV - [2003/03/12 13:23:50 | 000,003,200 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Kernel | System | Running] -- C:\Program Files\Panasonic\MEITBMAN\MeiTBLCD.sys -- (MEITBLCD)

DRV - [2003/01/22 19:47:00 | 001,166,336 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2003/01/12 19:37:40 | 000,010,906 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2002/11/18 04:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)

DRV - [2002/09/23 20:55:24 | 000,007,936 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X)

DRV - [2002/09/19 21:38:24 | 000,023,315 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Fidmou.sys -- (FIDMOU)

DRV - [2001/08/23 08:03:54 | 000,025,434 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-3244484535-3162346911-3820060285-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-3244484535-3162346911-3820060285-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/

IE - HKU\S-1-5-21-3244484535-3162346911-3820060285-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-3244484535-3162346911-3820060285-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/13 12:05:47 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/13 12:05:29 | 000,000,000 | ---D | M]

 

[2010/09/13 12:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2010/10/03 16:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1r123v9v.default\extensions

[2010/09/20 06:18:50 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1r123v9v.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}

[2010/09/20 06:18:49 | 000,000,000 | ---D | M] (Google Shortcuts) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1r123v9v.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}

[2010/10/03 16:25:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1r123v9v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/09/13 12:08:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

 

O1 HOSTS File: ([2002/08/29 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [CPMonitor] C:\Program Files\Roxio 2010\5.0\CPMonitor.exe ()

O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe ()

O4 - HKLM..\Run: [Hotkey] C:\WINDOWS\system32\HKEYMAN.EXE (Matsushita Electric Industrial Co., Ltd.)

O4 - HKLM..\Run: [iObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)

O4 - HKLM..\Run: [Panasonic HotKey Manager] C:\Program Files\Panasonic\HotKey Appendix\hkeyapp.exe (Matsushita Electric Industrial Co., Ltd.)

O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)

O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe (Sonic Solutions)

O4 - HKLM..\Run: [scroller] C:\WINDOWS\System32\FPapli.exe (Fujitsu Component Limited)

O4 - HKLM..\Run: [TabletTip] C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe (Microsoft Corporation)

O4 - HKLM..\Run: [TabletWizard] C:\WINDOWS\Help\splshwrp.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [TabletWizard] C:\WINDOWS\help\wizard.hta File not found

O4 - HKU\S-1-5-20..\Run: [TabletWizard] C:\WINDOWS\help\wizard.hta File not found

O4 - HKU\S-1-5-21-3244484535-3162346911-3820060285-500..\Run: [Microsoft Location Finder] C:\Program Files\Microsoft Location Finder\LocationFinder.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3244484535-3162346911-3820060285-500..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\sas renamed to run.exe (SUPERAntiSpyware.com)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Display Rotation Tool.lnk = C:\Program Files\Panasonic\DispRot\IDRot.exe (Matsushita Electric Industrial Co.,Ltd.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless LAN Switch.lnk = C:\Program Files\Panasonic\WLANSW\WLANSW.EXE (Panasonic)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WLAN Security Client Manager.lnk = C:\WINDOWS\Installer\{51559F52-2FAC-11D6-9FBF-0050DA5BC5D1}\mdc.ico ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3244484535-3162346911-3820060285-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()

O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found

O15 - HKU\S-1-5-21-3244484535-3162346911-3820060285-500\..Trusted Domains: ([]msn in My Computer)

O15 - HKU\S-1-5-21-3244484535-3162346911-3820060285-500\..Trusted Domains: cinemanow.com ([]http in Trusted sites)

O15 - HKU\S-1-5-21-3244484535-3162346911-3820060285-500\..Trusted Domains: cinemanow.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-3244484535-3162346911-3820060285-500\..Trusted Domains: intuit.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-3244484535-3162346911-3820060285-500\..Trusted Domains: qflix.com ([]http in Trusted sites)

O15 - HKU\S-1-5-21-3244484535-3162346911-3820060285-500\..Trusted Domains: roxio.com ([]http in Trusted sites)

O15 - HKU\S-1-5-21-3244484535-3162346911-3820060285-500\..Trusted Domains: sonic.com ([redirect] http in Trusted sites)

O15 - HKU\S-1-5-21-3244484535-3162346911-3820060285-500\..Trusted Domains: sonic.com ([redirect2] http in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O20 - Winlogon\Notify\loginkey: DllName - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll (Microsoft Corporation)

O20 - Winlogon\Notify\MEITBNTF: DllName - MeiTBNtf.dll - C:\WINDOWS\System32\MeiTBNtf.dll (Matsushita Electric Industrial Co., Ltd.)

O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)

O20 - Winlogon\Notify\TabBtnWL: DllName - TabBtnWL.dll - C:\WINDOWS\System32\tabbtnwl.dll (Microsoft Corporation)

O20 - Winlogon\Notify\tpgwlnotify: DllName - tpgwlnot.dll - C:\WINDOWS\System32\tpgwlnot.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2003/05/20 14:37:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010/01/28 16:00:27 | 000,000,088 | R--- | M] () - D:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{09ac56d0-f184-11de-851a-000423705e95}\Shell - "" = AutoRun

O33 - MountPoints2\{09ac56d0-f184-11de-851a-000423705e95}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{09ac56d0-f184-11de-851a-000423705e95}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found

O33 - MountPoints2\{b144b14c-7688-11df-859d-000423705e95}\Shell - "" = AutoRun

O33 - MountPoints2\{b144b14c-7688-11df-859d-000423705e95}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{b144b14c-7688-11df-859d-000423705e95}\Shell\AutoRun\command - "" = D:\WD SmartWare.exe -- [2010/01/21 20:13:40 | 003,330,848 | R--- | M] (Western Digital)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Link to comment
Share on other sites
Mr Haiku Newbie

Mr Haiku

Posted
  • Author
Posted

OTL part 2

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: UploadMgr - Service

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3

ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (12961403845476352)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/10/04 13:40:31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2010/10/03 17:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IObit

[2010/10/03 17:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit

[2010/10/03 17:01:55 | 000,000,000 | ---D | C] -- C:\Program Files\IObit

[2010/10/03 15:25:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2010/10/03 15:25:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com

[2010/10/03 15:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/10/03 14:44:24 | 000,000,000 | ---D | C] -- C:\spoolerlogs

[2010/10/03 12:58:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2010/10/03 12:19:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2010/10/03 11:44:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/10/03 11:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/10/03 11:44:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/10/03 11:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/09/13 12:34:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010/10/04 13:40:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2010/10/04 12:00:33 | 000,120,832 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/03 21:43:37 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT

[2010/10/03 21:42:25 | 000,002,201 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WLAN Security Client Manager.lnk

[2010/10/03 21:40:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/10/03 21:40:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/10/03 21:40:25 | 1332,269,056 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/03 17:02:06 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk

[2010/10/03 16:18:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini

[2010/10/03 15:23:49 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/10/03 14:38:12 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/09/18 10:52:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/09/13 12:05:35 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/09/13 12:05:35 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/09/10 15:37:04 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\map.bmp

[2010/09/07 22:59:55 | 000,000,952 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2010/09/05 09:36:19 | 000,002,411 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quattro Pro X3.lnk

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/10/03 17:02:06 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk

[2010/10/03 15:23:49 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/10/03 11:44:11 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/09/13 12:05:35 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/09/13 12:05:35 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/12/25 14:30:28 | 000,004,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\rx_audio.Cache

[2009/12/15 19:58:21 | 000,120,832 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/15 15:27:11 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2009/12/14 21:30:52 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\rx_image32.Cache

[2009/12/14 20:51:18 | 000,719,640 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2008/12/15 14:50:40 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat

[2008/12/03 03:50:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004/01/30 16:07:46 | 000,245,408 | ---- | C] () -- C:\WINDOWS\System32\unicows.dll

[2003/05/20 20:53:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2003/05/20 15:06:38 | 000,000,072 | ---- | C] () -- C:\WINDOWS\AcrobatSetupStatus.ini

[2003/05/20 14:53:53 | 000,000,052 | ---- | C] () -- C:\WINDOWS\DMIVIEW.INI

[2003/05/19 22:03:53 | 000,023,315 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fidmou.sys

[2003/05/19 22:01:23 | 000,003,767 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2002/08/21 18:39:24 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2002/08/21 18:39:24 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

Link to comment
Share on other sites
  • 2 weeks later...
Mr Haiku Newbie

Mr Haiku

Posted
  • Author
Posted

more info

 

Just in case this is something to note (and I should have mentioned earlier)...

 

I could not run combofix until I changed the program name. Same thing happened when I tryed running malwarebytes AM and Superantispyware before.

 

Whatever is hacking me must be trying to block those programs.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...