Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Been Hijacked pls help


matt49256

Recommended Posts

Hi there Matt, and welcome to the forums :-)

 

We need to have a closer look, so please do the following :

 

  • Download OTL and save it to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and let it run uninterrupted.
  • Under the Custom Scan box, Copy/Paste the text in bold below into it :
     
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    CREATERESTOREPOINT

     
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long, perhaps a few minutes.
    • When the scan completes, it will open two Notepad windows : OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please Copy/Paste the contents of these files, one at a time, in your next reply. You may need two posts or more to fit them all in.

 

I'll try to make it back here as soon as time permits.

 

===

Link to comment
Share on other sites

olt.txt part 1

 

OTL logfile created on: 12/17/2010 3:52:52 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Scott\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18999)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 148.96 Gb Total Space | 75.56 Gb Free Space | 50.73% Space Free | Partition Type: NTFS

Drive D: | 5.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: DELL-PC | User Name: Scott | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2010/12/17 15:50:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Downloads\OTL.exe

PRC - [2010/12/17 06:34:12 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe

PRC - [2010/12/17 06:34:10 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe

PRC - [2010/12/17 06:34:06 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2010/08/09 14:53:18 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

PRC - [2010/05/14 15:06:30 | 000,406,848 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2009/10/10 09:07:04 | 001,728,512 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WN111v2\WN111v2.exe

PRC - [2009/09/23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2009/09/23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2010/12/17 15:50:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Downloads\OTL.exe

MOD - [2010/12/17 06:34:50 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/12/17 06:33:20 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)

SRV - [2010/12/17 06:33:13 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2010/08/09 14:53:18 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)

SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)

SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/10 16:56:21 | 000,152,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)

SRV - [2010/03/10 16:56:21 | 000,049,152 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)

SRV - [2010/03/02 16:15:44 | 000,536,472 | ---- | M] (Affinegy, Inc.) [Disabled | Stopped] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)

SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/09/23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2009/09/23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2009/08/05 21:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/02/29 01:07:18 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)

SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\netr28u.sys -- (netr28u)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Scott\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)

DRV - [2010/12/17 06:34:48 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2010/12/17 06:34:34 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2010/12/17 06:34:32 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2010/07/21 22:03:08 | 000,112,712 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINPROT)

DRV - [2010/07/21 22:03:06 | 000,099,400 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFILE)

DRV - [2010/07/10 04:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2010/06/17 13:41:14 | 000,126,024 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC)

DRV - [2010/05/27 18:39:34 | 000,141,384 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAFLT)

DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/04/30 13:46:12 | 000,111,112 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINPROC)

DRV - [2010/03/10 16:56:21 | 000,247,320 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sxuptp.sys -- (sxuptp)

DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2009/12/02 14:23:40 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)

DRV - [2009/09/23 15:04:56 | 000,021,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)

DRV - [2009/09/23 15:04:56 | 000,014,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftVollh.sys -- (sftvol)

DRV - [2009/09/23 15:04:54 | 000,190,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys -- (sftplay)

DRV - [2009/09/23 15:04:50 | 000,543,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftFSlh.sys -- (sftfs)

DRV - [2009/08/05 21:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)

DRV - [2009/05/31 10:52:28 | 000,024,488 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\cputemperature.sys -- (cputemperature)

DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2009/01/13 09:30:00 | 000,453,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WN111v2v.sys -- (WN111v2)

DRV - [2008/10/01 16:44:02 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)

DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)

DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2007/04/03 09:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)

DRV - [2006/11/16 14:36:28 | 000,020,480 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DNISP50.sys -- (DNISp50)

DRV - [2006/11/16 14:36:18 | 000,021,504 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNIMP50.sys -- (DNIMp50)

DRV - [2006/11/10 08:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SysTool.sys -- (SysTool)

DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

Link to comment
Share on other sites

olt.txt part 2

 

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.

ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)

 

CREATERESTOREPOINT

Error creating restore point.

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/12/17 15:50:12 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Panda Security

[2010/12/17 15:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security

[2010/12/17 15:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2010/12/17 15:44:55 | 000,428,352 | ---- | C] (Panda Security) -- C:\Users\Scott\Desktop\StubInstaller.exe

[2010/12/17 15:28:04 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\AVERT

[2010/12/17 13:39:28 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\SUPERAntiSpyware.com

[2010/12/17 13:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2010/12/17 13:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/12/17 11:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit

[2010/12/17 07:20:29 | 000,000,000 | -H-D | C] -- C:\$AVG

[2010/12/17 06:53:33 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\AVG9

[2010/12/17 06:34:48 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

[2010/12/17 06:34:45 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys

[2010/12/17 06:34:33 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys

[2010/12/17 06:34:30 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys

[2010/12/17 06:34:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg

[2010/12/16 13:21:23 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Malwarebytes

[2010/12/16 13:20:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/12/16 13:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/12/16 13:20:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/12/16 13:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/12/16 10:30:03 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!

[2010/12/15 21:16:21 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll

[2010/12/15 21:16:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2010/12/15 21:16:20 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010/12/15 21:15:55 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe

[2010/12/15 21:15:44 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010/12/15 21:15:20 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll

[2010/12/15 21:15:19 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll

[2010/12/15 21:15:19 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll

[2010/12/15 21:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO

[2010/12/15 19:41:06 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010/12/15 19:41:05 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2010/12/15 19:41:04 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2010/12/15 19:41:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2010/12/15 19:41:04 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2010/12/15 19:41:02 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2010/12/15 19:41:00 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2010/12/15 19:40:59 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2010/12/15 19:40:59 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010/12/15 19:40:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2010/12/15 19:40:58 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2010/12/15 19:40:58 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2010/12/15 19:40:57 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010/12/15 19:40:57 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010/12/15 19:40:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010/12/15 19:40:55 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2010/12/15 19:40:55 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010/12/15 19:40:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010/12/15 17:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar

[2010/12/15 17:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9

[2010/12/15 14:38:43 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{0B75AFE7-3377-4023-BF94-5F12E16149D1}

[2010/12/15 14:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\fEmMf06501

[2010/11/25 14:54:15 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\U3

[2010/11/22 16:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Affinegy

[2010/11/22 14:17:46 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\FileZilla

[2010/11/22 10:12:35 | 000,000,000 | ---D | C] -- C:\Program Files\Street Hacker

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010/12/17 15:56:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2620929482-3451089396-1678482307-1000UA.job

[2010/12/17 15:49:32 | 000,000,264 | ---- | M] () -- C:\Windows\System32\PSUNCpl.dat

[2010/12/17 15:46:43 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/12/17 15:17:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/12/17 14:56:48 | 000,094,573 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010/12/17 14:56:47 | 000,094,573 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010/12/17 14:56:25 | 000,005,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/12/17 14:56:25 | 000,005,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/12/17 14:56:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/12/17 14:55:12 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat

[2010/12/17 13:39:22 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/12/17 11:10:39 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\IObit Security 360.lnk

[2010/12/17 09:24:23 | 000,308,472 | ---- | M] () -- C:\Users\Scott\Desktop\PandaCloudAntivirus.exe

[2010/12/17 06:34:55 | 000,001,607 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk

[2010/12/17 06:34:50 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

[2010/12/17 06:34:48 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys

[2010/12/17 06:34:34 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys

[2010/12/17 06:34:32 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys

[2010/12/17 06:34:30 | 069,017,059 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2010/12/17 06:34:30 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm

[2010/12/16 19:21:33 | 000,620,574 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/12/16 19:21:33 | 000,109,390 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/12/16 16:56:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2620929482-3451089396-1678482307-1000Core.job

[2010/12/16 16:54:01 | 000,002,079 | ---- | M] () -- C:\Users\Scott\Desktop\Google Chrome.lnk

[2010/12/16 16:54:01 | 000,002,041 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/12/16 16:43:21 | 000,000,240 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg

[2010/12/16 13:20:22 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/12/16 03:19:36 | 000,244,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/12/15 14:38:44 | 000,000,120 | ---- | M] () -- C:\Users\Scott\AppData\Local\Bvunoyucegaqab.dat

[2010/12/15 14:38:44 | 000,000,000 | ---- | M] () -- C:\Users\Scott\AppData\Local\Ixusiwupucusez.bin

[2010/12/14 07:52:37 | 000,147,456 | -H-- | M] () -- C:\ffastun.ffo

[2010/12/14 07:52:37 | 000,004,413 | -H-- | M] () -- C:\ffastun.ffa

[2010/12/14 07:52:36 | 005,177,344 | -H-- | M] () -- C:\ffastun0.ffx

[2010/12/14 07:52:36 | 000,376,832 | -H-- | M] () -- C:\ffastun.ffl

[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/11/25 15:02:50 | 000,019,456 | ---- | M] () -- C:\Users\Scott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/12/17 15:49:32 | 000,000,264 | ---- | C] () -- C:\Windows\System32\PSUNCpl.dat

[2010/12/17 13:39:22 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/12/17 11:10:39 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\IObit Security 360.lnk

[2010/12/17 09:24:17 | 000,308,472 | ---- | C] () -- C:\Users\Scott\Desktop\PandaCloudAntivirus.exe

[2010/12/17 06:34:55 | 000,001,607 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk

[2010/12/17 06:34:30 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm

[2010/12/17 06:34:29 | 069,017,059 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2010/12/16 16:54:01 | 000,002,079 | ---- | C] () -- C:\Users\Scott\Desktop\Google Chrome.lnk

[2010/12/16 16:54:01 | 000,002,041 | ---- | C] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/12/16 16:51:37 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2620929482-3451089396-1678482307-1000UA.job

[2010/12/16 16:51:35 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2620929482-3451089396-1678482307-1000Core.job

[2010/12/16 16:43:21 | 000,000,240 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg

[2010/12/16 13:20:22 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/12/15 21:09:59 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat

[2010/12/15 14:38:44 | 000,000,120 | ---- | C] () -- C:\Users\Scott\AppData\Local\Bvunoyucegaqab.dat

[2010/12/15 14:38:44 | 000,000,000 | ---- | C] () -- C:\Users\Scott\AppData\Local\Ixusiwupucusez.bin

[2010/12/10 20:17:34 | 000,147,456 | -H-- | C] () -- C:\ffastun.ffo

[2010/12/10 20:17:34 | 000,004,413 | -H-- | C] () -- C:\ffastun.ffa

[2010/12/10 20:17:33 | 005,177,344 | -H-- | C] () -- C:\ffastun0.ffx

[2010/12/10 20:13:07 | 000,376,832 | -H-- | C] () -- C:\ffastun.ffl

[2010/09/15 19:33:41 | 000,000,021 | ---- | C] () -- C:\Windows\PI4_setup.ini

[2010/09/15 19:12:30 | 001,265,664 | ---- | C] () -- C:\Windows\System32\MGIIpl2A6.dll

[2010/09/15 19:12:30 | 001,228,800 | ---- | C] () -- C:\Windows\System32\MGIIpl2M6.dll

[2010/09/15 19:12:30 | 001,200,128 | ---- | C] () -- C:\Windows\System32\MGIIpl2M5.dll

[2010/09/15 19:12:30 | 001,073,152 | ---- | C] () -- C:\Windows\System32\MGIIpl2P6.dll

[2010/09/15 19:12:30 | 001,028,096 | ---- | C] () -- C:\Windows\System32\MGIIpl2P5.dll

[2010/09/15 19:12:30 | 000,000,002 | ---- | C] () -- C:\Windows\PhotoSuite.ini

[2010/09/15 19:12:13 | 001,064,960 | ---- | C] () -- C:\Windows\System32\MGIIpl2PX.dll

[2010/09/15 19:12:13 | 000,332,800 | ---- | C] () -- C:\Windows\System32\FPXLIB.DLL

[2010/09/15 19:12:13 | 000,122,880 | ---- | C] () -- C:\Windows\System32\JPEGLIB.DLL

[2010/09/15 19:12:13 | 000,020,480 | ---- | C] () -- C:\Windows\System32\MGIIpl2.dll

[2010/09/15 19:12:12 | 000,019,968 | ---- | C] () -- C:\Windows\System32\CPUINF32.DLL

[2010/09/07 10:55:26 | 001,103,360 | ---- | C] () -- C:\Windows\System32\cidfont.dll

[2010/05/08 12:37:38 | 000,142,336 | ---- | C] () -- C:\Windows\System32\hluninst.dll

[2010/05/08 12:36:28 | 000,000,594 | ---- | C] () -- C:\Windows\SIERRA.INI

[2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2010/03/14 15:42:47 | 000,024,488 | ---- | C] () -- C:\Windows\System32\drivers\cputemperature.sys

[2010/03/12 12:24:21 | 000,139,152 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\PnkBstrK.sys

[2010/03/01 22:25:19 | 000,000,079 | ---- | C] () -- C:\Windows\ImportClient.INI

[2010/03/01 22:22:31 | 000,073,728 | ---- | C] () -- C:\Windows\System32\ImageServerMI.dll

[2010/03/01 22:22:31 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ImportClient.dll

[2010/03/01 14:25:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/02/28 09:47:10 | 000,019,456 | ---- | C] () -- C:\Users\Scott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/16 05:44:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2010/02/14 17:06:42 | 000,094,573 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2010/02/14 17:06:42 | 000,094,573 | ---- | C] () -- C:\ProgramData\nvModes.001

[2010/02/14 16:30:30 | 000,001,356 | ---- | C] () -- C:\Users\Scott\AppData\Local\d3d9caps.dat

[2006/11/10 08:08:50 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\SysTool.sys

[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[1996/12/09 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL

[1996/12/09 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

 

< %systemroot%\*. /mp /s >

 

< c:\$recycle.bin\*.* /s >

[2010/12/15 15:36:33 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2620929482-3451089396-1678482307-1000\$IB3XZT2

[2010/05/18 17:11:53 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2620929482-3451089396-1678482307-1000\$IUQ08RX.zip

[2010/02/21 12:55:39 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2620929482-3451089396-1678482307-1000\$IWQAGSU.exe

[2010/02/14 16:30:45 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2620929482-3451089396-1678482307-1000\desktop.ini

[2010/05/08 10:28:51 | 000,004,479 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2620929482-3451089396-1678482307-1000\$RNUY051\DASMTEST.CS

[2010/05/08 10:28:52 | 000,155,718 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2620929482-3451089396-1678482307-1000\$RNUY051\dasmtest.exe

[2010/05/08 10:28:52 | 000,024,576 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2620929482-3451089396-1678482307-1000\$RNUY051\dasmTestGui.exe

[2010/05/08 10:28:51 | 000,073,728 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2620929482-3451089396-1678482307-1000\$RNUY051\disasm.dll

[2010/03/14 21:23:55 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2620929482-3451089396-1678482307-1001\$I77WO3X.exe

[2010/03/14 21:21:14 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2620929482-3451089396-1678482307-1001\$IEW6QX9.msi

[2010/03/14 21:29:53 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2620929482-3451089396-1678482307-1001\$IJHQQ1Y.exe

[2010/06/10 05:10:26 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2620929482-3451089396-1678482307-1001\$IRQMCA5.lnk

[2010/03/14 21:16:39 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2620929482-3451089396-1678482307-1001\$IXOWSVU.lnk

[2010/03/14 21:02:12 | 000,809,441 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2620929482-3451089396-1678482307-1001\$R77WO3X.exe

[2010/03/14 20:54:44 | 007,926,784 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2620929482-3451089396-1678482307-1001\$REW6QX9.msi

[2010/03/14 21:23:05 | 007,158,840 | ---- | M] (IObit ) -- c:\$recycle.bin\S-1-5-21-2620929482-3451089396-1678482307-1001\$RJHQQ1Y.exe

[2010/04/20 16:08:03 | 000,000,966 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2620929482-3451089396-1678482307-1001\$RRQMCA5.lnk

[2010/03/14 15:41:03 | 000,001,943 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2620929482-3451089396-1678482307-1001\$RXOWSVU.lnk

[2010/03/01 14:51:58 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2620929482-3451089396-1678482307-1001\desktop.ini

[2006/11/14 09:13:28 | 003,015,168 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2620929482-3451089396-1678482307-1001\$RJAEIFQ\fcmsetup.msi

[2006/11/14 09:13:10 | 000,555,008 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2620929482-3451089396-1678482307-1001\$RJAEIFQ\setup.exe

[2010/10/25 10:17:40 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2620929482-3451089396-1678482307-1005\desktop.ini

 

< %systemroot%\system32\*.dll /lockedfiles >

[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll

[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< End of report >

Link to comment
Share on other sites

extra.txt

 

OTL Extras logfile created on: 12/17/2010 3:52:52 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Scott\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18999)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 148.96 Gb Total Space | 75.56 Gb Free Space | 50.73% Space Free | Partition Type: NTFS

Drive D: | 5.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: DELL-PC | User Name: Scott | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = ChromeHTML] -- C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2620929482-3451089396-1678482307-1000]

"EnableNotifications" = 0

"EnableNotificationsRef" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0444F934-FF09-4C3E-9E31-C2C47AA95E60}" = lport=16148 | protocol=17 | dir=in | name=bitcomet 16148 udp |

"{09BFB827-3321-44C0-83C4-BC367371847F}" = rport=139 | protocol=6 | dir=out | app=system |

"{13250696-0E4F-49AE-8FA5-F3CE6F6FBAB5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{166606F9-8B16-4792-BE74-FED946897080}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{2B3B2DD0-3ECC-4A05-984C-2C0220BC0FF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{3CE89B41-AD0B-443E-81BC-935C279FBE4D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{4601624E-9734-443D-AA55-B15D54B689B0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{631B38B0-7B6C-4F36-8B9A-FFF9282FFC28}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{73588A72-92E8-407A-93A6-15F3A541B5CC}" = lport=2869 | protocol=6 | dir=in | app=system |

"{76EBE7B0-C0C7-4BDA-8797-3A198E125140}" = lport=138 | protocol=17 | dir=in | app=system |

"{851612DA-C24B-476B-B77B-BBE5A7E3E181}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{864D862E-B877-4A86-ACC3-32B408653AB6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{890826A2-5030-40EF-A5F0-FAC5E937250D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{8BCF3C7B-EF35-45E8-B47C-933F24D36C8E}" = lport=445 | protocol=6 | dir=in | app=system |

"{8E399A54-4A39-4ED4-B1D4-A1271E960B40}" = rport=138 | protocol=17 | dir=out | app=system |

"{95721125-C06D-4D00-BA51-9F5B1D5B3AB6}" = lport=139 | protocol=6 | dir=in | app=system |

"{A33A5052-DDBE-4CB9-996D-75A39A28AD60}" = lport=137 | protocol=17 | dir=in | app=system |

"{A72FA68F-7D98-4B4C-9D6C-5F4A7B042A9D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{AF2BFDE9-931D-4878-B6BD-EE44AB6A4D66}" = rport=445 | protocol=6 | dir=out | app=system |

"{B547DF5D-23D3-4C42-ABDD-DF415BCBF787}" = rport=137 | protocol=17 | dir=out | app=system |

"{D7C642B9-DCA6-4442-A78A-2312EDEAA6B4}" = lport=16148 | protocol=6 | dir=in | name=bitcomet 16148 tcp |

"{E87C92DF-1112-4AD5-976A-0FF075D7836D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{EA13947F-A32D-494A-8A19-42E4B1D20BD2}" = lport=19540 | protocol=17 | dir=in | name=sxuptp |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0AD6F6BD-2F4B-47C1-B3E8-83785DE37262}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

"{0C4E363D-ED7E-4CBB-9D99-9C875788276D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{214CE3CA-B6BB-4E1A-8FB5-20FAA1096E70}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |

"{23DE2450-4ADC-4A5F-822B-89C30E3BAA52}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{24B3F093-2848-434C-AFD2-BF16E4207D58}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |

"{2BF0F416-A3E6-4B7E-B0E2-2A40F4892DFB}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |

"{33A4FE49-D8E2-4934-8BA5-EF6B3CE2B1B9}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |

"{3956BFEE-07A9-4EC6-B2AE-5CD903399072}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{3B9A8890-2E4E-41EF-B122-629D23FDE4C5}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |

"{440487ED-BDF8-4DBE-B924-DA65EB85FB68}" = protocol=17 | dir=in | app=c:\program files\belkin\belkin usb print and storage center\connect.exe |

"{47DE6BEE-3B85-40D5-967F-9F8169674163}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{4964A911-A0AC-4EB1-BBC5-51E19834B3DB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe |

"{4DB2E129-461E-48AD-88DE-CEB3044B6354}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |

"{511CD592-9504-4FB8-933E-2706C0C7F81D}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |

"{53334F47-AF05-4055-B6C7-D79E62F8FC2A}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"{5724CB42-5112-421D-9A51-EDF238774E0D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{5D67C9B0-F133-47CB-9FA2-8738EEC19F96}" = protocol=6 | dir=in | app=c:\users\scott\appdata\roaming\mjusbsp\magicjack.exe |

"{63B08049-92F8-4277-8904-B3C344742736}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |

"{76F922D0-05C0-4650-AFE3-DB34C52DD275}" = protocol=6 | dir=in | app=c:\program files\sega\the club\launcher.exe |

"{77967183-5594-4616-8B03-B82AEBC7C008}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

"{78EAEB2F-22CB-457C-B304-1180FB665345}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |

"{7A187185-A7AF-4782-8208-0A72284A3976}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |

"{7DA995A0-53C0-4A54-992E-91699108E62B}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |

"{7EB2E222-98B8-487C-A1EA-573F526C64B3}" = protocol=6 | dir=in | app=c:\program files\belkin\belkin usb print and storage center\connect.exe |

"{877C0D37-7A6D-414B-9817-535E2081F56B}" = protocol=6 | dir=in | app=c:\program files\sega\the club\theclub.exe |

"{8F890EEC-8589-4172-9F46-C1C48AB64E83}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{9165F0C0-4856-4B6C-B695-FFA546CAA4DD}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |

"{96697B73-6B61-4CF1-B9ED-B5960388BE0F}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |

"{9C7DE963-03A5-4C6C-A11E-976FA636D2C5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{9DE6506F-C4B3-4176-AA9E-72CE2ADF2883}" = protocol=17 | dir=in | app=c:\users\scott\appdata\roaming\mjusbsp\magicjack.exe |

"{9FAB9838-EDA4-441F-A555-5E23C46C2BC9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{AA7CB275-17DE-4D33-BE0A-FDCDA05C8B4F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{AB789FE0-D859-46B4-9A44-DC2727EEC81B}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |

"{AD4A48AC-5114-44B8-AD15-11A252EEC389}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |

"{AEA70EDB-C050-4C85-A3CC-2A56B5769058}" = dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |

"{BD6E1430-CED5-493E-A911-468392285C0D}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |

"{BDD57542-AC12-45E5-9A64-478F2A56870D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{C61F55CB-BEB0-41AB-BDC8-5B0F4ACFE1F9}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |

"{CD35B4EB-CAD1-4C9D-9CB0-BA7859F48608}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{D0CA17B0-EE64-448E-B04D-E3C4A57DC61B}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{D23F0581-6C94-4A49-A4EC-0AEF28F4585C}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |

"{D3B5452A-728D-42FA-9075-3732CD3F2992}" = protocol=17 | dir=in | app=c:\program files\sega\the club\launcher.exe |

"{DCC7D641-7980-4708-8C16-8E1C1FB8B64C}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |

"{EBE01436-A2FC-422A-954A-65C754A2B1B8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe |

"{FCF93507-FAD0-445B-8D17-1B506EC33259}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{FF42FF4A-9367-4135-934A-B29D75BDF2E0}" = protocol=17 | dir=in | app=c:\program files\sega\the club\theclub.exe |

"TCP Query User{27EBC038-8ECF-4736-9F97-04966029FF29}C:\program files\readon technology\readon tv movie radio player 7.2.0.0\internettv.exe" = protocol=6 | dir=in | app=c:\program files\readon technology\readon tv movie radio player 7.2.0.0\internettv.exe |

"TCP Query User{408CE9C7-AC44-4E42-8C8C-EDE9D9B8EBE2}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |

"TCP Query User{855FF8E9-4E2B-43B3-AFB6-E091C9867585}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"TCP Query User{9503DF3A-90D2-4079-917D-BD0A097C04E6}C:\program files\readon technology\readon tv movie radio player 7.2.0.0\internettv.exe" = protocol=6 | dir=in | app=c:\program files\readon technology\readon tv movie radio player 7.2.0.0\internettv.exe |

"TCP Query User{C555B061-DB68-41C6-A983-D764F21EE305}C:\program files\readon technology\readon tv movie radio player 7.0.0.0\internettv.exe" = protocol=6 | dir=in | app=c:\program files\readon technology\readon tv movie radio player 7.0.0.0\internettv.exe |

"TCP Query User{C7D6AA8D-E94D-4DD1-8E41-AB4216C071A0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{C845C066-EF53-4FCE-A300-96A1B338147F}C:\program files\belkin\belkin usb print and storage center\connect.exe" = protocol=6 | dir=in | app=c:\program files\belkin\belkin usb print and storage center\connect.exe |

"TCP Query User{CF870DAD-04AF-45CE-8590-91D81A9AB61C}C:\program files\readon technology\readon tv movie radio player 6.3.1.0\internettv.exe" = protocol=6 | dir=in | app=c:\program files\readon technology\readon tv movie radio player 6.3.1.0\internettv.exe |

"TCP Query User{D74768B5-8927-4718-A2DD-EE9B667AD834}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"UDP Query User{13CB5BD0-D8E3-44D8-BC3D-C3400EFE15B2}C:\program files\readon technology\readon tv movie radio player 7.0.0.0\internettv.exe" = protocol=17 | dir=in | app=c:\program files\readon technology\readon tv movie radio player 7.0.0.0\internettv.exe |

"UDP Query User{534AE1F3-8327-470F-BAE5-FA7582523FDB}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"UDP Query User{73A98B3E-5904-4B28-AFCB-DB2A899894FA}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

"UDP Query User{9F5E165E-575E-4FB8-A7B8-8DB30CA89353}C:\program files\readon technology\readon tv movie radio player 7.2.0.0\internettv.exe" = protocol=17 | dir=in | app=c:\program files\readon technology\readon tv movie radio player 7.2.0.0\internettv.exe |

"UDP Query User{B6978CCA-DE0D-41D9-B170-CF2A0E397B9E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{C55A63F4-E636-4142-A9AF-1B701842BCD0}C:\program files\readon technology\readon tv movie radio player 6.3.1.0\internettv.exe" = protocol=17 | dir=in | app=c:\program files\readon technology\readon tv movie radio player 6.3.1.0\internettv.exe |

"UDP Query User{C6DA18D1-1079-42A6-8414-5E60C4C379DD}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |

"UDP Query User{CAFD133C-0A6F-41CB-B77C-E35EE910470F}C:\program files\belkin\belkin usb print and storage center\connect.exe" = protocol=17 | dir=in | app=c:\program files\belkin\belkin usb print and storage center\connect.exe |

"UDP Query User{D6003BC9-E4DD-48CB-A930-7D2A6E621FA2}C:\program files\readon technology\readon tv movie radio player 7.2.0.0\internettv.exe" = protocol=17 | dir=in | app=c:\program files\readon technology\readon tv movie radio player 7.2.0.0\internettv.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers

"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2

"{1EE7343D-BBE3-4A8B-8E62-B81683BCAB8E}" = BE Downloadable Edition

"{20140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 (Beta)

"{20140062-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 (Beta) - English

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20

"{2D7FA675-DD69-4205-A192-B0F4C99077ED}" = My Gun Collection

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B3235BF-7A14-4DEC-9DBF-FB8291491B3A}" = Firearms Collection Manager

"{5695B707-C5A9-4EF4-9534-31A798683362}" = The Club

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7CDA437D-FB09-4E7D-932D-2FB045AC5C2D}" = ArcSoft PhotoImpression

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8E4E1494-F12B-468E-9C94-506BDBDC719C}" = The Suffering: Ties That Bind Demo

"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0

"{AD25A8FE-964F-48DB-B5C5-AD4DDB3895AD}" = System Requirements Lab

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D4AFFB91-9FD8-DA91-95B1-83DD43D10C36}" = Search Assistant Precisead

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{DA084DC0-F7C4-4285-9304-D0EB88AF0998}" = Readon TV Movie Radio Player 6.3.1.0

"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE

"{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC}" = Panda Cloud Antivirus

"ActiveScan 2.0" = Panda ActiveScan 2.0

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AIM_7" = AIM 7

"AVG9Uninstall" = AVG Free 9.0

"BE Downloadable Edition" = BE Downloadable Edition

"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor

"Belkin USB Print and Storage Center" = Belkin USB Print and Storage Center

"BelkinDailyDj" = Belkin Daily DJ

"BelkinLabeler" = Belkin Music Labeler

"CadStd" = CadStd

"Canon MP250 series User Registration" = Canon MP250 series User Registration

"CanonMyPrinter" = Canon Utilities My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"dvdavmywfng" = RON Too1 Precisead

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"Easy-WebPrint EX" = Canon Easy-WebPrint EX

"FrostWire" = FrostWire 4.21.1

"Hot Wheels® Turbo Driver™ Downloader" = Hot Wheels® Turbo Driver™ Joystick Installer

"ImageConverter Plus_is1" = ImageConverter Plus 8.0

"InfraRecorder" = InfraRecorder

"InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2

"InstallShield_{5695B707-C5A9-4EF4-9534-31A798683362}" = The Club

"IObit Security 360_is1" = IObit Security 360

"IrfanView" = IrfanView (remove only)

"LimeWire" = LimeWire 5.5.16

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Essentials" = Microsoft Security Essentials

"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0

"Music Mover_is1" = Music Mover

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"office Convert Pdf to Jpg Jpeg Tiff Free_is1" = office Convert Pdf to Jpg Jpeg Tiff Free 6.4

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010 (Beta)

"OpenAL" = OpenAL

"Panda Cloud Antivirus" = Panda Cloud Antivirus

"PrintMaster Express" = PrintMaster Express

"RAMRush_is1" = RAMRush 1.0.6.917

"reconportscanner" = reconportscanner

"Shoot! Ballistics Software v3.2" = Shoot! Ballistics Software v3.2

"Sierra Utilities" = Sierra Utilities

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"Team Fortress Classic" = Team Fortress Classic

"TThrottle: Temperature Throttle_is1" = TThrottle: Temperature Throttle by eFMer V 1.7.0

"TweakNow PowerPack 2009_is1" = TweakNow PowerPack 2009

"UBCD4Win_is1" = UBCD4Win 3.50

"UFileDownloadD" = Versal FileDownload ActiveX Control Trial Version

"Veoh Web Player Beta" = Veoh Web Player

"WinLiveSuite_Wave3" = Windows Live Essentials

"WiseSurfer Elite Diagnostic" = WiseSurfer Elite Diagnostic

"Word8.0" = Microsoft Word 97

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

"YInstHelper" = Yahoo! Install Manager

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"f031ef6ac137efc5" = Dell Driver Download Manager

"Google Chrome" = Google Chrome

 

========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

Link to comment
Share on other sites

otl.txt part 3

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C F1 70 DF 9E DE CA 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

[2010/05/23 16:32:36 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\mozilla\Extensions

[2010/02/18 16:27:04 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

[2010/02/21 13:14:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

 

O1 HOSTS File: ([2010/12/17 15:28:45 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - Reg Error: Value error. File not found

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - Reg Error: Value error. File not found

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [iObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)

O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)

O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll (CSEQueryObject Object)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Value error.)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Scott\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Scott\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{0c33af53-1b60-11df-bd7d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.bat -- File not found

O33 - MountPoints2\{19e6729d-19b5-11df-baf4-001676e24fc9}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found

O33 - MountPoints2\{19e6729d-19b5-11df-baf4-001676e24fc9}\Shell\phone\command - "" = F:\autorun.exe -- File not found

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found

O33 - MountPoints2\F\Shell\phone\command - "" = F:\autorun.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

MsConfig - StartUpFolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe - (Lime Wire, LLC)

MsConfig - StartUpFolder: C:^Users^Scott^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe - (Lime Wire, LLC)

MsConfig - StartUpFolder: C:^Users^Scott^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE - ()

MsConfig - StartUpFolder: C:^Users^Scott^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE - ()

MsConfig - StartUpFolder: C:^Users^Scott^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE - (Microsoft Corporation)

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: AeroSnap - hkey= - key= - C:\Program Files\AeroSnap\AeroSnap.exe File not found

MsConfig - StartUpReg: Aim - hkey= - key= - C:\Program Files\AIM\aim.exe (AOL Inc.)

MsConfig - StartUpReg: antivirus[1] - hkey= - key= - C:\Users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MVNHJ9BT\antivirus[1].exe File not found

MsConfig - StartUpReg: AVG9_TRAY - hkey= - key= - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

MsConfig - StartUpReg: boincmgr - hkey= - key= - C:\Program Files\BOINC\boincmgr.exe File not found

MsConfig - StartUpReg: boinctray - hkey= - key= - C:\Program Files\BOINC\boinctray.exe File not found

MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

MsConfig - StartUpReg: cdloader - hkey= - key= - C:\Users\Scott\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)

MsConfig - StartUpReg: Desktop Security - hkey= - key= - C:\Users\Scott\AppData\Roaming\Desktop Security\Desktop Security 2010.exe File not found

MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe File not found

MsConfig - StartUpReg: eSupportDownloadManager - hkey= - key= - c:\users\scott\appdata\local\apps\2.0\4lllr33d.lm5\4q8kta66.ree\dell...app_c8a6012355de1b2d_0002.0001_925243f26e3ff699\it\downloadmanagerdell.exe File not found

MsConfig - StartUpReg: eSupporteSupport - hkey= - key= - c:\users\scott\appdata\local\apps\2.0\4lllr33d.lm5\4q8kta66.ree\dell...app_c8a6012355de1b2d_0002.0001_925243f26e3ff699\he\resourcesesupport4.95.exe File not found

MsConfig - StartUpReg: eSupportLocalization - hkey= - key= - c:\users\scott\appdata\local\apps\2.0\4lllr33d.lm5\4q8kta66.ree\dell...app_c8a6012355de1b2d_0002.0001_925243f26e3ff699\it\downloadmanagerdell.exe File not found

MsConfig - StartUpReg: ftweak_RAMRush - hkey= - key= - C:\Program Files\RAMRush\RAMRush.exe (FTweak)

MsConfig - StartUpReg: Gamevance - hkey= - key= - C:\Program Files\Gamevance\gamevance32.exe File not found

MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

MsConfig - StartUpReg: Hot Wheels® Turbo Driver™ Watcher - hkey= - key= - File not found

MsConfig - StartUpReg: IObit Security 360 - hkey= - key= - C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)

MsConfig - StartUpReg: jswtrayutil - hkey= - key= - C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe File not found

MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

MsConfig - StartUpReg: MSSE - hkey= - key= - c:\Program Files\Microsoft Security Essentials\msseces.exe File not found

MsConfig - StartUpReg: mtsgw1usvuop - hkey= - key= - C:\Users\Scott\AppData\Local\Temp\m.2F19A.tmp.exe File not found

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe File not found

MsConfig - StartUpReg: resourcesDownloadManager4.95 - hkey= - key= - C:\Users\Scott\AppData\Local\Apps\2.0\4LLLR33D.LM5\4Q8KTA66.REE\dell...app_c8a6012355de1b2d_0002.0001_925243f26e3ff699\pl\DownloadManagereSupport4.95.exe File not found

MsConfig - StartUpReg: resourceseSupport - hkey= - key= - c:\users\scott\appdata\local\apps\2.0\4lllr33d.lm5\4q8kta66.ree\dell...app_c8a6012355de1b2d_0002.0001_925243f26e3ff699\pl\downloadmanageresupport4.95.exe File not found

MsConfig - StartUpReg: resourcesLocalization - hkey= - key= - c:\users\scott\appdata\local\apps\2.0\4lllr33d.lm5\4q8kta66.ree\dell...app_c8a6012355de1b2d_0002.0001_925243f26e3ff699\it\esupportdownloadmanager.exe File not found

MsConfig - StartUpReg: SecurityCenter - hkey= - key= - C:\Users\Scott\AppData\Roaming\Desktop Security\securitycenter.exe File not found

MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig - StartUpReg: TurboKey - hkey= - key= - C:\Program Files\Race The World \turbokey.exe File not found

MsConfig - StartUpReg: VeohPlugin - hkey= - key= - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)

MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found

MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

MsConfig - State: "startup" - 2

MsConfig - State: "services" - 2

 

SafeBootMin: AppMgmt - File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe File not found

SafeBootMin: NTDS - File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe File not found

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS - File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

Link to comment
Share on other sites

Thanks for those logs, Matt. I figured out the sequence, no sweat there :wink:

 

Ok. I see a few things in the logs but it's what we don't see that I'm interested in, haha. I'll explain a little : from what you've said, I suspect your router has been hijacked. Now, the original infection that caused this doesn't seem to be there anymore, but that could be explained by you having run some tools I see on your machine. Here's what we'll do...

 

1) You have two antivirus programs installed (AVG9 and Panda Cloud) ; that's a no-no, because they compete for the same task and end up compromising your security rather than improving it. Just one antivirus installed with sheilds active. You choose. If you've paid for the Panda licence, then keep that one for sure ; if not, then I'd still recommend you keep Panda and ditch AVG (remove it from Control Panel).

 

2) I can't tell whether your router is a Belkin or a Netgear, so please tell me (brand and model number) in your reply. For now, this is what I want you to try : reset your router to factory default by locating the reset button (usually recessed at the back of the unit) and pressing it in for 10 seconds, then release it. The router should reset itself to factory settings. Once the router is active again, please enter its interface and set yourself a new username and password (not default).

*If you encounter difficulties doing this, I'll be able to guide you once I know which router you have.

 

3) If you've been able to reset the router, please do the following - or skip if you need assistance resetting it :

 

- Click on the Vista globe ("Start" button) and type cmd in the search box there ;

- Next, press and hold these three keys : "CTRL, SHIFT, ENTER", in sequence, then release them ;

- Click "Continue" at the prompt (if you have UAC activated) ;

- In the DOS-style cmd window, please type the following command (in bold), then press "ENTER" :

 

ipconfig /flushdns

(notice the space after "ipconfig")

 

4) Go browsing and tell us if things have improved.

 

And let me know which router you have, regardless of the outcome.

 

Good luck !

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...