Full Member
Just had an elderly neighbour call me regarding a phone call she received from some sort of "PC support" saying that her PC was infected and she should go to a specific website to get a cure. She did go to the website, but luckily a visitor, realising what was happening took the phone from her and ended the call - the next step was to have her enter CC details into their website.
I'll check out her PC for viruses in case linking to the website caused something to be downloaded. As a first step I'll following Broni's sticky to run Malwarebytes, etc., and report the findings here if that's OK.
Senior Member
Please, go ahead
Full Member
Malwarebytes' Anti-Malware 1.46
Malwarebytes
Database version: 4795
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
11/10/2010 18:59:51
mbam-log-2010-10-11 (18-59-51).txt
Scan type: Quick scan
Objects scanned: 149391
Time elapsed: 10 minute(s), 7 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 3
Files Infected: 22
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\dynamic toolbar (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBUKV2 (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBUKV2\Cache (Adware.2020search) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\dynamic toolbar\PBUKV2\Cache\ErrorLog.txt (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBUKV2\Cache\go.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBUKV2\Cache\home.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBUKV2\Cache\logo_pb.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBUKV2\Cache\parent_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBUKV2\Cache\parent_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBUKV2\Cache\PBUKV2TB0200.cfg (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBUKV2\Cache\popup_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBUKV2\Cache\popup_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBUKV2\Cache\search.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBUKV2\Cache\services.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBUKV2\Cache\skin.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBUKV2\Cache\skin1.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBUKV2\Cache\skin2.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBUKV2\Cache\skin3.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBUKV2\Cache\skin4.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBUKV2\Cache\skin5.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBUKV2\Cache\store.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBUKV2\Cache\style.css (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBUKV2\Cache\support.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBUKV2\Cache\ticker.xml (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBUKV2\Cache\_Ticker_ticker.txt (Adware.2020search) -> Quarantined and deleted successfully.
GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-10-12 12:13:17
Windows 5.1.2600 Service Pack 3
Running: f6ylkryn.exe; Driver: C:\DOCUME~1\NANBOY~1\LOCALS~1\Temp\pxldqpow.sys
---- Kernel code sections - GMER 1.0.15 ----
? bdywmmuy.sys The system cannot find the file specified. !
? C:\DOCUME~1\NANBOY~1\LOCALS~1\Temp\pxldqpob.sys The system cannot find the file specified. !
? System32\Drivers\hiber_WMILIB.SYS The system cannot find the path specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[2024] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2024] USER32.dll!DialogBoxIndirectParamW 7E432072 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[2024] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E352076 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2024] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E351FF7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2024] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E35203B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2024] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E351F83 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2024] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E351FBD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2024] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3520B1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2024] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E201772 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2024] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E352273 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c
Kernel Drivers (total 128):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7C2E000 \WINDOWS\system32\KDCOM.DLL
0xF7B3E000 \WINDOWS\system32\BOOTVID.dll
0xF772E000 bdywmmuy.sys
0xF76DF000 ACPI.sys
0xF7C30000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF76CE000 pci.sys
0xF773E000 isapnp.sys
0xF7B42000 compbatt.sys
0xF7B46000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF79AE000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7C38000 viaide.sys
0xF774E000 MountMgr.sys
0xF76AF000 ftdisk.sys
0xF79B6000 PartMgr.sys
0xF7B4A000 ACPIEC.sys
0xF7CF7000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF775E000 VolSnap.sys
0xF7697000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF767F000 atapi.sys
0xF77EE000 disk.sys
0xF77FE000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF761A000 fltmgr.sys
0xF7608000 sr.sys
0xF780E000 PxHelp20.sys
0xF75F1000 KSecDD.sys
0xF7564000 Ntfs.sys
0xF7537000 NDIS.sys
0xF782E000 uagp35.sys
0xF7B6E000 RecAgent.sys
0xF751D000 Mup.sys
0xF779E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7C26000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF73E2000 \SystemRoot\system32\DRIVERS\vtmini.sys
0xF73CE000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7360000 \SystemRoot\system32\DRIVERS\ar5211.sys
0xF7B0E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF733C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7B16000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7C2A000 \SystemRoot\system32\drivers\STDSB.sys
0xF77AE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF730D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7C5A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7B1E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B26000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF77BE000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF77CE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF77DE000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF72EA000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6F70000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF6F4C000 \SystemRoot\system32\drivers\portcls.sys
0xF783E000 \SystemRoot\system32\drivers\drmk.sys
0xF6EDC000 \SystemRoot\system32\DRIVERS\SLDRV\slntamr.sys
0xF74ED000 \SystemRoot\system32\DRIVERS\SLDRV\SlWdmSup.sys
0xF6EBB000 \SystemRoot\system32\DRIVERS\SLDRV\Mtlmnt5.sys
0xF7B2E000 \SystemRoot\System32\Drivers\Modem.SYS
0xF784E000 \SystemRoot\system32\DRIVERS\fetnd5bv.sys
0xF7E18000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF785E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF74E9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6EA4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF781E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF788E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7B36000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6E93000 \SystemRoot\system32\DRIVERS\psched.sys
0xF789E000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7A2E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7A36000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7A3E000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xF78AE000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7C5C000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6E35000 \SystemRoot\system32\DRIVERS\update.sys
0xF74E1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF78BE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF78DE000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF740D000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7C5E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7E76000 \SystemRoot\System32\Drivers\Null.SYS
0xF7C60000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A5E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7A66000 \SystemRoot\System32\drivers\vga.sys
0xF7C62000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7C64000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79BE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79C6000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7B52000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF5DA9000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF5D50000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF5D16000 \SystemRoot\System32\Drivers\avgtdix.sys
0xF5CF0000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF78EE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF5CB1000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF5C8F000 \SystemRoot\System32\drivers\afd.sys
0xF790E000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF79DE000 \SystemRoot\System32\Drivers\StarOpen.SYS
0xF5C64000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF5BCC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF792E000 \SystemRoot\System32\Drivers\Fips.SYS
0xF79F6000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xF5B98000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF7485000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF581C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7C80000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6DE4000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7A8E000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D26000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\vtdisp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF13A8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF0FCF000 \SystemRoot\system32\drivers\wdmaud.sys
0xF121C000 \SystemRoot\system32\drivers\sysaudio.sys
0xF0CFA000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF081B000 \SystemRoot\system32\DRIVERS\srv.sys
0xF090A000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xF0442000 \SystemRoot\System32\Drivers\HTTP.sys
0xEFF28000 \??\C:\DOCUME~1\NANBOY~1\LOCALS~1\Temp\pxldqpob.sy s
0xEFF04000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF7CD2000 \SystemRoot\System32\Drivers\hiber_WMILIB.SYS
0xF7A86000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF027E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF031A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF1290000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xEFE72000 \??\C:\DOCUME~1\NANBOY~1\LOCALS~1\Temp\pxldqpow.sy s
0xEFE47000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 56):
0 System Idle Process
4 System
596 C:\WINDOWS\system32\smss.exe
660 csrss.exe
684 C:\WINDOWS\system32\winlogon.exe
728 C:\WINDOWS\system32\services.exe
740 C:\WINDOWS\system32\lsass.exe
892 C:\WINDOWS\system32\svchost.exe
956 svchost.exe
1100 C:\WINDOWS\system32\svchost.exe
1256 svchost.exe
1296 C:\Program Files\AVG\AVG9\avgchsvx.exe
1304 C:\Program Files\AVG\AVG9\avgrsx.exe
1464 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1852 C:\WINDOWS\system32\spoolsv.exe
1900 C:\WINDOWS\explorer.exe
488 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
508 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
528 C:\WINDOWS\system32\VTTimer.exe
540 C:\WINDOWS\system32\VTTrayp.exe
612 C:\WINDOWS\system32\drivers\STDSB.exe
648 C:\WINDOWS\system32\drivers\Icon.exe
664 C:\WINDOWS\SOUNDMAN.EXE
796 C:\APPS\Powercinema\PCMService.exe
1016 C:\Program Files\Yahoo!\YOP\yop.exe
1032 C:\Program Files\QuickTime\QTTask.exe
1068 C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
1164 svchost.exe
1184 C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
1212 C:\Program Files\AVG\AVG9\avgtray.exe
1252 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
1344 C:\Program Files\Messenger\msmsgs.exe
1284 C:\WINDOWS\system32\ctfmon.exe
1388 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
844 C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
1784 C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
1872 C:\Program Files\AVG\AVG9\avgwdsvc.exe
168 C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
2020 C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
272 C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
1436 C:\APPS\HIDSERVICE\HidService.exe
408 C:\PROGRA~1\Yahoo!\browser\ycommon.exe
424 C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
388 DllStartupService.exe
96 C:\Program Files\Common Files\Motive\McciCMService.exe
2336 C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
2456 C:\WINDOWS\system32\slmdmsr.exe
2548 C:\WINDOWS\system32\svchost.exe
2516 C:\Program Files\AVG\AVG9\avgnsx.exe
2696 wdfmgr.exe
2820 C:\APPS\Powercinema\Kernel\TV\CLSched.exe
2024 C:\Program Files\Internet Explorer\iexplore.exe
2860 alg.exe
3424 C:\WINDOWS\system32\svchost.exe
3240 C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
1048 C:\Documents and Settings\nan\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`00689600 (NTFS)
PhysicalDrive0 Model Number: HTS424040M9AT00, Rev: MA2OA71A
Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E
Done!
OTL logfile created on: 12/10/2010 12:30:50 - Run 1
OTL by OldTimer - Version 3.2.15.1 Folder = C:\Documents and Settings\nan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
959.00 Mb Total Physical Memory | 388.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 896 896 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.25 Gb Total Space | 19.70 Gb Free Space | 59.27% Space Free | Partition Type: NTFS
Computer Name: NAN | User Name: nan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
========== Processes (SafeList) ==========
PRC - [2010/10/12 12:28:37 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nan\Desktop\OTL.exe
PRC - [2010/10/04 17:06:52 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/09/23 09:33:00 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/08/12 1836 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/08/12 18
PRC - [2010/08/12 18
PRC - [2010/08/12 18:55:27 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/05/11 23:38:28 | 001,548,288 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
PRC - [2008/08/28 20:33:03 | 001,516,032 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
PRC - [2008/07/07 14:14:40 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
PRC - [2008/06/10 05:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/06/10 05:27:03 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/06 14:49:12 | 000,081,920 | R--- | M] (Orb Networks) -- C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe
PRC - [2008/01/07 19:10:30 | 000,210,200 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2007/07/21 10:55:15 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
PRC - [2007/06/26 13:48:14 | 000,509,224 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\YOP\yop.exe
PRC - [2007/02/16 12:20:32 | 000,628,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Yahoo!\YOP\SSDK02.exe
PRC - [2006/02/02 16:59:32 | 000,192,512 | ---- | M] () -- C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
PRC - [2005/08/23 16:51:58 | 000,221,184 | R--- | M] () -- C:\WINDOWS\system32\drivers\Icon.exe
PRC - [2005/08/17 19:39:58 | 000,090,112 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/05/11 14:52:04 | 000,737,381 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
PRC - [2005/05/11 14:52:00 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
PRC - [2005/05/11 14:50:34 | 000,110,672 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
PRC - [2005/05/11 14:50:14 | 000,221,266 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
PRC - [2005/05/11 14:48:02 | 000,127,118 | ---- | M] (CyberLink Corp.) -- C:\APPS\Powercinema\PCMService.exe
PRC - [2005/05/10 20:53:26 | 000,061,440 | ---- | M] ( ) -- C:\WINDOWS\system32\slmdmsr.exe
PRC - [2005/03/10 19:44:34 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/01/11 08:33:00 | 000,143,360 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe
PRC - [2005/01/07 12:01:52 | 000,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe
PRC - [2004/10/22 12:53:00 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2004/04/08 09:38:26 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2003/12/17 17:50:44 | 000,028,672 | R--- | M] () -- C:\WINDOWS\system32\drivers\STDSB.exe
========== Modules (SafeList) ==========
MOD - [2010/10/12 12:28:37 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nan\Desktop\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/12 18:55:27 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/03/06 14:49:12 | 000,081,920 | R--- | M] (Orb Networks) [Auto | Running] -- C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe -- (KodakDigitalDisplayService)
SRV - [2005/05/11 14:52:00 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/05/11 14:50:34 | 000,110,672 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005/05/11 14:50:14 | 000,221,266 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2005/05/10 20:53:26 | 000,061,440 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\slmdmsr.exe -- (SLService)
SRV - [2005/01/07 12:01:52 | 000,049,152 | ---- | M] () [Auto | Running] -- c:\APPS\HIDSERVICE\HidService.exe -- (GenericHidService)
SRV - [2004/04/08 09:38:26 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/05/19 16:07:38 | 000,086,016 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - [2010/08/12 18:57:58 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/08/12 18:57:57 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/08/12 18
DRV - [2009/05/11 23:38:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/05/11 23:38:23 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2006/07/24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005/08/25 16:00:16 | 000,011,279 | R--- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\STDSB.sys -- (STDSB)
DRV - [2005/08/25 16:00:16 | 000,011,279 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\STDSB.sys -- (MTC0007_STDSB)
DRV - [2005/08/19 18:31:52 | 003,644,800 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/06/21 12:59:50 | 001,464,912 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SLDRV\mtlstrm.sys -- (Mtlstrm)
DRV - [2005/05/10 20:31:42 | 000,698,848 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SLDRV\slntamr.sys -- (Slntamr)
DRV - [2005/05/10 20:28:18 | 000,014,680 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SLDRV\RecAgent.sys -- (RecAgent)
DRV - [2005/05/10 20:25:50 | 000,237,616 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SLDRV\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2005/05/10 20:20:58 | 000,101,328 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SLDRV\slnthal.sys -- (SlNtHal)
DRV - [2005/05/10 20:09:50 | 000,013,248 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SLDRV\slwdmsup.sys -- (SlWdmSup)
DRV - [2005/03/10 19:31:40 | 000,189,408 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/02/23 20:46:00 | 000,228,992 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)
DRV - [2004/12/28 05:30:40 | 000,449,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = Yahoo! SearchBar Home Page
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Search - Web Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = 127.0.0.1
O1 HOSTS File: ([2004/08/04 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\s wg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\BT Home Hub\Help\SmartBridge\BTHelpNotifier.exe (Motive)
O4 - HKLM..\Run: [PCMService] c:\Apps\Powercinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UtiliSync] C:\Program Files\disgo UtiliSync\UtiliSyncServ.exe File not found
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [YOP] C:\Program Files\Yahoo!\YOP\yop.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (Google Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O15 - HKCU\..Trusted Domains: //@install.mar@/ ([]msni in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/LSSupCtl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} Java Plug-in Technology (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\nan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\nan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)
========== Files/Folders - Created Within 90 Days ==========
[2010/10/12 12:28:32 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\nan\Desktop\OTL.exe
[2010/10/11 18:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nan\Application Data\Malwarebytes
[2010/10/11 18:47:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/11 18:47:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/11 18:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/11 18:47:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/11 18:42:28 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\nan\Desktop\mbam-setup.exe
[2010/10/11 18:30:34 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\nan\Desktop\TFC.exe
[2010/10/09 11:43:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AMMYY
[2010/08/18 17:18:27 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/08/12 18:58:20 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/08/12 18:57:58 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/08/12 18:57:49 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/08/12 18:57:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/08/12 18
[2010/08/12 18:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/08/12 18:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2005/11/25 20:11:58 | 000,015,000 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
========== Files - Modified Within 90 Days ==========
[2010/10/12 12:28:37 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nan\Desktop\OTL.exe
[2010/10/12 12:14:13 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\nan\Desktop\MBRCheck.exe
[2010/10/12 09:27:54 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\nan\Desktop\f6ylkryn.exe
[2010/10/11 19:08:06 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/10/11 19:04:12 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/11 19:02:28 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/11 19:01:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/11 19:01:51 | 1006,157,824 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/11 18:47:06 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/11 18:42:28 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\nan\Desktop\mbam-setup.exe
[2010/10/11 18:30:35 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nan\Desktop\TFC.exe
[2010/10/11 18:24:28 | 065,970,613 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/08 21:45:00 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\nan\My Documents\Notice 4.doc
[2010/10/08 21:34:57 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\nan\My Documents\Notice 3.doc
[2010/10/08 21:25:21 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\nan\My Documents\Notice 2.doc
[2010/10/08 21:17:09 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\nan\My Documents\Notice 1 Brunch.doc
[2010/10/07 21:17:21 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\nan\My Documents\Copy of LWEYA LINK.doc
[2010/10/06 21:26:24 | 003,609,358 | ---- | M] () -- C:\Documents and Settings\nan\My Documents\No 4.JPG
[2010/10/06 21:25:06 | 003,414,293 | ---- | M] () -- C:\Documents and Settings\nan\My Documents\No 3.JPG
[2010/10/06 21:22:24 | 003,078,626 | ---- | M] () -- C:\Documents and Settings\nan\My Documents\No 2.JPG
[2010/10/06 21:20:49 | 002,870,015 | ---- | M] () -- C:\Documents and Settings\nan\My Documents\New Image.JPG
[2010/10/06 11:03:45 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/06 11:03:45 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/15 22:26:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/03 07:53:36 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\nan\My Documents\ALLOC Sept 2010.doc
[2010/08/15 17:19:06 | 000,063,917 | ---- | M] () -- C:\Documents and Settings\nan\My Documents\Cof S Child Protection Pack.pdf
[2010/08/13 07:44:58 | 000,196,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 18:58:24 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/08/12 18:58:23 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/08/12 18:57:58 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/08/12 18:57:57 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/08/12 18:57:49 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/08/12 18
[2010/08/07 23:31:25 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\nan\My Documents\MONIES FOR MUKUNDI PROJECT.doc
[2010/07/31 23:41:04 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\nan\My Documents\Results Sheet.xls
========== Files Created - No Company Name ==========
[2010/10/12 12:14:13 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\nan\Desktop\MBRCheck.exe
[2010/10/12 09:27:54 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\nan\Desktop\f6ylkryn.exe
[2010/10/11 18:47:06 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/08 21:44:59 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\nan\My Documents\Notice 4.doc
[2010/10/08 21:34:56 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\nan\My Documents\Notice 3.doc
[2010/10/08 21:25:20 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\nan\My Documents\Notice 2.doc
[2010/10/08 21:17:09 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\nan\My Documents\Notice 1 Brunch.doc
[2010/10/07 21:02:30 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\nan\My Documents\Copy of LWEYA LINK.doc
[2010/10/06 21:26:22 | 003,609,358 | ---- | C] () -- C:\Documents and Settings\nan\My Documents\No 4.JPG
[2010/10/06 21:25:05 | 003,414,293 | ---- | C] () -- C:\Documents and Settings\nan\My Documents\No 3.JPG
[2010/10/06 21:22:22 | 003,078,626 | ---- | C] () -- C:\Documents and Settings\nan\My Documents\No 2.JPG
[2010/10/06 21:20:47 | 002,870,015 | ---- | C] () -- C:\Documents and Settings\nan\My Documents\New Image.JPG
[2010/08/26 22:51:07 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\nan\My Documents\ALLOC Sept 2010.doc
[2010/08/15 17:19:06 | 000,063,917 | ---- | C] () -- C:\Documents and Settings\nan\My Documents\Cof S Child Protection Pack.pdf
[2010/08/12 18:58:24 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/08/12 18:57:49 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/08/12 18:57:32 | 065,970,613 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/07 17:19:18 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\nan\My Documents\MONIES FOR MUKUNDI PROJECT.doc
[2010/05/04 20
[2008/12/25 19:54:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/12/25 19:48:54 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/07/30 10:19:13 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/07/30 10:12:28 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
[2006/04/15 13:53:33 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/04/04 19:50:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/25 20:50:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/25 20:22:01 | 000,007,584 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2005/11/25 20:15:11 | 000,000,514 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2005/11/25 20:13:12 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2005/11/25 20:11:58 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2005/11/25 20:11:58 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2005/11/25 20:01:21 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\slmdmsp.dll
[2005/11/25 20:01:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\slmdmgx.dll
[2005/11/25 20:01:21 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\slmdmco.dll
[2005/11/25 19:59:49 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/11/25 19:57:26 | 000,011,279 | R--- | C] () -- C:\WINDOWS\System32\drivers\STDSB.sys
[2005/11/25 19:57:26 | 000,003,584 | R--- | C] () -- C:\WINDOWS\System32\drivers\mxkeybd.dll
[2005/11/25 19:57:25 | 000,001,495 | R--- | C] () -- C:\WINDOWS\System32\drivers\HotKey.ini
[2005/05/20 15:05:02 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 18:13:32 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 17:48:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/06/23 14:14:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[1999/01/22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1980/01/01 01:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
========== LOP Check ==========
[2010/10/09 11:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AMMYY
[2010/08/12 18:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/07/30 10:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/02/10 18:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2009/02/10 18:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2008/12/27 18:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KEDDS
[2005/11/25 20:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OD2
[2008/12/25 18:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2008/07/30 10:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2005/11/25 20:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/09/30 08:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nan\Application Data\BT
[2008/09/21 16:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nan\Application Data\EPSON
[2006/04/04 20:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nan\Application Data\Leadertech
[2006/03/26 17:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nan\Application Data\OD2
[2008/11/24 20:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nan\Application Data\Skinux
[2010/10/11 19:08:06 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job
[2006/03/26 17:36:18 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job
[2006/03/26 17:36:18 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2006/03/26 17:36:19 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2005/11/25 20:06:40 | 000,000,210 | RHS- | M] () -- C:\BOOT.BAK
[2006/03/26 17:37:51 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2004/08/04 15:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2005/11/25 20:42:46 | 000,005,808 | ---- | M] () -- C:\DWNLOG.TXT
[2010/10/11 19:01:51 | 1006,157,824 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/17 21:50:04 | 000,273,920 | ---- | M] () -- C:\international_payments_form.doc
[2005/11/25 20:12:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/11/25 20:24:56 | 000,000,870 | -H-- | M] () -- C:\IPH.PH
[2009/08/26 17:37:47 | 000,042,945 | ---- | M] () -- C:\lxcr.log
[2009/08/26 17:37:38 | 004,456,090 | ---- | M] () -- C:\lxcrscan.log
[2005/11/25 20:12:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 15:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/08 08:40:01 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/11 19:01:48 | 939,524,096 | -HS- | M] () -- C:\pagefile.sys
[2005/09/23 12:46:12 | 000,000,095 | ---- | M] () -- C:\SAUDIT.TXT
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2004/08/10 17:58:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfil terpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2004/08/10 17:46:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 17:46:06 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 17:46:06 | 000,847,872 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/10/08 08:50:26 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
[2004/06/09 15:26:16 | 000,005,120 | ---- | M] () -- C:\WINDOWS\system32\THUMBS.DB
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/03/26 17:37:08 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\nan\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/10 18:04:54 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\nan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
< %USERPROFILE%\Desktop\*.exe >
[2010/10/12 09:27:54 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\nan\Desktop\f6ylkryn.exe
[2010/10/11 18:42:28 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\nan\Desktop\mbam-setup.exe
[2010/10/12 12:14:13 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\nan\Desktop\MBRCheck.exe
[2010/10/12 12:28:37 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nan\Desktop\OTL.exe
[2010/10/11 18:30:35 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nan\Desktop\TFC.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2006/03/26 17:37:07 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\nan\Favorites\Desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
[2010/10/11 19:07:07 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\nan\Cookies\index.dat
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
[2004/08/11 02:45:04 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
[2008/04/14 01:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 15:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 18:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 01:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 02:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 02:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 02:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
OTL Extras logfile created on: 12/10/2010 12:30:50 - Run 1
OTL by OldTimer - Version 3.2.15.1 Folder = C:\Documents and Settings\nan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
959.00 Mb Total Physical Memory | 388.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 896 896 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.25 Gb Total Space | 19.70 Gb Free Space | 59.27% Space Free | Partition Type: NTFS
Computer Name: NAN | User Name: nan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"%ProgramFiles%\AOL 9.0\aol.exe" = %ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL -- (America Online, Inc.)
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe" = %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA -- File not found
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe" = %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA -- File not found
"C:\APPS\Powercinema\PowerCinema.exe" = C:\APPS\Powercinema\PowerCinema.exe:*:Enabled:Powe rCinema -- (CyberLink Corp.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
"C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo ! FT Server -- File not found
"C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediM ail -- File not found
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:Incred iMail -- File not found
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:Incredi Mail -- File not found
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2B43252C-A1E3-4C47-927C-9F2C276D3515}" = S3GSetup
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EBC0693-0A27-4B50-90A1-A8B688911C7A}" = Samsung PC Studio 3
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{7E91306C-899F-45F3-B5E9-4B480A27A63D}" = Tiger Woods PGA TOUR 2004
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C7B99334-41CC-445A-AF7B-A210691A72AD}" = KEDDS
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG9Uninstall" = AVG Free 9.0
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BT Broadband Talk Softphone Frontier_is1" = BT Broadband Talk Softphone 2.0
"BT Home Hub" = BT Home Hub
"BT Wireless Connection Manager" = BT Wireless Connection Manager
"BT Yahoo! Applications" = BT Yahoo! Applications
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CX4300_5500_DX4400 manual" = CX4300_5500_DX4400 manual
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SLAMRMO" = Smart Link 56K Modem
"VIA/S3G UniChrome Family Win2K/XP Display" = VIA/S3G Display Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30/09/2010 12:12:59 | Computer Name = NAN | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 30/09/2010 15:32:15 | Computer Name = NAN | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 30/09/2010 16:16:49 | Computer Name = NAN | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 30/09/2010 16:50:32 | Computer Name = NAN | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 03/10/2010 12:05:57 | Computer Name = NAN | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 03/10/2010 12:13:12 | Computer Name = NAN | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 05/10/2010 12:41:22 | Computer Name = NAN | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 08/10/2010 05:41:37 | Computer Name = NAN | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 09/10/2010 06:44:54 | Computer Name = NAN | Source = Application Hang | ID = 1002
Description = Hanging application AMMYY_Admin[1].exe, version 2.12.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 12/10/2010 07:16:55 | Computer Name = NAN | Source = Application Error | ID = 1000
Description = Faulting application mbrcheck.exe, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x00000000.
[ System Events ]
Error - 11/10/2010 13:31:27 | Computer Name = NAN | Source = Service Control Manager | ID = 7031
Description = The AVG Free WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.
Error - 11/10/2010 13:31:27 | Computer Name = NAN | Source = Service Control Manager | ID = 7034
Description = The CyberLink Media Library Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 11/10/2010 13:31:27 | Computer Name = NAN | Source = Service Control Manager | ID = 7034
Description = The Generic Service for HID Keyboard Input Collections service terminated
unexpectedly. It has done this 1 time(s).
Error - 11/10/2010 13:31:27 | Computer Name = NAN | Source = Service Control Manager | ID = 7034
Description = The McciCMService service terminated unexpectedly. It has done this
1 time(s).
Error - 11/10/2010 13:31:28 | Computer Name = NAN | Source = Service Control Manager | ID = 7034
Description = The SmartLinkService service terminated unexpectedly. It has done
this 1 time(s).
Error - 11/10/2010 13:31:28 | Computer Name = NAN | Source = Service Control Manager | ID = 7034
Description = The CyberLink Task Scheduler (CTS) service terminated unexpectedly.
It has done this 1 time(s).
Error - 11/10/2010 13:37:27 | Computer Name = NAN | Source = Service Control Manager | ID = 7000
Description = The STDSB service failed to start due to the following error: %%2
Error - 11/10/2010 14:03:26 | Computer Name = NAN | Source = Service Control Manager | ID = 7000
Description = The STDSB service failed to start due to the following error: %%2
Error - 11/10/2010 14:03:26 | Computer Name = NAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
PCIIde
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
Error - 12/10/2010 04:26:18 | Computer Name = NAN | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 0040D086D250 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).
< End of report >
Last edited by jayeskay; 12-10-2010 at 01:06 PM.
Full Member
This is becoming very worrying.
After my neighbour's problems I was telling/warning some friends, and one has phoned in a panic.
He received a phone call from and Indian male saying that he had loads of errors on his PC, and that if he did not pay £400 he would wipe out his machine.
My friend said he would pay no money, and the mouse began to move and all his desktop icons have disappeared, and the PC will not boot.
I advised him to phone the police, and they referred him to Trading Standards who confimed that this is a big scam.
My friend then recalled that he received a phone call last week from an Indian woman saying she was from BT and he needed to upgrade his BT software - which he did.
As my neighbour, my friend was told to go to www{dot}ammyy{dot}com
Please be aware.
Last edited by jayeskay; 12-10-2010 at 05:25 PM.
Senior Member
Good moveI advised him to phone the police
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Full Member
ComboFix 10-10-12.03 - NAN 13/10/2010 11:03:05.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.959.522 [GMT 1:00]
Running from: c:\documents and settings\NAN\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\eicon.txt
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((( Files Created from 2010-09-13 to 2010-10-13 )))))))))))))))))))))))))))))))
.
2010-10-12 08:14 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-10-12 08:14 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2010-10-11 17:47 . 2010-10-11 17:47 -------- d-----w- c:\documents and settings\NAN\Application Data\Malwarebytes
2010-10-11 17:47 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 17:47 . 2010-10-11 17:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-11 17:47 . 2010-10-11 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-11 17:47 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-09 10:43 . 2010-10-09 10:44 -------- d-----w- c:\documents and settings\All Users\Application Data\AMMYY
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-21 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-04 455168]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 688218]
"VTTimer"="VTTimer.exe" [2004-10-22 53248]
"VTTrayp"="VTtrayp.exe" [2005-01-11 143360]
"STDSB"="c:\windows\system32\drivers\STDSB.exe " [2003-12-17 28672]
"Icon"="c:\windows\system32\drivers\Icon.exe" [2005-08-23 221184]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 90112]
"PCMService"="c:\apps\Powercinema\PCMService.e xe" [2005-05-11 127118]
"Motive SmartBridge"="c:\progra~1\BTHOME~1\Help\SMARTB~1\B THelpNotifier.exe" [2006-02-06 462935]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2007-06-26 509224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-05-11 1548288]
"btbb_wcm_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe" [2008-08-28 1516032]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BT Broadband Desktop Help.lnk - c:\program files\BT Home Hub\Help\bin\matcli.exe [2007-8-18 217088]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe [2008-7-7 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-08-12 17:58 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\APPS\\Powercinema\\PowerCinema.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/08/2010 18:57 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/08/2010 18:56 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/08/2010 18:55 308136]
R2 KodakDigitalDisplayService;KodakDigitalDisplayServ ice;c:\program files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [06/03/2008 14:49 81920]
R2 MTC0007_STDSB;Scroll Bar Driver;c:\windows\system32\drivers\STDSB.sys [25/11/2005 19:57 11279]
S2 STDSB;STDSB;c:\windows\system32\drivers\STDSB.sys [25/11/2005 19:57 11279]
.
Contents of the 'Scheduled Tasks' folder
2010-10-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-21 19:40]
2006-03-26 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 00:12]
2006-03-26 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 00:12]
2006-03-26 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*Yahoo! SearchBar Home Page
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*Yahoo! Search - Web Search
Trusted Zone: motive.com\pbttbc.bt
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-UtiliSync - c:\program files\disgo UtiliSync\UtiliSyncServ.exe
.
Completion time: 2010-10-13 11:13:16
ComboFix-quarantined-files.txt 2010-10-13 10:13
Pre-Run: 20,968,280,064 bytes free
Post-Run: 21,026,820,096 bytes free
- - End Of File - - CDF421D156B4E6B9212D635F3F625A22
Senior Member
Looks good
Re-run OTL "Quick scan" and post fresh log.
Full Member
OTL without the customscan parameters.
OTL logfile created on: 14/10/2010 00:54:52 - Run 3
OTL by OldTimer - Version 3.2.15.1 Folder = C:\Documents and Settings\NAN\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
959.00 Mb Total Physical Memory | 511.00 Mb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 896 896 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.25 Gb Total Space | 19.58 Gb Free Space | 58.90% Space Free | Partition Type: NTFS
Computer Name: NAN | User Name: NAN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
========== Processes (SafeList) ==========
PRC - [2010/10/12 12:28:37 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NAN\Desktop\OTL.exe
PRC - [2010/10/04 17:06:52 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/09/23 09:33:00 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/08/12 18
PRC - [2010/08/12 18
PRC - [2010/08/12 18
PRC - [2010/08/12 18:55:27 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/05/11 23:38:28 | 001,548,288 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
PRC - [2008/08/28 20:33:03 | 001,516,032 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
PRC - [2008/07/07 14:14:40 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
PRC - [2008/06/10 05:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/06/10 05:27:03 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/06 14:49:12 | 000,081,920 | R--- | M] (Orb Networks) -- C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe
PRC - [2008/01/07 19:10:30 | 000,210,200 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2007/07/21 10:55:15 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
PRC - [2007/06/26 13:48:14 | 000,509,224 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\YOP\yop.exe
PRC - [2007/02/16 12:20:32 | 000,628,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Yahoo!\YOP\SSDK02.exe
PRC - [2006/02/02 16:59:32 | 000,192,512 | ---- | M] () -- C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
PRC - [2005/08/23 16:51:58 | 000,221,184 | R--- | M] () -- C:\WINDOWS\system32\drivers\Icon.exe
PRC - [2005/08/17 19:39:58 | 000,090,112 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/05/11 14:52:04 | 000,737,381 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
PRC - [2005/05/11 14:52:00 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
PRC - [2005/05/11 14:50:34 | 000,110,672 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
PRC - [2005/05/11 14:50:14 | 000,221,266 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
PRC - [2005/05/11 14:48:02 | 000,127,118 | ---- | M] (CyberLink Corp.) -- C:\APPS\Powercinema\PCMService.exe
PRC - [2005/05/10 20:53:26 | 000,061,440 | ---- | M] ( ) -- C:\WINDOWS\system32\slmdmsr.exe
PRC - [2005/03/10 19:44:34 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/01/11 08:33:00 | 000,143,360 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe
PRC - [2005/01/07 12:01:52 | 000,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe
PRC - [2004/10/22 12:53:00 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2004/04/08 09:38:26 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2003/12/17 17:50:44 | 000,028,672 | R--- | M] () -- C:\WINDOWS\system32\drivers\STDSB.exe
========== Modules (SafeList) ==========
MOD - [2010/10/12 12:28:37 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NAN\Desktop\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/12 18:55:27 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/03/06 14:49:12 | 000,081,920 | R--- | M] (Orb Networks) [Auto | Running] -- C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe -- (KodakDigitalDisplayService)
SRV - [2005/05/11 14:52:00 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/05/11 14:50:34 | 000,110,672 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005/05/11 14:50:14 | 000,221,266 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2005/05/10 20:53:26 | 000,061,440 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\slmdmsr.exe -- (SLService)
SRV - [2005/01/07 12:01:52 | 000,049,152 | ---- | M] () [Auto | Running] -- c:\APPS\HIDSERVICE\HidService.exe -- (GenericHidService)
SRV - [2004/04/08 09:38:26 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/05/19 16:07:38 | 000,086,016 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\NANBOY~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/08/12 18:57:58 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/08/12 18:57:57 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/08/12 18
DRV - [2009/05/11 23:38:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/05/11 23:38:23 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2006/07/24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005/08/25 16:00:16 | 000,011,279 | R--- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\STDSB.sys -- (STDSB)
DRV - [2005/08/25 16:00:16 | 000,011,279 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\STDSB.sys -- (MTC0007_STDSB)
DRV - [2005/08/19 18:31:52 | 003,644,800 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/06/21 12:59:50 | 001,464,912 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SLDRV\mtlstrm.sys -- (Mtlstrm)
DRV - [2005/05/10 20:31:42 | 000,698,848 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SLDRV\slntamr.sys -- (Slntamr)
DRV - [2005/05/10 20:28:18 | 000,014,680 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SLDRV\RecAgent.sys -- (RecAgent)
DRV - [2005/05/10 20:25:50 | 000,237,616 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SLDRV\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2005/05/10 20:20:58 | 000,101,328 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SLDRV\slnthal.sys -- (SlNtHal)
DRV - [2005/05/10 20:09:50 | 000,013,248 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SLDRV\slwdmsup.sys -- (SlWdmSup)
DRV - [2005/03/10 19:31:40 | 000,189,408 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/02/23 20:46:00 | 000,228,992 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)
DRV - [2004/12/28 05:30:40 | 000,449,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = Yahoo! SearchBar Home Page
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = 127.0.0.1
O1 HOSTS File: ([2010/10/13 11:09:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\s wg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\BT Home Hub\Help\SmartBridge\BTHelpNotifier.exe (Motive)
O4 - HKLM..\Run: [PCMService] c:\Apps\Powercinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [YOP] C:\Program Files\Yahoo!\YOP\yop.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O15 - HKCU\..Trusted Domains: //@install.mar@/ ([]msni in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/LSSupCtl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} Java Plug-in Technology (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\NAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\NAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/10/14 00:45:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/13 11:13:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/13 11:00:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/13 11:00:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/13 11:00:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/13 11:00:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/13 11:00:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/13 11:00:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/12 12:28:32 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\NAN\Desktop\OTL.exe
[2010/10/11 18:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NAN\Application Data\Malwarebytes
[2010/10/11 18:47:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/11 18:47:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/11 18:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/11 18:47:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/11 18:42:28 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\NAN\Desktop\mbam-setup.exe
[2010/10/11 18:30:34 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\NAN\Desktop\TFC.exe
[2010/10/09 11:43:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AMMYY
[2010/08/18 17:18:27 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/08/12 18:58:20 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/08/12 18:57:58 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/08/12 18:57:49 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/08/12 18:57:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/08/12 18
[2010/08/12 18:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/08/12 18:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2005/11/25 20:11:58 | 000,015,000 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
========== Files - Modified Within 90 Days ==========
[2010/10/14 00:50:47 | 066,261,925 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/14 00:47:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/14 00:45:24 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/14 00:44:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/14 00:44:49 | 1006,157,824 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/13 11:09:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/13 10:59:48 | 003,878,092 | R--- | M] () -- C:\Documents and Settings\NAN\Desktop\ComboFix.exe
[2010/10/12 12:28:37 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NAN\Desktop\OTL.exe
[2010/10/12 12:14:13 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\NAN\Desktop\MBRCheck.exe
[2010/10/12 09:27:54 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\NAN\Desktop\f6ylkryn.exe
[2010/10/11 18:47:06 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/11 18:42:28 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\NAN\Desktop\mbam-setup.exe
[2010/10/11 18:30:35 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NAN\Desktop\TFC.exe
[2010/10/08 21:45:00 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\NAN\My Documents\Notice 4.doc
[2010/10/08 21:34:57 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\NAN\My Documents\Notice 3.doc
[2010/10/08 21:25:21 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\NAN\My Documents\Notice 2.doc
[2010/10/08 21:17:09 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\NAN\My Documents\Notice 1 Brunch.doc
[2010/10/07 21:17:21 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\NAN\My Documents\Copy of LWEYA LINK.doc
[2010/10/06 21:26:24 | 003,609,358 | ---- | M] () -- C:\Documents and Settings\NAN\My Documents\No 4.JPG
[2010/10/06 21:25:06 | 003,414,293 | ---- | M] () -- C:\Documents and Settings\NAN\My Documents\No 3.JPG
[2010/10/06 21:22:24 | 003,078,626 | ---- | M] () -- C:\Documents and Settings\NAN\My Documents\No 2.JPG
[2010/10/06 21:20:49 | 002,870,015 | ---- | M] () -- C:\Documents and Settings\NAN\My Documents\New Image.JPG
[2010/10/06 11:03:45 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/06 11:03:45 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/15 22:26:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/03 07:53:36 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\NAN\My Documents\ALLOC Sept 2010.doc
[2010/08/15 17:19:06 | 000,063,917 | ---- | M] () -- C:\Documents and Settings\NAN\My Documents\Cof S Child Protection Pack.pdf
[2010/08/13 07:44:58 | 000,196,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 18:58:24 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/08/12 18:58:23 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/08/12 18:57:58 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/08/12 18:57:57 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/08/12 18:57:49 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/08/12 18
[2010/08/07 23:31:25 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\NAN\My Documents\MONIES FOR MUKUNDI PROJECT.doc
[2010/07/31 23:41:04 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\NAN\My Documents\Results Sheet.xls
========== Files Created - No Company Name ==========
[2010/10/13 11:00:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/13 11:00:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/13 11:00:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/13 11:00:53 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/13 11:00:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/13 10:59:34 | 003,878,092 | R--- | C] () -- C:\Documents and Settings\NAN\Desktop\ComboFix.exe
[2010/10/12 12:14:13 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\NAN\Desktop\MBRCheck.exe
[2010/10/12 09:27:54 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\NAN\Desktop\f6ylkryn.exe
[2010/10/11 18:47:06 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/08 21:44:59 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\NAN\My Documents\Notice 4.doc
[2010/10/08 21:34:56 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\NAN\My Documents\Notice 3.doc
[2010/10/08 21:25:20 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\NAN\My Documents\Notice 2.doc
[2010/10/08 21:17:09 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\NAN\My Documents\Notice 1 Brunch.doc
[2010/10/07 21:02:30 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\NAN\My Documents\Copy of LWEYA LINK.doc
[2010/10/06 21:26:22 | 003,609,358 | ---- | C] () -- C:\Documents and Settings\NAN\My Documents\No 4.JPG
[2010/10/06 21:25:05 | 003,414,293 | ---- | C] () -- C:\Documents and Settings\NAN\My Documents\No 3.JPG
[2010/10/06 21:22:22 | 003,078,626 | ---- | C] () -- C:\Documents and Settings\NAN\My Documents\No 2.JPG
[2010/10/06 21:20:47 | 002,870,015 | ---- | C] () -- C:\Documents and Settings\NAN\My Documents\New Image.JPG
[2010/08/26 22:51:07 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\NAN\My Documents\ALLOC Sept 2010.doc
[2010/08/15 17:19:06 | 000,063,917 | ---- | C] () -- C:\Documents and Settings\NAN\My Documents\Cof S Child Protection Pack.pdf
[2010/08/12 18:58:24 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/08/12 18:57:49 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/08/12 18:57:32 | 066,261,925 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/07 17:19:18 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\NAN\My Documents\MONIES FOR MUKUNDI PROJECT.doc
[2010/05/04 20
[2008/12/25 19:54:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/12/25 19:48:54 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/07/30 10:19:13 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/07/30 10:12:28 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
[2006/04/15 13:53:33 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/04/04 19:50:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/25 20:50:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/25 20:22:01 | 000,007,584 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2005/11/25 20:15:11 | 000,000,514 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2005/11/25 20:13:12 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2005/11/25 20:11:58 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2005/11/25 20:11:58 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2005/11/25 20:01:21 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\slmdmsp.dll
[2005/11/25 20:01:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\slmdmgx.dll
[2005/11/25 20:01:21 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\slmdmco.dll
[2005/11/25 19:59:49 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/11/25 19:57:26 | 000,011,279 | R--- | C] () -- C:\WINDOWS\System32\drivers\STDSB.sys
[2005/11/25 19:57:26 | 000,003,584 | R--- | C] () -- C:\WINDOWS\System32\drivers\mxkeybd.dll
[2005/11/25 19:57:25 | 000,001,495 | R--- | C] () -- C:\WINDOWS\System32\drivers\HotKey.ini
[2005/05/20 15:05:02 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 18:13:32 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 17:48:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/06/23 14:14:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[1999/01/22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1980/01/01 01:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
========== LOP Check ==========
[2010/10/09 11:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AMMYY
[2010/08/12 18:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/07/30 10:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/02/10 18:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2009/02/10 18:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2008/12/27 18:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KEDDS
[2005/11/25 20:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OD2
[2008/12/25 18:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2008/07/30 10:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2005/11/25 20:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/09/30 08:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAN\Application Data\BT
[2008/09/21 16:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAN\Application Data\EPSON
[2006/04/04 20:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAN\Application Data\Leadertech
[2006/03/26 17:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAN\Application Data\OD2
[2008/11/24 20:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NAN\Application Data\Skinux
[2006/03/26 17:36:18 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job
[2006/03/26 17:36:18 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2006/03/26 17:36:19 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job
========== Purity Check ==========
< End of report >
Senior Member
Update your Java version here: Verify Java Version
Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
Now, we need to remove old Java version and its remnants...
Download JavaRa to your desktop and unzip it to its own folder
- Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
================================================== =================================
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code::OTL PRC - [2007/02/16 12:20:32 | 000,628,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Yahoo!\YOP\SSDK02.exe O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll File not found O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll File not found O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll File not found O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/LSSupCtl.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) [2005/11/25 20:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2006/03/26 17:36:18 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job [2006/03/26 17:36:18 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job [2006/03/26 17:36:19 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job :Services :Reg :Files C:\Program Files\Yahoo!\YOP\SSDK02.exe :Commands [purity] [emptytemp] [emptyflash] [Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
================================================== ========================
Last scans....
1. Download Security Check from HERE, and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
2. Download Temp File Cleaner (TFC)
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
3. Please run a free online scan with the ESET Online Scanner
- Disable your antivirus program
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- IMPORTANT! UN-check Remove found threats
- Accept any security warnings from your browser.
- Check Scan archives
- Click Start
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, push List of found threats
- Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- NOTE. If Eset won't find any threats, it won't produce any log.
Full Member
All processes killed
========== OTL ==========
No active process named SSDK02.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D3 8-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD3 2-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1B F-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC 3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80 C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1B F-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD3 2-C1FB-11D2-892F-0090271D4F88}\ not found.
Starting removal of ActiveX control {1F2F4C9E-6F09-47BC-970D-3C54734667FE}
C:\WINDOWS\Downloaded Program Files\LSSupCtl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1F2F4C9E-6F09-47BC-970D-3C54734667FE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F2F4C9 E-6F09-47BC-970D-3C54734667FE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1F2F4C9E-6F09-47BC-970D-3C54734667FE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F2F4C9 E-6F09-47BC-970D-3C54734667FE}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\WINDOWS\Tasks\Registration reminder 1.job moved successfully.
C:\WINDOWS\Tasks\Registration reminder 2.job moved successfully.
C:\WINDOWS\Tasks\Registration reminder 3.job moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Yahoo!\YOP\SSDK02.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: kodak
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NAN
->Temp folder emptied: 9282454 bytes
->Temporary Internet Files folder emptied: 11791244 bytes
->Java cache emptied: 1970 bytes
->Flash cache emptied: 405 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Owner
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 165418 bytes
Total Files Cleaned = 20.00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: kodak
User: LocalService
User: NAN
->Flash cache emptied: 0 bytes
User: NetworkService
User: Owner
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.15.1 log created on 10142010_185842
Files\Folders moved on Reboot...
C:\Documents and Settings\kodak\Local Settings\Temp\Perflib_Perfdata_12c.dat moved successfully.
Registry entries deleted on Reboot...
Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG Free 9.0
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
No log from ESET
