Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Analyze HJT Logfile for server access failure causes

(In Progress)
(!)

Cookiegal's Avatar
Administrator & Malware Removal Specialist with 98,408 posts.
 
Join Date: Aug 2003
28-Dec-2009, 01:19 PM #76
I'm sorry about the confusion regarding NIS. I was reading another person's log by mistake.

Go to Start - Run - type CMD and click OK to open a command prompt (black DOS type screen).

At the prompt type the following exactly as written (be sure to include the space):

REGSVR32 APPWIZ.CPL

Then reboot the machine and let me know if you can see Add/Remove programs now in the Control Panel.

Also, please do the following:

Download the Registry Search Tool By Bobbi Flekman from the following link to your desktop:

http://www.bleepingcomputer.com/files/regsearch.php

Unzip it and double click on the RegSearch.exe to run it. If your antivirus interferes you may have to disable script blocking in the antivirus. Copy and Paste the following in the search box and then click OK:

F245A209-1085-48B4-B927-35D56015EC60

Copy and paste the results here please.

Do the same thing again using this search input:

829BDA32-94B3-44F4-8446-F8FCFF809F8B

Copy and paste the results here as well please.
__________________
Microsoft MVP - Consumer Security
SeaSalt's Avatar
SeaSalt SeaSalt is offline
Computer Specs
Member with 56 posts.
THREAD STARTER
 
Join Date: Oct 2009
Experience: Intermediate and below...
29-Dec-2009, 06:11 AM #77
CookieGal,

Ran your instructions and could not re-establish "Add/Remove program" to my Laptop.
Was able to download regsearch and launch it - TWICE!
The first time, I entered the string:
F245A209-1085-48B4-B927-35D56015EC60
The resultant Notepad is:
Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman 2005
; Version: 2.0.6.0

; Results at 12/29/2009 12:38:58 AM for strings:
; 'f245a209-1085-48b4-b927-35d56015ec60'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...
==============================

The second time, I entered the string:
829BDA32-94B3-44F4-8446-F8FCFF809F8B
The resultant Notepad is:

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman 2005
; Version: 2.0.6.0

; Results at 12/29/2009 1:37:41 AM for strings:
; '829bda32-94b3-44f4-8446-f8fcff809f8b'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...
===================================

So, the two notepad files are included and the one screen capture showing the message from the attempt to re-establish Add/Remove Programs.

Look forward to hearing from boy soon.


Moses went away again for more help .....

Hez
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 98,408 posts.
 
Join Date: Aug 2003
30-Dec-2009, 03:03 PM #78
There is some white space in the list so I can't see if you have something called Programs and Features? That's what it's called in Vista.
SeaSalt's Avatar
SeaSalt SeaSalt is offline
Computer Specs
Member with 56 posts.
THREAD STARTER
 
Join Date: Oct 2009
Experience: Intermediate and below...
31-Dec-2009, 09:57 PM #79
CookieGal,

First of all, HAPPY NEW YEAR!!!! Ella and I hope all is well for you and yours!

In your response, I'm not clear to which you're referring when you say "white space in the list". I changed to the Category View for the Control Panel and captured the screen. There is no "programs and features" listing.
As usual, I've attached an MS Paint file with the screen capture pasted in it to show what the control panel categories are.
Were the results of the two "Registry Search Tool" searches properly listed in what I pasted in my last response/posting?
Looking forward to hearing from you in 2010 for guidances.

SeaSalt
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 98,408 posts.
 
Join Date: Aug 2003
01-Jan-2010, 07:51 PM #80
That one is not the same as the previous one you posted. If you look at the earlier one, there is a white block of space in the list so you can't see what's underneath.

But in the second one, I see Programs - Uninstall a Program listed there.
SeaSalt's Avatar
SeaSalt SeaSalt is offline
Computer Specs
Member with 56 posts.
THREAD STARTER
 
Join Date: Oct 2009
Experience: Intermediate and below...
02-Jan-2010, 01:14 PM #81
CookieGal,

Happy 2010!!!!

My unfamiliarity with the Vista version of Add/Remove Pgms is the problem I had.

I found the uninstall program for Vista's control panel and in the listing, I only saw a newer version of Java (Java(TM) 6 Update 16).
There was no Java2 Runtime Environment, SE v1.4.1_02 shown.
I've captured the "uninstall or change a program" screen in control panel and attached it as my usual MS Paint jpeg file.
Do you see anything I may have missed? I hope so.

Awaiting your next communique.

Seasalt
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 98,408 posts.
 
Join Date: Aug 2003
02-Jan-2010, 04:12 PM #82
OK, let's try ComboFix again. Drag and drop the program to the recycle bin and download the latest version.

Please visit Combofix Guide & Instructions for instructions for downloading and running ComboFix.
SeaSalt's Avatar
SeaSalt SeaSalt is offline
Computer Specs
Member with 56 posts.
THREAD STARTER
 
Join Date: Oct 2009
Experience: Intermediate and below...
06-Jan-2010, 01:53 AM #83
CookieGal,

I've been wondering if I should run ComboFix with or without the rename of Puppy.

Please let me know if the renaming is no longer desired.

If that is the case, I'll run it as originally named (combofix).

I've already downloaded the latest (after deleting the first one we d/l'ed in October).

Thanks in advance..............SeaSalt ... waiting to hit the ground running......!
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 98,408 posts.
 
Join Date: Aug 2003
06-Jan-2010, 07:38 PM #84
Let's try it without renaming this time.
SeaSalt's Avatar
SeaSalt SeaSalt is offline
Computer Specs
Member with 56 posts.
THREAD STARTER
 
Join Date: Oct 2009
Experience: Intermediate and below...
07-Jan-2010, 01:03 PM #85
CookieGal,

I printed out the instructions for ComboFix and, in running the program, ran into the same AVG and ZoneAlarm issues/warnings.

Should I go thru the removal process we used in the past for AVG? Also, I have not re-installed ZONEALARM so I don't know the issue in the warning for that.

I did a screen capture for both warnings and have attached them.
I terminated the running of ComboFix after the second warning.

Where do I go from here?

Thanks for your patience for this ........

Seasalt
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 98,408 posts.
 
Join Date: Aug 2003
09-Jan-2010, 03:41 PM #86
Download this ZoneAlarm removal tool and save it to your desktop.

http://download.zonealarm.com/bin/fr...cpes_clean.exe

Boot to safe mode and run the tool as well as the AVG removal tool you already have.

Reboot back to windows normally and then try ComboFix again.
SeaSalt's Avatar
SeaSalt SeaSalt is offline
Computer Specs
Member with 56 posts.
THREAD STARTER
 
Join Date: Oct 2009
Experience: Intermediate and below...
16-Jan-2010, 12:00 PM #87
CookieGal,

THIS POST WAS TOO LONG (60171 CHARACTERS)! I WILL DIVIDE IT INTO TWO POSTS.

I was able to run the removal tool for ZoneAlarm without any apparent problems, but not AVG.
However, when I later ran ComboFix, the exact same message about detecting AVG AND ZONEALARM came up.
When I tried to run the removal tool (cpes_clean) for AVG, I got the following:
"This application has failed to start because VSUTIL.dll was not found. Re-installing the application may fix this problem." I CLICKED OK.

Next message popped up immediately:
"A restart is required to complete the removal of Endpoint Security." I clicked OK.
See the attached MS Paint file of screenshots.

Below I am attaching the logfile generated when I ran the (OTS) ZoneAlarm removal tool. All appeared to run O.K.

Where do I go next? Thank you for your sticking in there/here with me!

Seasalt

====================
[code]
OTS logfile created on: 11/1/2009 11:52:13 PM - Run 1
OTS by OldTimer - Version 3.1.2.1 Folder = C:\Users\Boltons\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 68.42% Memory free
4.00 Gb Paging File | 3.44 Gb Available in Paging File | 86.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.82 Gb Total Space | 95.80 Gb Free Space | 43.00% Space Free | Partition Type: NTFS
Drive D: | 10.07 Gb Total Space | 1.08 Gb Free Space | 10.74% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOLTONS-PC
Current User Name: Boltons
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Users\Boltons\Desktop\OTS.exe -> [2009/11/01 23:45:14 | 00,524,800 | ---- | M] (OldTimer Tools)
jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/10/31 13:27:43 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
explorer.exe -> C:\Windows\explorer.exe -> [2009/05/17 10:09:56 | 02,923,520 | ---- | M] (Microsoft Corporation)
wmiprvse.exe -> C:\Windows\System32\wbem\WmiPrvSE.exe -> [2009/05/17 10:08:30 | 00,247,296 | ---- | M] (Microsoft Corporation)
sdwinsec.exe -> C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -> [2008/07/07 11:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.)
apoint.exe -> C:\Program Files\Apoint2K\Apoint.exe -> [2007/07/08 12:11:08 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.)
clsched.exe -> C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -> [2007/05/18 21:23:00 | 00,106,593 | ---- | M] ()
clcapsvc.exe -> C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -> [2007/05/18 21:22:58 | 00,266,339 | ---- | M] ()
hpqtoaster.exe -> C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe -> [2007/05/16 12:43:06 | 00,677,432 | R--- | M] ()
hphc_service.exe -> c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe -> [2007/05/16 09:49:12 | 00,061,440 | ---- | M] (Hewlett-Packard)
hpwamain.exe -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe -> [2007/05/11 15:21:10 | 00,472,632 | ---- | M] (Hewlett-Packard Development Company, L.P.)
apmsgfwd.exe -> C:\Program Files\Apoint2K\ApMsgFwd.exe -> [2007/01/28 23:07:18 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.)
wifimsg.exe -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe -> [2007/01/10 18:12:08 | 00,317,128 | ---- | M] (Hewlett-Packard Development Company, L.P.)
xaudio.exe -> C:\Windows\System32\drivers\XAudio.exe -> [2006/11/27 19:44:58 | 00,386,560 | ---- | M] (Conexant Systems, Inc.)
ehtray.exe -> C:\Windows\ehome\ehtray.exe -> [2006/11/02 07:35:32 | 00,125,440 | ---- | M] (Microsoft Corporation)
ehmsas.exe -> C:\Windows\ehome\ehmsas.exe -> [2006/11/02 07:35:32 | 00,037,376 | ---- | M] (Microsoft Corporation)
apntex.exe -> C:\Program Files\Apoint2K\ApntEx.exe -> [2006/09/07 19:06:08 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.)
hpqwmiex.exe -> C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -> [2006/05/02 16:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.)

[Win32 Services - Safe List]
(stllssvr) [On_Demand | Stopped] -> -> File not found
(NMIndexingService) [Disabled | Stopped] -> -> File not found
(NetTcpPortSharing) [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2009/05/17 07:55:33 | 00,132,096 | ---- | M] (Microsoft Corporation)
(idsvc) [Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2009/05/17 07:55:23 | 00,881,664 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2009/05/17 07:55:09 | 00,046,104 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/05/17 03:15:11 | 00,069,632 | ---- | M] (Microsoft Corporation)
(odserv) [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2008/11/04 03:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation)
(SBSDWSCService) [Auto | Running] -> C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -> [2008/07/07 11:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.)
(Adobe LM Service) [On_Demand | Stopped] -> C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -> [2008/01/23 17:55:39 | 00,072,704 | ---- | M] (Adobe Systems)
(WinDefend) [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2007/07/25 06:44:06 | 00,265,912 | ---- | M] (Microsoft Corporation)
(CLSched) [Auto | Running] -> C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -> [2007/05/18 21:23:00 | 00,106,593 | ---- | M] ()
(CLCapSvc) [Auto | Running] -> C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -> [2007/05/18 21:22:58 | 00,266,339 | ---- | M] ()
(HP Health Check Service) [Auto | Running] -> c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -> [2007/05/16 09:49:12 | 00,061,440 | ---- | M] (Hewlett-Packard)
(LightScribeService) [Disabled | Stopped] -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2007/04/19 15:35:46 | 00,075,304 | ---- | M] (Hewlett-Packard Company)
(RoxMediaDB9) [On_Demand | Stopped] -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> [2007/02/12 11:36:58 | 00,880,640 | ---- | M] (Sonic Solutions)
(Com4Qlb) [On_Demand | Stopped] -> C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -> [2007/01/09 16:55:34 | 00,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(XAudioService) [Auto | Running] -> C:\Windows\System32\drivers\XAudio.exe -> [2006/11/27 19:44:58 | 00,386,560 | ---- | M] (Conexant Systems, Inc.)
(WMPNetworkSvc) [On_Demand | Stopped] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2006/11/02 07:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation)
(ehSched) [On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation)
(ehstart) [On_Demand | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation)
(ehRecvr) [On_Demand | Stopped] -> C:\Windows\ehome\ehrecvr.exe -> [2006/11/02 07:35:28 | 00,291,840 | ---- | M] (Microsoft Corporation)
(ose) [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(hpqwmiex) [Auto | Running] -> C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -> [2006/05/02 16:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(IDriverT) [On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 03:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)

[Driver Services - Safe List]
(CnxtHdAudService) Conexant UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\CHDRT32.sys -> [2008/03/03 13:32:00 | 00,188,416 | ---- | M] (Conexant Systems Inc.)
(ApfiltrService) Alps Pointing-device Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Apfiltr.sys -> [2007/07/07 00:58:56 | 00,155,136 | ---- | M] (Alps Electric Co., Ltd.)
(nvlddmkm) nvlddmkm [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvlddmkm.sys -> [2007/06/19 16:21:00 | 07,563,744 | ---- | M] (NVIDIA Corporation)
(HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\CHDART.sys -> [2007/04/29 23:59:30 | 00,160,768 | ---- | M] (Conexant Systems Inc.)
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rixdptsk.sys -> [2007/03/21 02:02:04 | 00,037,376 | ---- | M] (REDC)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvmfdx32.sys -> [2007/03/06 08:15:58 | 01,059,112 | ---- | M] (NVIDIA Corporation)
(rimmptsk) rimmptsk [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rimmptsk.sys -> [2007/02/23 18:42:22 | 00,039,936 | ---- | M] (REDC)
(nvsmu) nvsmu [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvsmu.sys -> [2007/02/16 03:50:32 | 00,012,032 | ---- | M] (NVIDIA Corporation)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\PxHelp20.sys -> [2007/02/02 05:00:00 | 00,043,528 | ---- | M] (Sonic Solutions)
(rimsptsk) rimsptsk [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rimsptsk.sys -> [2007/01/22 20:40:20 | 00,042,496 | ---- | M] (REDC)
(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\BCMWL6.SYS -> [2007/01/03 10:43:12 | 00,534,016 | ---- | M] (Broadcom Corporation)
(BCM43XV) Broadcom Extensible 802.11 Network Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\BCMWL6.SYS -> [2007/01/03 10:43:12 | 00,534,016 | ---- | M] (Broadcom Corporation)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HSX_DPV.sys -> [2006/12/06 18:05:58 | 00,985,600 | ---- | M] (Conexant Systems, Inc.)
(HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HSXHWAZL.sys -> [2006/12/06 18:04:36 | 00,207,360 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HSX_CNXT.sys -> [2006/12/06 18:04:26 | 00,659,968 | ---- | M] (Conexant Systems, Inc.)
(eabfiltr) eabfiltr [Kernel | System | Running] -> C:\Windows\System32\drivers\eabfiltr.sys -> [2006/11/30 12:24:58 | 00,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(XAudio) XAudio [Kernel | Auto | Running] -> C:\Windows\System32\drivers\XAudio.sys -> [2006/11/27 19:44:52 | 00,008,192 | ---- | M] (Conexant Systems, Inc.)
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2006/11/02 04:51:45 | 00,900,712 | ---- | M] (QLogic Corporation)
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2006/11/02 04:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.)
(elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2006/11/02 04:51:34 | 00,316,520 | ---- | M] (Emulex)
(adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2006/11/02 04:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.)
(uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2006/11/02 04:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.)
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation)
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2006/11/02 04:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.)
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2006/11/02 04:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.)
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2006/11/02 04:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd)
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation)
(UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.)
(nvraid) nvraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2006/11/02 04:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation)
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation)
(iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2006/11/02 04:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems)
(nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation)
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.)
(arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2006/11/02 04:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.)
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2006/11/02 04:50:10 | 00,065,640 | ---- | M] (LSI Logic)
(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid2.sys -> [2006/11/02 04:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.)
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2006/11/02 04:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company)
(arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2006/11/02 04:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.)
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2006/11/02 04:50:05 | 00,065,640 | ---- | M] (LSI Logic)
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic)
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2006/11/02 04:50:04 | 00,065,640 | ---- | M] (LSI Logic)
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic)
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation)
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic)
(megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2006/11/02 04:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation)
(viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2006/11/02 04:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.)
(cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2006/11/02 04:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.)
(aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2006/11/02 04:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.)
(scsiscan) SCSI Scanner Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\scsiscan.sys -> [2006/11/02 04:14:17 | 00,014,336 | ---- | M] (Microsoft Corporation)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\USBAUDIO.sys -> [2006/11/02 03:55:04 | 00,071,552 | ---- | M] (Microsoft Corporation)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.)
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.)
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.)
(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\VSTAZL3.SYS -> [2006/11/02 02:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.)
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies)
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\e100b325.sys -> [2006/11/02 02:30:54 | 00,163,328 | ---- | M] (Intel Corporation)
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\E1G60I32.sys -> [2006/11/02 02:30:54 | 00,117,760 | ---- | M] (Intel Corporation)
(secdrv) Security Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\secdrv.sys -> [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(ialm) ialm [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\igdkmd32.sys -> [2006/10/18 21:10:57 | 01,380,864 | ---- | M] (Intel Corporation)
(HBtnKey) HBtnKey [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\CPQBttn.sys -> [2006/06/28 11:54:00 | 00,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\Windows\System32\drivers\mdmxsdk.sys -> [2006/06/18 17:26:58 | 00,012,672 | ---- | M] (Conexant)
(cdudf_xp) cdudf_xp [File_System | System | Running] -> C:\Windows\System32\drivers\Cdudf_xp.sys -> [2003/12/01 16:46:22 | 00,259,200 | ---- | M] (Roxio)
(UdfReadr_xp) UdfReadr_xp [File_System | System | Running] -> C:\Windows\System32\drivers\UdfReadr_xp.sys -> [2003/12/01 16:46:22 | 00,213,120 | ---- | M] (Roxio)
(DVDVRRdr_xp) DVDVRRdr_xp [File_System | System | Running] -> C:\Windows\System32\drivers\DVDVRRdr_xp.sys -> [2003/12/01 16:46:22 | 00,146,560 | ---- | M] (Roxio)
(pwd_2k) pwd_2k [Kernel | System | Running] -> C:\Windows\System32\drivers\pwd_2K.sys -> [2003/12/01 16:46:22 | 00,118,409 | ---- | M] (Roxio)
(mmc_2K) mmc_2K [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\Mmc_2k.sys -> [2003/12/01 16:46:22 | 00,022,745 | ---- | M] (Roxio)
(dvd_2K) dvd_2K [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Dvd_2k.sys -> [2003/12/01 16:46:22 | 00,021,993 | ---- | M] (Roxio)
(ATMhelpr) ATMhelpr [Kernel | System | Running] -> C:\Windows\System32\drivers\ATMHELPR.SYS -> [1997/06/17 06:00:00 | 00,004,064 | ---- | M] (Adobe Systems Incorporated)

[Modules - Safe List]
ots.exe -> C:\Users\Boltons\Desktop\OTS.exe -> [2009/11/01 23:45:14 | 00,524,800 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll -> [2006/11/02 04:38:57 | 01,648,128 | ---- | M] (Microsoft Corporation)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\Windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> about:blank ->
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 1 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> <local> ->
HKEY_CURRENT_USER\: "ProxyServer" -> 172.16.1.1:3128 ->
< FireFox Settings [Prefs.js] > -> C:\Users\Boltons\AppData\Roaming\Mozilla\FireFox\Profiles\2omo30gc.default\ prefs.js ->
browser.search.defaultenginename -> "Google" ->
browser.search.defaulturl -> "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" ->
browser.search.selectedEngine -> "Google" ->
browser.search.update -> false ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.google.com/|http://www.yahoo.com/" ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2 ->
extensions.enabledItems -> {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525 ->
extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.1 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1 ->
network.proxy.backup.ftp -> "" ->
network.proxy.backup.ftp_port -> 0 ->
network.proxy.backup.gopher -> "" ->
network.proxy.backup.gopher_port -> 0 ->
network.proxy.backup.socks -> "" ->
network.proxy.backup.socks_port -> 0 ->
network.proxy.backup.ssl -> "" ->
network.proxy.backup.ssl_port -> 0 ->
network.proxy.ftp -> "172.16.1.1" ->
network.proxy.ftp_port -> 3128 ->
network.proxy.gopher -> "172.16.1.1" ->
network.proxy.gopher_port -> 3128 ->
network.proxy.http -> "172.16.1.1" ->
network.proxy.http_port -> 3128 ->
network.proxy.share_proxy_settings -> true ->
network.proxy.socks -> "172.16.1.1" ->
network.proxy.socks_port -> 3128 ->
network.proxy.ssl -> "172.16.1.1" ->
network.proxy.ssl_port -> 3128 ->
network.proxy.type -> 4 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2008/09/05 13:32:03 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/10/31 13:28:05 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Users\Boltons\AppData\Roaming\Mozilla\Extensions -> [2008/09/05 13:34:33 | 00,000,000 | ---D | M]
-> C:\Users\Boltons\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2008/09/05 13:34:33 | 00,000,000 | ---D | M]
-> C:\Users\Boltons\AppData\Roaming\Mozilla\Firefox\Profiles\2omo30gc.default\ extensions -> [2009/10/31 17:31:17 | 00,000,000 | ---D | M]
-> C:\Users\Boltons\AppData\Roaming\Mozilla\Firefox\Profiles\2omo30gc.default\ extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/09/16 03:28:49 | 00,000,000 | ---D | M]
-> C:\Users\Boltons\AppData\Roaming\Mozilla\Firefox\Profiles\2omo30gc.default\ extensions\{3112ca9c-de6d-4884-a869-9855de68056c} -> [2008/01/08 02:10:23 | 00,000,000 | ---D | M]
-> C:\Users\Boltons\AppData\Roaming\Mozilla\Firefox\Profiles\2omo30gc.default\ extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} -> [2009/07/30 22:36:06 | 00,000,000 | ---D | M]
-> C:\Users\Boltons\AppData\Roaming\Mozilla\Firefox\Profiles\2omo30gc.default\ extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2009/04/16 15:24:00 | 00,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
aboutcom.xml -> C:\Users\Boltons\AppData\Roaming\Mozilla\Firefox\Profiles\2omo30gc.default\ searchplugins\aboutcom.xml -> [2008/03/06 02:40:49 | 00,005,322 | ---- | M] ()
wikipedia-english.xml -> C:\Users\Boltons\AppData\Roaming\Mozilla\Firefox\Profiles\2omo30gc.default\ searchplugins\wikipedia-english.xml -> [2008/03/06 02:40:35 | 00,005,325 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2009/10/31 13:28:34 | 00,000,000 | ---D | M]
-> C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} -> [2008/01/06 12:59:30 | 00,000,000 | ---D | M]
-> C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2008/09/05 13:32:03 | 00,000,000 | ---D | M]
-> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} -> [2009/10/31 13:28:34 | 00,000,000 | ---D | M]
-> C:\Program Files\Mozilla Firefox\extensions\inspector@mozilla.org -> [2008/09/05 13:32:03 | 00,000,000 | ---D | M]
-> C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org -> [2008/09/05 13:32:03 | 00,000,000 | ---D | M]
< FireFox Components [Program Folders] > ->
browserdirprovider.dll -> C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll -> [2008/09/05 13:31:39 | 00,023,040 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll -> [2008/09/05 13:31:39 | 00,134,144 | ---- | M] (Mozilla Foundation)
< HOSTS File > (288570 bytes and 9988 lines) -> C:\Windows\System32\drivers\etc\hosts ->
First 25 entries...
Reset Hosts
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
Continued in second post.....................SeaSalt
===========================
End of my pasted logfile
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
SeaSalt's Avatar
SeaSalt SeaSalt is offline
Computer Specs
Member with 56 posts.
THREAD STARTER
 
Join Date: Oct 2009
Experience: Intermediate and below...
16-Jan-2010, 12:06 PM #88
CookieGal,

WELL, I DID IT AGAIN. THIS POST IS OVER THE 30000 CHARACTER LIMIT BY 1700 CHARACTERS. THERE WILL BE A THIRD PORTION TO THIS REPLY............SORRY FOR ANY INCONVENIENCE...........SEASALT

Here is the second portion of my REPLY post to you - Please let me know that you received both parts OK
Thanks .... SeaSalt
==========================
127.0.0.1 www.136136.net
127.0.0.1 136136.net
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\ ->
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2008/06/12 01:33:16 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2008/03/22 16:37:08 | 00,308,856 | ---- | M] (RealPlayer)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 14:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/10/31 13:27:43 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Apoint" -> C:\Program Files\Apoint2K\Apoint.exe [C:\Program Files\Apoint2K\Apoint.exe] -> [2007/07/08 12:11:08 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.)
"hpWirelessAssistant" -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe] -> [2007/05/11 15:21:10 | 00,472,632 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"MSConfig" -> C:\Windows\System32\msconfig.exe ["C:\Windows\system32\msconfig.exe" /auto] -> [2006/11/02 04:45:25 | 00,222,208 | ---- | M] (Microsoft Corporation)
"NvSvc" -> C:\Windows\System32\nvsvc.DLL [RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart] -> [2007/06/19 16:21:00 | 00,086,016 | ---- | M] (NVIDIA Corporation)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/10/31 13:27:43 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
"WAWifiMessage" -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe] -> [2007/01/10 18:12:08 | 00,317,128 | ---- | M] (Hewlett-Packard Development Company, L.P.)
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"Launcher" -> C:\Windows\SMINST\Launcher.exe [%WINDIR%\SMINST\launcher.exe] -> [2006/11/07 19:39:18 | 00,044,128 | ---- | M] (soft thinks)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"cdloader" -> C:\Users\Boltons\AppData\Roaming\mjusbsp\cdloader2.exe ["C:\Users\Boltons\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK] -> [2009/08/01 11:11:28 | 00,050,520 | ---- | M] (magicJack L.P.)
"ehTray.exe" -> C:\Windows\ehome\ehtray.exe [C:\Windows\ehome\ehTray.exe] -> [2006/11/02 07:35:32 | 00,125,440 | ---- | M] (Microsoft Corporation)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explo rer ->
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Syste m ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Syste m
\\"ConsentPromptBehaviorAdmin" -> [2] -> File not found
\\"ConsentPromptBehaviorUser" -> [1] -> File not found
\\"EnableInstallerDetection" -> [1] -> File not found
\\"EnableLUA" -> [1] -> File not found
\\"EnableSecureUIAPaths" -> [1] -> File not found
\\"EnableVirtualization" -> [1] -> File not found
\\"PromptOnSecureDesktop" -> [1] -> File not found
\\"ValidateAdminCodeSignatures" -> [0] -> File not found
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"scforceoption" -> [0] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"FilterAdministratorToken" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Syste m\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" -> [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" -> [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" -> [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" -> [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" -> [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" -> [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" -> [17] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explor er ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explor er
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"LogonHoursAction" -> [2] -> File not found
\\"DontDisplayLogonHoursWarnings" -> [1] -> File not found
\\"DisableRegistryTools" -> [0] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2008/10/25 09:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2008/10/25 09:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 06:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/control...ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPre fix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5195 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 8 domain(s) found. ->
akamai.net .[*] -> Trusted sites ->
akamai_avg.com [*] -> Trusted sites ->
update_avg.com [*] -> Trusted sites ->
akamai_avg.cz [*] -> Trusted sites ->
backup_avg.cz [*] -> Trusted sites ->
download_avg.cz [*] -> Trusted sites ->
files2_avg.cz [*] -> Trusted sites ->
akamai.avg.com_edgesuite.net [*] -> Trusted sites ->
akamai.avg.cz_edgesuite.net [*] -> Trusted sites ->
akamai.grisoft.com_edgesuite.net [*] -> Trusted sites ->
akamai.grisoft.cz_edgesuite.net [*] -> Trusted sites ->
akamai_grisoft.com [*] -> Trusted sites ->
update_grisoft.com [*] -> Trusted sites ->
akamai_grisoft.cz [*] -> Trusted sites ->
backup_grisoft.cz [*] -> Trusted sites ->
download_grisoft.cz [*] -> Trusted sites ->
files2_grisoft.cz [*] -> Trusted sites ->
my_magicjack.com [https] -> Trusted sites ->
reg_talk4free.com [https] -> Trusted sites ->
7 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_16] ->
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_16] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_16] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 207.255.176.40 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapt ers\ ->
{0904E5AE-DF43-48FE-B1F4-D314C3E56707}\\DhcpNameServer -> 207.255.176.40 (NVIDIA nForce Networking Controller) ->
{6CAAE3ED-3487-4EEC-A8D7-EF25C4E7C65B}\\DhcpNameServer -> 180.18.4.10 207.255.176.40 207.255.176.37 (Broadcom 802.11b/g WLAN) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2009/05/17 10:09:56 | 02,923,520 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -> C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> [2006/08/30 13:35:12 | 00,952,088 | ---- | M] (EarthLink, Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\autoexec.bat [ NTFS ] -> [2007/07/25 07:42:24 | 00,000,074 | ---- | M] ()
D:\AUTOMODE [@echo off | IF EXIST C:\ST_RP\MANUALMODE ECHO MANUAL BATCH MODE ALREADY SET ! | IF NOT EXIST C:\ST_RP\MANUALMODE ECHO SET TO MANUAL BATCH EXECUTION ! | IF NOT EXIST C:\ST_RP\MANUALMODE IF EXIST C:\ST_RP\AUTOMODE DEL C:\ST_RP\AUTOMODE /F > NUL | IF NOT EXIST C:\ST_RP\MANUALMODE COPY C:\ST_RP\SET_AUTO_MODE.CMD C:\ST_RP\MANUALMODE > NUL | ECHO. | ] -> D:\AUTOMODE [ NTFS ] -> [2005/09/11 10:18:54 | 00,000,340 | -HS- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2 ->
\{2256b85b-42f9-11dd-b71a-001a6bdb9438}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{2256b85b-42f9-11dd-b71a-001a6bdb9438}\shell\AutoRun\command
\{2256b85b-42f9-11dd-b71a-001a6bdb9438}\shell\AutoRun\command\\"" -> F:\autorun.exe [F:\autorun.exe] -> File not found
\{2256b85b-42f9-11dd-b71a-001a6bdb9438}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{2256b85b-42f9-11dd-b71a-001a6bdb9438}\shell\phone\command
\{2256b85b-42f9-11dd-b71a-001a6bdb9438}\shell\phone\command\\"" -> F:\autorun.exe [F:\autorun.exe] -> File not found
\{31519f74-54f9-11dd-a0e8-001a6bdb9438}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{31519f74-54f9-11dd-a0e8-001a6bdb9438}\shell
\{31519f74-54f9-11dd-a0e8-001a6bdb9438}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{31519f74-54f9-11dd-a0e8-001a6bdb9438}\shell\AutoRun\command
\{31519f74-54f9-11dd-a0e8-001a6bdb9438}\shell\AutoRun\command\\"" -> F:\LapNetWizard.exe [F:\LapNetWizard.exe] -> File not found
\{57ccf86e-816d-11de-93d9-001a6bdb9438}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{57ccf86e-816d-11de-93d9-001a6bdb9438}\shell\AutoRun\command
\{57ccf86e-816d-11de-93d9-001a6bdb9438}\shell\AutoRun\command\\"" -> H:\autorun.exe [H:\autorun.exe] -> File not found
\{57ccf86e-816d-11de-93d9-001a6bdb9438}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{57ccf86e-816d-11de-93d9-001a6bdb9438}\shell\phone\command
\{57ccf86e-816d-11de-93d9-001a6bdb9438}\shell\phone\command\\"" -> H:\autorun.exe [H:\autorun.exe] -> File not found
\{9bb74b1c-8458-11de-8309-0016d3afc911}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{9bb74b1c-8458-11de-8309-0016d3afc911}\shell
\{9bb74b1c-8458-11de-8309-0016d3afc911}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{9bb74b1c-8458-11de-8309-0016d3afc911}\shell\AutoRun\command
\{9bb74b1c-8458-11de-8309-0016d3afc911}\shell\AutoRun\command\\"" -> F:\LapNetWizard.exe [F:\LapNetWizard.exe] -> File not found
\{9dc58be7-9a66-11de-b84f-0016d3afc911}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{9dc58be7-9a66-11de-b84f-0016d3afc911}\shell\AutoRun\command
\{9dc58be7-9a66-11de-b84f-0016d3afc911}\shell\AutoRun\command\\"" -> G:\autorun.exe [G:\autorun.exe] -> File not found
\{9dc58be7-9a66-11de-b84f-0016d3afc911}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{9dc58be7-9a66-11de-b84f-0016d3afc911}\shell\phone\command
\{9dc58be7-9a66-11de-b84f-0016d3afc911}\shell\phone\command\\"" -> G:\autorun.exe [G:\autorun.exe] -> File not found
\{a09a3898-c6df-11de-a464-001a6bdb9438}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{a09a3898-c6df-11de-a464-001a6bdb9438}\shell
\{a09a3898-c6df-11de-a464-001a6bdb9438}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{a09a3898-c6df-11de-a464-001a6bdb9438}\shell\AutoRun\command
\{a09a3898-c6df-11de-a464-001a6bdb9438}\shell\AutoRun\command\\"" -> H:\LaunchU3.exe [H:\LaunchU3.exe -a] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* -> File not found
exefile [open] -> "%1" %* -> File not found

[Registry - Additional Scans - Safe List]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ ->
C:^Users^Boltons^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -> [2005/03/16 22:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
C:^Users^Boltons^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MemTurbo.lnk -> C:\PROGRA~1\MEMTUR~1\MemTurbo.exe -> File not found
C:^Users^Boltons^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE -> [2008/10/25 10:18:50 | 00,098,696 | ---- | M] (Microsoft Corporation)
C:^Users^Boltons^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TDK Launcher.lnk -> C:\Program Files\TDK\TDKLauncher\TDKLauncher.exe -> [2003/07/24 13:36:28 | 00,241,664 | ---- | M] (TDK)
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe -> [2008/06/12 05:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
AVG8_TRAY hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\PROGRA~1\AVG\AVG8\avgtray.exe -> File not found
cdloader hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Users\Boltons\AppData\Roaming\mjusbsp\cdloader2.exe -> [2009/08/01 11:11:28 | 00,050,520 | ---- | M] (magicJack L.P.)
HP Health Check Scheduler hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe -> [2007/05/16 09:20:12 | 00,071,176 | ---- | M] (Hewlett-Packard)
HP Software Update hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\HP\HP Software Update\hpwuSchd2.exe -> [2007/05/08 23:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
OnScreenDisplay hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe -> [2007/06/12 21:14:22 | 00,554,552 | ---- | M] ( Hewlett-Packard Development Company, L.P.)
QlbCtrl hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found
QPService hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\HP\QuickPlay\QPService.exe -> [2007/05/18 21:22:36 | 00,181,744 | ---- | M] (CyberLink Corp.)
RoxAssistant hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Roxio Shared\Upgrade\RoxAssist.exe -> [2003/12/01 16:51:10 | 00,090,112 | ---- | M] (Roxio)
RoxioAudioCentral hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe -> [2003/07/15 14:38:26 | 00,319,488 | ---- | M] (Roxio, Inc.)
RoxioDragToDisc hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe -> [2003/12/01 16:46:22 | 00,868,352 | ---- | M] (Roxio)
RoxioEngineUtility hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe -> [2003/05/01 20:44:50 | 00,065,536 | ---- | M] (Roxio)
Sharkbyte hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Grooveshark\sharkbyte.exe -> File not found
TkBellExe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> [2008/03/22 16:36:49 | 00,185,896 | ---- | M] (RealNetworks, Inc.)
Windows Defender hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state ->
"services" -> 2 ->
"startup" -> 2 ->
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Users\Boltons\Desktop\OTS.exe -> [2009/11/01 23:45:13 | 00,524,800 | ---- | C] (OldTimer Tools)
avgremover.exe -> C:\Users\Boltons\Desktop\avgremover.exe -> [2009/10/31 14:11:16 | 00,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.)
deploytk.dll -> C:\Windows\System32\deploytk.dll -> [2009/10/31 13:28:04 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.)
javaws.exe -> C:\Windows\System32\javaws.exe -> [2009/10/31 13:28:04 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.)
javaw.exe -> C:\Windows\System32\javaw.exe -> [2009/10/31 13:28:04 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.)
java.exe -> C:\Windows\System32\java.exe -> [2009/10/31 13:28:04 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.)
C:\Program Files\Java -> C:\Program Files\Java -> [2009/10/31 13:27:31 | 00,000,000 | ---D | C]
jre-6u16-windows-i586.exe -> C:\Users\Boltons\Desktop\jre-6u16-windows-i586.exe -> [2009/10/31 13:12:02 | 16,664,352 | ---- | C] (Sun Microsystems, Inc.)
MEBASch Diesel Course Photos22Oct09 -> C:\Users\Boltons\Desktop\MEBASch Diesel Course Photos22Oct09 -> [2009/10/25 11:51:16 | 00,000,000 | ---D | C]
MEBASch Diesel Lab Photos ONLY22Oct09 -> C:\Users\Boltons\Desktop\MEBASch Diesel Lab Photos ONLY22Oct09 -> [2009/10/25 11:50:53 | 00,000,000 | ---D | C]
ERDNT -> C:\Windows\ERDNT -> [2009/10/25 00:35:59 | 00,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2009/10/23 21:13:28 | 00,000,000 | ---D | C]
C:\Users\Boltons\AppData\Roaming\Malwarebytes -> C:\Users\Boltons\AppData\Roaming\Malwarebytes -> [2009/10/18 19:05:30 | 00,000,000 | ---D | C]
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2009/10/18 19:05:26 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2009/10/18 19:05:24 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009/10/18 19:05:24 | 00,000,000 | ---D | C]
C:\ProgramData\Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009/10/18 19:05:24 | 00,000,000 | ---D | C]
C:\Program Files\Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/10/18 19:05:24 | 00,000,000 | ---D | C]
Sun -> C:\Windows\Sun -> [2009/10/17 17:55:47 | 00,000,000 | ---D | C]
My YouTube -> C:\Users\Boltons\Documents\My YouTube -> [2009/10/15 19:34:57 | 00,000,000 | ---D | C]
C:\Users\Boltons\AppData\Local\YouTubeAssistant -> C:\Users\Boltons\AppData\Local\YouTubeAssistant -> [2009/10/15 19:34:56 | 00,000,000 | ---D | C]
C:\Program Files\Eurekr.com -> C:\Program Files\Eurekr.com -> [2009/10/15 19:30:19 | 00,000,000 | ---D | C]
Ares Tube -> C:\Ares Tube -> [2009/10/15 18:47:29 | 00,000,000 | ---D | C]
wucltux.dll -> C:\Windows\System32\wucltux.dll -> [2009/10/06 00:18:40 | 02,421,760 | ---- | C] (Microsoft Corporation)
wuaueng.dll -> C:\Windows\System32\wuaueng.dll -> [2009/10/06 00:18:40 | 01,929,952 | ---- | C] (Microsoft Corporation)
wuauclt.exe -> C:\Windows\System32\wuauclt.exe -> [2009/10/06 00:18:40 | 00,053,472 | ---- | C] (Microsoft Corporation)
wups2.dll -> C:\Windows\System32\wups2.dll -> [2009/10/06 00:18:40 | 00,044,768 | ---- | C] (Microsoft Corporation)
wuapi.dll -> C:\Windows\System32\wuapi.dll -> [2009/10/06 00:17:54 | 00,575,704 | ---- | C] (Microsoft Corporation)
wudriver.dll -> C:\Windows\System32\wudriver.dll -> [2009/10/06 00:17:54 | 00,087,552 | ---- | C] (Microsoft Corporation)
wups.dll -> C:\Windows\System32\wups.dll -> [2009/10/06 00:17:54 | 00,035,552 | ---- | C] (Microsoft Corporation)
wuwebv.dll -> C:\Windows\System32\wuwebv.dll -> [2009/10/06 00:17:44 | 00,171,608 | ---- | C] (Microsoft Corporation)
wuapp.exe -> C:\Windows\System32\wuapp.exe -> [2009/10/06 00:17:44 | 00,033,792 | ---- | C] (Microsoft Corporation)
1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp ->
CONTINUED IN 3RD POST REPLY.............SEASALT
SeaSalt's Avatar
SeaSalt SeaSalt is offline
Computer Specs
Member with 56 posts.
THREAD STARTER
 
Join Date: Oct 2009
Experience: Intermediate and below...
16-Jan-2010, 12:09 PM #89
CookieGal,
Here is the THIRD portion of my post reply to you.
I'm really sorry I didn't divide the message into two parts. Poor guessing on my part.
==============================
00:17:44 | 00,033,792 | ---- | C] (Microsoft Corporation)
1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp ->

[Files/Folders - Modified Within 30 Days]
NTUSER.DAT -> C:\Users\Boltons\NTUSER.DAT -> [2009/11/01 23:50:41 | 06,029,312 | -HS- | M] ()
OTS.exe -> C:\Users\Boltons\Desktop\OTS.exe -> [2009/11/01 23:45:14 | 00,524,800 | ---- | M] (OldTimer Tools)
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009/11/01 23:31:21 | 00,003,072 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009/11/01 23:31:21 | 00,003,072 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Boltons\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/11/01 16:17:26 | 00,146,944 | ---- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2009/11/01 15:36:24 | 00,621,552 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2009/11/01 15:36:24 | 00,104,868 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2009/11/01 15:36:23 | 00,720,952 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009/11/01 15:31:28 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/11/01 15:30:24 | 00,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/11/01 15:30:19 | 20,792,48384 | -HS- | M] ()
IconCache.db -> C:\Users\Boltons\AppData\Local\IconCache.db -> [2009/11/01 11:55:50 | 04,409,821 | -H-- | M] ()
nvModes.dat -> C:\Users\Boltons\AppData\Roaming\nvModes.dat -> [2009/10/31 14:31:09 | 00,054,503 | ---- | M] ()
nvModes.001 -> C:\Users\Boltons\AppData\Roaming\nvModes.001 -> [2009/10/31 14:31:08 | 00,054,503 | ---- | M] ()
deploytk.dll -> C:\Windows\System32\deploytk.dll -> [2009/10/31 13:27:43 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.)
javaws.exe -> C:\Windows\System32\javaws.exe -> [2009/10/31 13:27:43 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
javaw.exe -> C:\Windows\System32\javaw.exe -> [2009/10/31 13:27:43 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.)
java.exe -> C:\Windows\System32\java.exe -> [2009/10/31 13:27:43 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.)
jre-6u16-windows-i586.exe -> C:\Users\Boltons\Desktop\jre-6u16-windows-i586.exe -> [2009/10/31 13:12:18 | 16,664,352 | ---- | M] (Sun Microsystems, Inc.)
Java Updating Steps 31Oct09 - Shortcut.lnk -> C:\Users\Boltons\Desktop\Java Updating Steps 31Oct09 - Shortcut.lnk -> [2009/10/31 12:59:46 | 00,001,009 | ---- | M] ()
avgremover.exe -> C:\Users\Boltons\Desktop\avgremover.exe -> [2009/10/31 12:28:05 | 00,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.)
6 Wk Diesels PPT Course CMES 12Oct09 - Shortcut.lnk -> C:\Users\Boltons\Desktop\6 Wk Diesels PPT Course CMES 12Oct09 - Shortcut.lnk -> [2009/10/28 20:19:23 | 00,000,923 | ---- | M] ()
zeztlu49.exe -> C:\Users\Boltons\Desktop\zeztlu49.exe -> [2009/10/27 16:16:18 | 00,291,328 | ---- | M] ()
system.ini -> C:\Windows\system.ini -> [2009/10/25 01:28:58 | 00,000,248 | ---- | M] ()
_test1a_Book1_14October09.xls -> C:\Users\Boltons\Documents\_test1a_Book1_14October09.xls -> [2009/10/24 14:14:59 | 00,041,472 | ---- | M] ()
puppy.exe.exe -> C:\Users\Boltons\Desktop\puppy.exe.exe -> [2009/10/23 19:56:40 | 03,351,787 | R--- | M] ()
Combofix.exe -> C:\Users\Boltons\Desktop\Combofix.exe -> [2009/10/23 19:56:40 | 03,351,787 | ---- | M] ()
Sample Book from MarineDiesels UK.lnk -> C:\Users\Boltons\Desktop\Sample Book from MarineDiesels UK.lnk -> [2009/10/21 22:48:51 | 00,000,754 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/10/18 19:05:28 | 00,000,818 | ---- | M] ()
_test1_Book1OLD.xls -> C:\Users\Boltons\Documents\_test1_Book1OLD.xls -> [2009/10/14 19:35:39 | 00,023,552 | ---- | M] ()
magicJack.lnk -> C:\Users\Boltons\Desktop\magicJack.lnk -> [2009/10/10 08:02:30 | 00,000,903 | ---- | M] ()
HijackThis.lnk -> C:\Users\Boltons\Desktop\HijackThis.lnk -> [2009/10/09 12:16:07 | 00,001,877 | ---- | M] ()
MEBA Related - Shortcut.lnk -> C:\Users\Boltons\Desktop\MEBA Related - Shortcut.lnk -> [2009/10/09 12:16:07 | 00,000,721 | ---- | M] ()
Worthy Inventory VER2003 pipes & fittings Aug09 - Shortcut.lnk -> C:\Users\Boltons\Desktop\Worthy Inventory VER2003 pipes & fittings Aug09 - Shortcut.lnk -> [2009/10/09 12:16:06 | 00,002,250 | ---- | M] ()
_MOU Between Patriot Contract Services & MEBA dtd June 2007 19Dec08 - Shortcut.lnk -> C:\Users\Boltons\Desktop\_MOU Between Patriot Contract Services & MEBA dtd June 2007 19Dec08 - Shortcut.lnk -> [2009/10/09 12:16:05 | 00,001,287 | ---- | M] ()
54 C:\Users\Boltons\AppData\Local\Temp\*.tmp files -> C:\Users\Boltons\AppData\Local\Temp\*.tmp ->
54 C:\Users\Boltons\AppData\Local\Temp\*.tmp files -> C:\Users\Boltons\AppData\Local\Temp\*.tmp ->
54 C:\Users\Boltons\AppData\Local\Temp\*.tmp files -> C:\Users\Boltons\AppData\Local\Temp\*.tmp ->
1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp ->

[Files - No Company Name]
Java Updating Steps 31Oct09 - Shortcut.lnk -> C:\Users\Boltons\Desktop\Java Updating Steps 31Oct09 - Shortcut.lnk -> [2009/10/31 12:59:46 | 00,001,009 | ---- | C] ()
6 Wk Diesels PPT Course CMES 12Oct09 - Shortcut.lnk -> C:\Users\Boltons\Desktop\6 Wk Diesels PPT Course CMES 12Oct09 - Shortcut.lnk -> [2009/10/28 20:19:23 | 00,000,923 | ---- | C] ()
zeztlu49.exe -> C:\Users\Boltons\Desktop\zeztlu49.exe -> [2009/10/27 16:16:17 | 00,291,328 | ---- | C] ()
puppy.exe.exe -> C:\Users\Boltons\Desktop\puppy.exe.exe -> [2009/10/23 21:03:21 | 03,351,787 | R--- | C] ()
Combofix.exe -> C:\Users\Boltons\Desktop\Combofix.exe -> [2009/10/23 21:03:21 | 03,351,787 | ---- | C] ()
Sample Book from MarineDiesels UK.lnk -> C:\Users\Boltons\Desktop\Sample Book from MarineDiesels UK.lnk -> [2009/10/21 22:48:51 | 00,000,754 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/10/18 19:05:28 | 00,000,818 | ---- | C] ()
OGACheckControl.dll -> C:\Windows\System32\OGACheckControl.dll -> [2009/08/03 17:07:42 | 00,403,816 | ---- | C] ()
ACROREAD.INI -> C:\Windows\ACROREAD.INI -> [2008/09/28 03:18:00 | 00,000,153 | ---- | C] ()
MSVCRT10.DLL -> C:\Windows\System32\MSVCRT10.DLL -> [2008/09/28 03:16:18 | 00,210,944 | ---- | C] ()
px.ini -> C:\Windows\System32\px.ini -> [2007/02/27 15:43:02 | 00,000,000 | ---- | C] ()
CddbPlaylist2Roxio.dll -> C:\Windows\System32\CddbPlaylist2Roxio.dll -> [2006/12/14 01:01:36 | 00,520,192 | ---- | C] ()
CddbFileTaggerRoxio.dll -> C:\Windows\System32\CddbFileTaggerRoxio.dll -> [2006/12/14 01:01:36 | 00,204,800 | ---- | C] ()
sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 07:35:32 | 00,005,632 | ---- | C] ()
igfxTMM.dll -> C:\Windows\System32\igfxTMM.dll -> [2006/11/02 05:25:21 | 00,061,440 | ---- | C] ()
system.ini -> C:\Windows\system.ini -> [2006/11/02 05:23:31 | 00,000,248 | ---- | C] ()
win.ini -> C:\Windows\win.ini -> [2006/11/02 05:23:31 | 00,000,219 | ---- | C] ()
pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 02:40:29 | 00,013,750 | ---- | C] ()
rixdicon.dll -> C:\Windows\System32\rixdicon.dll -> [2005/05/06 16:06:00 | 00,016,480 | ---- | C] ()

[HardLinks - Junction Points - Mount Points - Symbolic Links]
capilock.dat -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat -> HardLink
< End of report >
[/code]
===============
END OF ORIGINAL POST.............SEASALT
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 98,408 posts.
 
Join Date: Aug 2003
16-Jan-2010, 07:14 PM #90
I don't know why you posted an old OTS log and there was no OTS Zone Alarm removal tool. The cpes_clean was the Zone Alarm removal tool, not the AVG one.

In any event, we really are getting nowhere. I think the best thing to do to get things in order at this point would be to back up all important data, music, photos etc. to an external drive and then wipe the drive and reload the operating system to start fresh.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
access failure, hjt, logfile, server

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2