1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Analyze HJT Logfile for server access failure causes

Discussion in 'Virus & Other Malware Removal' started by SeaSalt, Oct 11, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,608
    I'm sorry about the confusion regarding NIS. I was reading another person's log by mistake. :eek:

    Go to Start - Run - type CMD and click OK to open a command prompt (black DOS type screen).

    At the prompt type the following exactly as written (be sure to include the space):

    REGSVR32 APPWIZ.CPL

    Then reboot the machine and let me know if you can see Add/Remove programs now in the Control Panel.

    Also, please do the following:

    Download the Registry Search Tool By Bobbi Flekman from the following link to your desktop:

    http://www.bleepingcomputer.com/files/regsearch.php

    Unzip it and double click on the RegSearch.exe to run it. If your antivirus interferes you may have to disable script blocking in the antivirus. Copy and Paste the following in the search box and then click OK:

    F245A209-1085-48B4-B927-35D56015EC60

    Copy and paste the results here please.

    Do the same thing again using this search input:

    829BDA32-94B3-44F4-8446-F8FCFF809F8B

    Copy and paste the results here as well please.
     
  2. SeaSalt

    SeaSalt Thread Starter

    Joined:
    Oct 11, 2009
    Messages:
    56
    CookieGal,

    Ran your instructions and could not re-establish "Add/Remove program" to my Laptop.
    Was able to download regsearch and launch it - TWICE!
    The first time, I entered the string:
    F245A209-1085-48B4-B927-35D56015EC60
    The resultant Notepad is:
    Windows Registry Editor Version 5.00

    ; Registry Search 2.0 by Bobbi Flekman © 2005
    ; Version: 2.0.6.0

    ; Results at 12/29/2009 12:38:58 AM for strings:
    ; 'f245a209-1085-48b4-b927-35d56015ec60'
    ; Strings excluded from search:
    ; (None)
    ; Search in:
    ; Registry Keys Registry Values Registry Data
    ; HKEY_LOCAL_MACHINE HKEY_USERS


    ; End Of The Log...
    ==============================

    The second time, I entered the string:
    829BDA32-94B3-44F4-8446-F8FCFF809F8B
    The resultant Notepad is:

    Windows Registry Editor Version 5.00

    ; Registry Search 2.0 by Bobbi Flekman © 2005
    ; Version: 2.0.6.0

    ; Results at 12/29/2009 1:37:41 AM for strings:
    ; '829bda32-94b3-44f4-8446-f8fcff809f8b'
    ; Strings excluded from search:
    ; (None)
    ; Search in:
    ; Registry Keys Registry Values Registry Data
    ; HKEY_LOCAL_MACHINE HKEY_USERS


    ; End Of The Log...
    ===================================

    So, the two notepad files are included and the one screen capture showing the message from the attempt to re-establish Add/Remove Programs.

    Look forward to hearing from boy soon.


    Moses went away again for more help .....

    Hez
     

    Attached Files:

  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,608
    There is some white space in the list so I can't see if you have something called Programs and Features? That's what it's called in Vista.
     
  4. SeaSalt

    SeaSalt Thread Starter

    Joined:
    Oct 11, 2009
    Messages:
    56
    CookieGal,

    First of all, HAPPY NEW YEAR!!!! Ella and I hope all is well for you and yours!

    In your response, I'm not clear to which you're referring when you say "white space in the list". I changed to the Category View for the Control Panel and captured the screen. There is no "programs and features" listing.
    As usual, I've attached an MS Paint file with the screen capture pasted in it to show what the control panel categories are.
    Were the results of the two "Registry Search Tool" searches properly listed in what I pasted in my last response/posting?
    Looking forward to hearing from you in 2010 for guidances.

    SeaSalt
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,608
    That one is not the same as the previous one you posted. If you look at the earlier one, there is a white block of space in the list so you can't see what's underneath.

    But in the second one, I see Programs - Uninstall a Program listed there.
     
  6. SeaSalt

    SeaSalt Thread Starter

    Joined:
    Oct 11, 2009
    Messages:
    56
    CookieGal,

    Happy 2010!!!!

    My unfamiliarity with the Vista version of Add/Remove Pgms is the problem I had.

    I found the uninstall program for Vista's control panel and in the listing, I only saw a newer version of Java (Java(TM) 6 Update 16).
    There was no Java2 Runtime Environment, SE v1.4.1_02 shown.
    I've captured the "uninstall or change a program" screen in control panel and attached it as my usual MS Paint jpeg file.
    Do you see anything I may have missed? I hope so.

    Awaiting your next communique.

    Seasalt
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,608
    OK, let's try ComboFix again. Drag and drop the program to the recycle bin and download the latest version.

    Please visit Combofix Guide & Instructions for instructions for downloading and running ComboFix.
     
  8. SeaSalt

    SeaSalt Thread Starter

    Joined:
    Oct 11, 2009
    Messages:
    56
    CookieGal,

    I've been wondering if I should run ComboFix with or without the rename of Puppy.

    Please let me know if the renaming is no longer desired.

    If that is the case, I'll run it as originally named (combofix).

    I've already downloaded the latest (after deleting the first one we d/l'ed in October).

    Thanks in advance..............SeaSalt ... waiting to hit the ground running......!
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,608
    Let's try it without renaming this time.
     
  10. SeaSalt

    SeaSalt Thread Starter

    Joined:
    Oct 11, 2009
    Messages:
    56
    CookieGal,

    I printed out the instructions for ComboFix and, in running the program, ran into the same AVG and ZoneAlarm issues/warnings.

    Should I go thru the removal process we used in the past for AVG? Also, I have not re-installed ZONEALARM so I don't know the issue in the warning for that.

    I did a screen capture for both warnings and have attached them.
    I terminated the running of ComboFix after the second warning.

    Where do I go from here?

    Thanks for your patience for this ........

    Seasalt
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,608
  12. SeaSalt

    SeaSalt Thread Starter

    Joined:
    Oct 11, 2009
    Messages:
    56
    CookieGal,

    THIS POST WAS TOO LONG (60171 CHARACTERS)! I WILL DIVIDE IT INTO TWO POSTS.

    I was able to run the removal tool for ZoneAlarm without any apparent problems, but not AVG.
    However, when I later ran ComboFix, the exact same message about detecting AVG AND ZONEALARM came up.
    When I tried to run the removal tool (cpes_clean) for AVG, I got the following:
    "This application has failed to start because VSUTIL.dll was not found. Re-installing the application may fix this problem." I CLICKED OK.

    Next message popped up immediately:
    "A restart is required to complete the removal of Endpoint Security." I clicked OK.
    See the attached MS Paint file of screenshots.

    Below I am attaching the logfile generated when I ran the (OTS) ZoneAlarm removal tool. All appeared to run O.K.

    Where do I go next? Thank you for your sticking in there/here with me!

    Seasalt

    ====================
    Code:
    OTS logfile created on: 11/1/2009 11:52:13 PM - Run 1
    OTS by OldTimer - Version 3.1.2.1     Folder = C:\Users\Boltons\Desktop
    Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.16890)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    1.94 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 68.42% Memory free
    4.00 Gb Paging File | 3.44 Gb Available in Paging File | 86.05% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.82 Gb Total Space | 95.80 Gb Free Space | 43.00% Space Free | Partition Type: NTFS
    Drive D: | 10.07 Gb Total Space | 1.08 Gb Free Space | 10.74% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: BOLTONS-PC
    Current User Name: Boltons
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
     
    [Processes - Safe List]
    ots.exe -> C:\Users\Boltons\Desktop\OTS.exe -> [2009/11/01 23:45:14 | 00,524,800 | ---- | M] (OldTimer Tools)
    jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/10/31 13:27:43 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
    explorer.exe -> C:\Windows\explorer.exe -> [2009/05/17 10:09:56 | 02,923,520 | ---- | M] (Microsoft Corporation)
    wmiprvse.exe -> C:\Windows\System32\wbem\WmiPrvSE.exe -> [2009/05/17 10:08:30 | 00,247,296 | ---- | M] (Microsoft Corporation)
    sdwinsec.exe -> C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -> [2008/07/07 11:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.)
    apoint.exe -> C:\Program Files\Apoint2K\Apoint.exe -> [2007/07/08 12:11:08 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.)
    clsched.exe -> C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -> [2007/05/18 21:23:00 | 00,106,593 | ---- | M] ()
    clcapsvc.exe -> C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -> [2007/05/18 21:22:58 | 00,266,339 | ---- | M] ()
    hpqtoaster.exe -> C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe -> [2007/05/16 12:43:06 | 00,677,432 | R--- | M] ()
    hphc_service.exe -> c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe -> [2007/05/16 09:49:12 | 00,061,440 | ---- | M] (Hewlett-Packard)
    hpwamain.exe -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe -> [2007/05/11 15:21:10 | 00,472,632 | ---- | M] (Hewlett-Packard Development Company, L.P.)
    apmsgfwd.exe -> C:\Program Files\Apoint2K\ApMsgFwd.exe -> [2007/01/28 23:07:18 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.)
    wifimsg.exe -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe -> [2007/01/10 18:12:08 | 00,317,128 | ---- | M] (Hewlett-Packard Development Company, L.P.)
    xaudio.exe -> C:\Windows\System32\drivers\XAudio.exe -> [2006/11/27 19:44:58 | 00,386,560 | ---- | M] (Conexant Systems, Inc.)
    ehtray.exe -> C:\Windows\ehome\ehtray.exe -> [2006/11/02 07:35:32 | 00,125,440 | ---- | M] (Microsoft Corporation)
    ehmsas.exe -> C:\Windows\ehome\ehmsas.exe -> [2006/11/02 07:35:32 | 00,037,376 | ---- | M] (Microsoft Corporation)
    apntex.exe -> C:\Program Files\Apoint2K\ApntEx.exe -> [2006/09/07 19:06:08 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.)
    hpqwmiex.exe -> C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -> [2006/05/02 16:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.)
     
    [Win32 Services - Safe List]
    (stllssvr) [On_Demand | Stopped] ->  -> File not found
    (NMIndexingService) [Disabled | Stopped] ->  -> File not found
    (NetTcpPortSharing) [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2009/05/17 07:55:33 | 00,132,096 | ---- | M] (Microsoft Corporation)
    (idsvc) [Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2009/05/17 07:55:23 | 00,881,664 | ---- | M] (Microsoft Corporation)
    (FontCache3.0.0.0) [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2009/05/17 07:55:09 | 00,046,104 | ---- | M] (Microsoft Corporation)
    (clr_optimization_v2.0.50727_32) [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/05/17 03:15:11 | 00,069,632 | ---- | M] (Microsoft Corporation)
    (odserv) [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2008/11/04 03:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation)
    (SBSDWSCService) [Auto | Running] -> C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -> [2008/07/07 11:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.)
    (Adobe LM Service) [On_Demand | Stopped] -> C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -> [2008/01/23 17:55:39 | 00,072,704 | ---- | M] (Adobe Systems)
    (WinDefend) [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2007/07/25 06:44:06 | 00,265,912 | ---- | M] (Microsoft Corporation)
    (CLSched) [Auto | Running] -> C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -> [2007/05/18 21:23:00 | 00,106,593 | ---- | M] ()
    (CLCapSvc) [Auto | Running] -> C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -> [2007/05/18 21:22:58 | 00,266,339 | ---- | M] ()
    (HP Health Check Service) [Auto | Running] -> c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -> [2007/05/16 09:49:12 | 00,061,440 | ---- | M] (Hewlett-Packard)
    (LightScribeService) [Disabled | Stopped] -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2007/04/19 15:35:46 | 00,075,304 | ---- | M] (Hewlett-Packard Company)
    (RoxMediaDB9) [On_Demand | Stopped] -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> [2007/02/12 11:36:58 | 00,880,640 | ---- | M] (Sonic Solutions)
    (Com4Qlb) [On_Demand | Stopped] -> C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -> [2007/01/09 16:55:34 | 00,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.)
    (XAudioService) [Auto | Running] -> C:\Windows\System32\drivers\XAudio.exe -> [2006/11/27 19:44:58 | 00,386,560 | ---- | M] (Conexant Systems, Inc.)
    (WMPNetworkSvc) [On_Demand | Stopped] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2006/11/02 07:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation)
    (ehSched) [On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation)
    (ehstart) [On_Demand | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation)
    (ehRecvr) [On_Demand | Stopped] -> C:\Windows\ehome\ehrecvr.exe -> [2006/11/02 07:35:28 | 00,291,840 | ---- | M] (Microsoft Corporation)
    (ose) [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
    (hpqwmiex) [Auto | Running] -> C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -> [2006/05/02 16:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.)
    (IDriverT) [On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 03:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
     
    [Driver Services - Safe List]
    (CnxtHdAudService) Conexant UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\CHDRT32.sys -> [2008/03/03 13:32:00 | 00,188,416 | ---- | M] (Conexant Systems Inc.)
    (ApfiltrService) Alps Pointing-device Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Apfiltr.sys -> [2007/07/07 00:58:56 | 00,155,136 | ---- | M] (Alps Electric Co., Ltd.)
    (nvlddmkm) nvlddmkm [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvlddmkm.sys -> [2007/06/19 16:21:00 | 07,563,744 | ---- | M] (NVIDIA Corporation)
    (HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\CHDART.sys -> [2007/04/29 23:59:30 | 00,160,768 | ---- | M] (Conexant Systems Inc.)
    (rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rixdptsk.sys -> [2007/03/21 02:02:04 | 00,037,376 | ---- | M] (REDC)
    (NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvmfdx32.sys -> [2007/03/06 08:15:58 | 01,059,112 | ---- | M] (NVIDIA Corporation)
    (rimmptsk) rimmptsk [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rimmptsk.sys -> [2007/02/23 18:42:22 | 00,039,936 | ---- | M] (REDC)
    (nvsmu) nvsmu [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvsmu.sys -> [2007/02/16 03:50:32 | 00,012,032 | ---- | M] (NVIDIA Corporation)
    (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\PxHelp20.sys -> [2007/02/02 05:00:00 | 00,043,528 | ---- | M] (Sonic Solutions)
    (rimsptsk) rimsptsk [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rimsptsk.sys -> [2007/01/22 20:40:20 | 00,042,496 | ---- | M] (REDC)
    (BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\BCMWL6.SYS -> [2007/01/03 10:43:12 | 00,534,016 | ---- | M] (Broadcom Corporation)
    (BCM43XV) Broadcom Extensible 802.11 Network Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\BCMWL6.SYS -> [2007/01/03 10:43:12 | 00,534,016 | ---- | M] (Broadcom Corporation)
    (HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HSX_DPV.sys -> [2006/12/06 18:05:58 | 00,985,600 | ---- | M] (Conexant Systems, Inc.)
    (HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HSXHWAZL.sys -> [2006/12/06 18:04:36 | 00,207,360 | ---- | M] (Conexant Systems, Inc.)
    (winachsf) winachsf [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HSX_CNXT.sys -> [2006/12/06 18:04:26 | 00,659,968 | ---- | M] (Conexant Systems, Inc.)
    (eabfiltr) eabfiltr [Kernel | System | Running] -> C:\Windows\System32\drivers\eabfiltr.sys -> [2006/11/30 12:24:58 | 00,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.)
    (XAudio) XAudio [Kernel | Auto | Running] -> C:\Windows\System32\drivers\XAudio.sys -> [2006/11/27 19:44:52 | 00,008,192 | ---- | M] (Conexant Systems, Inc.)
    (ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2006/11/02 04:51:45 | 00,900,712 | ---- | M] (QLogic Corporation)
    (adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2006/11/02 04:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.)
    (elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2006/11/02 04:51:34 | 00,316,520 | ---- | M] (Emulex)
    (adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2006/11/02 04:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.)
    (uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2006/11/02 04:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.)
    (iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation)
    (adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2006/11/02 04:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.)
    (ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2006/11/02 04:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.)
    (vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2006/11/02 04:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd)
    (ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation)
    (UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.)
    (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.)
    (nvraid) nvraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2006/11/02 04:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation)
    (nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation)
    (iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
    (SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2006/11/02 04:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems)
    (nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation)
    (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.)
    (arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2006/11/02 04:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.)
    (LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2006/11/02 04:50:10 | 00,065,640 | ---- | M] (LSI Logic)
    (SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid2.sys -> [2006/11/02 04:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.)
    (HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2006/11/02 04:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company)
    (arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2006/11/02 04:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.)
    (iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
    (iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
    (LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2006/11/02 04:50:05 | 00,065,640 | ---- | M] (LSI Logic)
    (Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic)
    (LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2006/11/02 04:50:04 | 00,065,640 | ---- | M] (LSI Logic)
    (Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic)
    (Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation)
    (Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic)
    (megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2006/11/02 04:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation)
    (viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2006/11/02 04:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.)
    (cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2006/11/02 04:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.)
    (aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2006/11/02 04:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.)
    (scsiscan) SCSI Scanner Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\scsiscan.sys -> [2006/11/02 04:14:17 | 00,014,336 | ---- | M] (Microsoft Corporation)
    (usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\USBAUDIO.sys -> [2006/11/02 03:55:04 | 00,071,552 | ---- | M] (Microsoft Corporation)
    (Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.)
    (BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.)
    (BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.)
    (BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.)
    (BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.)
    (BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.)
    (HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\VSTAZL3.SYS -> [2006/11/02 02:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.)
    (ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies)
    (E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\e100b325.sys -> [2006/11/02 02:30:54 | 00,163,328 | ---- | M] (Intel Corporation)
    (E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\E1G60I32.sys -> [2006/11/02 02:30:54 | 00,117,760 | ---- | M] (Intel Corporation)
    (secdrv) Security Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\secdrv.sys -> [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    (ialm) ialm [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\igdkmd32.sys -> [2006/10/18 21:10:57 | 01,380,864 | ---- | M] (Intel Corporation)
    (HBtnKey) HBtnKey [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\CPQBttn.sys -> [2006/06/28 11:54:00 | 00,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.)
    (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\Windows\System32\drivers\mdmxsdk.sys -> [2006/06/18 17:26:58 | 00,012,672 | ---- | M] (Conexant)
    (cdudf_xp) cdudf_xp [File_System | System | Running] -> C:\Windows\System32\drivers\Cdudf_xp.sys -> [2003/12/01 16:46:22 | 00,259,200 | ---- | M] (Roxio)
    (UdfReadr_xp) UdfReadr_xp [File_System | System | Running] -> C:\Windows\System32\drivers\UdfReadr_xp.sys -> [2003/12/01 16:46:22 | 00,213,120 | ---- | M] (Roxio)
    (DVDVRRdr_xp) DVDVRRdr_xp [File_System | System | Running] -> C:\Windows\System32\drivers\DVDVRRdr_xp.sys -> [2003/12/01 16:46:22 | 00,146,560 | ---- | M] (Roxio)
    (pwd_2k) pwd_2k [Kernel | System | Running] -> C:\Windows\System32\drivers\pwd_2K.sys -> [2003/12/01 16:46:22 | 00,118,409 | ---- | M] (Roxio)
    (mmc_2K) mmc_2K [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\Mmc_2k.sys -> [2003/12/01 16:46:22 | 00,022,745 | ---- | M] (Roxio)
    (dvd_2K) dvd_2K [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Dvd_2k.sys -> [2003/12/01 16:46:22 | 00,021,993 | ---- | M] (Roxio)
    (ATMhelpr) ATMhelpr [Kernel | System | Running] -> C:\Windows\System32\drivers\ATMHELPR.SYS -> [1997/06/17 06:00:00 | 00,004,064 | ---- | M] (Adobe Systems Incorporated)
     
    [Modules - Safe List]
    ots.exe -> C:\Users\Boltons\Desktop\OTS.exe -> [2009/11/01 23:45:14 | 00,524,800 | ---- | M] (OldTimer Tools)
    comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll -> [2006/11/02 04:38:57 | 01,648,128 | ---- | M] (Microsoft Corporation)
     
    [Registry - Safe List]
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
    HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
    HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
    HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
    HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
    HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
    < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
    HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop -> 
    HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\Windows\system32\blank.htm -> 
    HKEY_CURRENT_USER\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
    HKEY_CURRENT_USER\: Main\\"Start Page" -> about:blank -> 
    HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 -> 
    HKEY_CURRENT_USER\: "ProxyEnable" -> 1 -> 
    HKEY_CURRENT_USER\: "ProxyOverride" -> <local> -> 
    HKEY_CURRENT_USER\: "ProxyServer" -> 172.16.1.1:3128 -> 
    < FireFox Settings [Prefs.js] > -> C:\Users\Boltons\AppData\Roaming\Mozilla\FireFox\Profiles\2omo30gc.default\prefs.js -> 
    browser.search.defaultenginename -> "Google" ->
    browser.search.defaulturl -> "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" ->
    browser.search.selectedEngine -> "Google" ->
    browser.search.update -> false ->
    browser.search.useDBForOrder -> true ->
    browser.startup.homepage -> "http://www.google.com/|http://www.yahoo.com/" ->
    extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2 ->
    extensions.enabledItems -> {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525 ->
    extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.1 ->
    extensions.enabledItems -> {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16 ->
    extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1 ->
    network.proxy.backup.ftp -> "" ->
    network.proxy.backup.ftp_port -> 0 ->
    network.proxy.backup.gopher -> "" ->
    network.proxy.backup.gopher_port -> 0 ->
    network.proxy.backup.socks -> "" ->
    network.proxy.backup.socks_port -> 0 ->
    network.proxy.backup.ssl -> "" ->
    network.proxy.backup.ssl_port -> 0 ->
    network.proxy.ftp -> "172.16.1.1" ->
    network.proxy.ftp_port -> 3128 ->
    network.proxy.gopher -> "172.16.1.1" ->
    network.proxy.gopher_port -> 3128 ->
    network.proxy.http -> "172.16.1.1" ->
    network.proxy.http_port -> 3128 ->
    network.proxy.share_proxy_settings -> true ->
    network.proxy.socks -> "172.16.1.1" ->
    network.proxy.socks_port -> 3128 ->
    network.proxy.ssl -> "172.16.1.1" ->
    network.proxy.ssl_port -> 3128 ->
    network.proxy.type -> 4 ->
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions ->  -> 
    HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2008/09/05 13:32:03 | 00,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/10/31 13:28:05 | 00,000,000 | ---D | M]
    < FireFox Extensions [User Folders] > -> 
      -> C:\Users\Boltons\AppData\Roaming\Mozilla\Extensions -> [2008/09/05 13:34:33 | 00,000,000 | ---D | M]
      -> C:\Users\Boltons\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2008/09/05 13:34:33 | 00,000,000 | ---D | M]
      -> C:\Users\Boltons\AppData\Roaming\Mozilla\Firefox\Profiles\2omo30gc.default\extensions -> [2009/10/31 17:31:17 | 00,000,000 | ---D | M]
      -> C:\Users\Boltons\AppData\Roaming\Mozilla\Firefox\Profiles\2omo30gc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/09/16 03:28:49 | 00,000,000 | ---D | M]
      -> C:\Users\Boltons\AppData\Roaming\Mozilla\Firefox\Profiles\2omo30gc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} -> [2008/01/08 02:10:23 | 00,000,000 | ---D | M]
      -> C:\Users\Boltons\AppData\Roaming\Mozilla\Firefox\Profiles\2omo30gc.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} -> [2009/07/30 22:36:06 | 00,000,000 | ---D | M]
      -> C:\Users\Boltons\AppData\Roaming\Mozilla\Firefox\Profiles\2omo30gc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2009/04/16 15:24:00 | 00,000,000 | ---D | M]
    < FireFox SearchPlugins [User Folders] > -> 
     aboutcom.xml -> C:\Users\Boltons\AppData\Roaming\Mozilla\Firefox\Profiles\2omo30gc.default\searchplugins\aboutcom.xml -> [2008/03/06 02:40:49 | 00,005,322 | ---- | M] ()
     wikipedia-english.xml -> C:\Users\Boltons\AppData\Roaming\Mozilla\Firefox\Profiles\2omo30gc.default\searchplugins\wikipedia-english.xml -> [2008/03/06 02:40:35 | 00,005,325 | ---- | M] ()
    < FireFox Extensions [Program Folders] > -> 
      -> C:\Program Files\Mozilla Firefox\extensions -> [2009/10/31 13:28:34 | 00,000,000 | ---D | M]
      -> C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} -> [2008/01/06 12:59:30 | 00,000,000 | ---D | M]
      -> C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2008/09/05 13:32:03 | 00,000,000 | ---D | M]
      -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} -> [2009/10/31 13:28:34 | 00,000,000 | ---D | M]
      -> C:\Program Files\Mozilla Firefox\extensions\[email protected] -> [2008/09/05 13:32:03 | 00,000,000 | ---D | M]
      -> C:\Program Files\Mozilla Firefox\extensions\[email protected] -> [2008/09/05 13:32:03 | 00,000,000 | ---D | M]
    < FireFox Components [Program Folders] > -> 
     browserdirprovider.dll -> C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll -> [2008/09/05 13:31:39 | 00,023,040 | ---- | M] (Mozilla Foundation)
     brwsrcmp.dll -> C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll -> [2008/09/05 13:31:39 | 00,134,144 | ---- | M] (Mozilla Foundation)
    < HOSTS File > (288570 bytes and 9988 lines) -> C:\Windows\System32\drivers\etc\hosts -> 
    First 25 entries...
    Reset Hosts
    127.0.0.1       localhost
    ::1             localhost
    127.0.0.1    www.007guard.com
    127.0.0.1    007guard.com
    127.0.0.1    008i.com
    127.0.0.1    www.008k.com
    127.0.0.1    008k.com
    127.0.0.1    www.00hq.com
    127.0.0.1    00hq.com
    127.0.0.1    010402.com
    127.0.0.1    www.032439.com
    127.0.0.1    032439.com
    127.0.0.1    www.100888290cs.com
    127.0.0.1    100888290cs.com
    127.0.0.1    www.100sexlinks.com
    127.0.0.1    100sexlinks.com
    127.0.0.1    www.10sek.com
    127.0.0.1    10sek.com
    127.0.0.1    www.123topsearch.com
    127.0.0.1    123topsearch.com
    127.0.0.1    www.132.com
    127.0.0.1    132.com
    127.0.0.1    www.136136.net
    127.0.0.1    136136.net
    Continued in second post.....................SeaSalt
    ===========================
    End of my pasted logfile
     
  13. SeaSalt

    SeaSalt Thread Starter

    Joined:
    Oct 11, 2009
    Messages:
    56
    CookieGal,

    WELL, I DID IT AGAIN. THIS POST IS OVER THE 30000 CHARACTER LIMIT BY 1700 CHARACTERS. THERE WILL BE A THIRD PORTION TO THIS REPLY............SORRY FOR ANY INCONVENIENCE...........SEASALT

    Here is the second portion of my REPLY post to you - Please let me know that you received both parts OK
    Thanks .... SeaSalt
    ==========================
    127.0.0.1 www.136136.net
    127.0.0.1 136136.net
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2008/06/12 01:33:16 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
    {3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2008/03/22 16:37:08 | 00,308,856 | ---- | M] (RealPlayer)
    {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 14:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
    {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/10/31 13:27:43 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
    < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
    WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    "Apoint" -> C:\Program Files\Apoint2K\Apoint.exe [C:\Program Files\Apoint2K\Apoint.exe] -> [2007/07/08 12:11:08 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.)
    "hpWirelessAssistant" -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe] -> [2007/05/11 15:21:10 | 00,472,632 | ---- | M] (Hewlett-Packard Development Company, L.P.)
    "MSConfig" -> C:\Windows\System32\msconfig.exe ["C:\Windows\system32\msconfig.exe" /auto] -> [2006/11/02 04:45:25 | 00,222,208 | ---- | M] (Microsoft Corporation)
    "NvSvc" -> C:\Windows\System32\nvsvc.DLL [RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart] -> [2007/06/19 16:21:00 | 00,086,016 | ---- | M] (NVIDIA Corporation)
    "SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/10/31 13:27:43 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
    "WAWifiMessage" -> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe] -> [2007/01/10 18:12:08 | 00,317,128 | ---- | M] (Hewlett-Packard Development Company, L.P.)
    < RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
    "Launcher" -> C:\Windows\SMINST\Launcher.exe [%WINDIR%\SMINST\launcher.exe] -> [2006/11/07 19:39:18 | 00,044,128 | ---- | M] (soft thinks)
    < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    "cdloader" -> C:\Users\Boltons\AppData\Roaming\mjusbsp\cdloader2.exe ["C:\Users\Boltons\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK] -> [2009/08/01 11:11:28 | 00,050,520 | ---- | M] (magicJack L.P.)
    "ehTray.exe" -> C:\Windows\ehome\ehtray.exe [C:\Windows\ehome\ehTray.exe] -> [2006/11/02 07:35:32 | 00,125,440 | ---- | M] (Microsoft Corporation)
    < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    \\"ConsentPromptBehaviorAdmin" -> [2] -> File not found
    \\"ConsentPromptBehaviorUser" -> [1] -> File not found
    \\"EnableInstallerDetection" -> [1] -> File not found
    \\"EnableLUA" -> [1] -> File not found
    \\"EnableSecureUIAPaths" -> [1] -> File not found
    \\"EnableVirtualization" -> [1] -> File not found
    \\"PromptOnSecureDesktop" -> [1] -> File not found
    \\"ValidateAdminCodeSignatures" -> [0] -> File not found
    \\"dontdisplaylastusername" -> [0] -> File not found
    \\"legalnoticecaption" -> [] -> File not found
    \\"legalnoticetext" -> [] -> File not found
    \\"scforceoption" -> [0] -> File not found
    \\"shutdownwithoutlogon" -> [1] -> File not found
    \\"undockwithoutlogon" -> [1] -> File not found
    \\"FilterAdministratorToken" -> [0] -> File not found
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
    \UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" -> [1] -> File not found
    \UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" -> [2] -> File not found
    \UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" -> [7] -> File not found
    \UIPI\Clipboard\ExceptionFormats\\"CF_DIB" -> [8] -> File not found
    \UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" -> [9] -> File not found
    \UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" -> [13] -> File not found
    \UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" -> [17] -> File not found
    < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" -> [145] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    \\"LogonHoursAction" -> [2] -> File not found
    \\"DontDisplayLogonHoursWarnings" -> [1] -> File not found
    \\"DisableRegistryTools" -> [0] -> File not found
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
    {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2008/10/25 09:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
    {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2008/10/25 09:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
    {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 06:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation)
    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
    < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
    PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
    PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5195 domain(s) found. ->
    49 domain(s) and sub-domain(s) not assigned to a zone.
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
    < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 8 domain(s) found. ->
    akamai.net .
    [*] -> Trusted sites ->
    akamai_avg.com
    [*] -> Trusted sites ->
    update_avg.com
    [*] -> Trusted sites ->
    akamai_avg.cz
    [*] -> Trusted sites ->
    backup_avg.cz
    [*] -> Trusted sites ->
    download_avg.cz
    [*] -> Trusted sites ->
    files2_avg.cz
    [*] -> Trusted sites ->
    akamai.avg.com_edgesuite.net
    [*] -> Trusted sites ->
    akamai.avg.cz_edgesuite.net
    [*] -> Trusted sites ->
    akamai.grisoft.com_edgesuite.net
    [*] -> Trusted sites ->
    akamai.grisoft.cz_edgesuite.net
    [*] -> Trusted sites ->
    akamai_grisoft.com
    [*] -> Trusted sites ->
    update_grisoft.com
    [*] -> Trusted sites ->
    akamai_grisoft.cz
    [*] -> Trusted sites ->
    backup_grisoft.cz
    [*] -> Trusted sites ->
    download_grisoft.cz
    [*] -> Trusted sites ->
    files2_grisoft.cz
    [*] -> Trusted sites ->
    my_magicjack.com [https] -> Trusted sites ->
    reg_talk4free.com [https] -> Trusted sites ->
    7 domain(s) and sub-domain(s) not assigned to a zone.
    < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
    {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] ->
    {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] ->
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] ->
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
    DhcpNameServer -> 207.255.176.40 ->
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
    {0904E5AE-DF43-48FE-B1F4-D314C3E56707}\\DhcpNameServer -> 207.255.176.40 (NVIDIA nForce Networking Controller) ->
    {6CAAE3ED-3487-4EEC-A8D7-EF25C4E7C65B}\\DhcpNameServer -> 180.18.4.10 207.255.176.40 207.255.176.37 (Broadcom 802.11b/g WLAN) ->
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
    explorer.exe -> C:\Windows\explorer.exe -> [2009/05/17 10:09:56 | 02,923,520 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> ->
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -> C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> [2006/08/30 13:35:12 | 00,952,088 | ---- | M] (EarthLink, Inc.)
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
    "AlternateShell" -> cmd.exe ->
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 ->
    "DisplayName" -> CD-ROM Driver ->
    "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
    < Drives with AutoRun files > -> ->
    C:\autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\autoexec.bat [ NTFS ] -> [2007/07/25 07:42:24 | 00,000,074 | ---- | M] ()
    D:\AUTOMODE [@echo off | IF EXIST C:\ST_RP\MANUALMODE ECHO MANUAL BATCH MODE ALREADY SET ! | IF NOT EXIST C:\ST_RP\MANUALMODE ECHO SET TO MANUAL BATCH EXECUTION ! | IF NOT EXIST C:\ST_RP\MANUALMODE IF EXIST C:\ST_RP\AUTOMODE DEL C:\ST_RP\AUTOMODE /F > NUL | IF NOT EXIST C:\ST_RP\MANUALMODE COPY C:\ST_RP\SET_AUTO_MODE.CMD C:\ST_RP\MANUALMODE > NUL | ECHO. | ] -> D:\AUTOMODE [ NTFS ] -> [2005/09/11 10:18:54 | 00,000,340 | -HS- | M] ()
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
    \{2256b85b-42f9-11dd-b71a-001a6bdb9438}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2256b85b-42f9-11dd-b71a-001a6bdb9438}\shell\AutoRun\command
    \{2256b85b-42f9-11dd-b71a-001a6bdb9438}\shell\AutoRun\command\\"" -> F:\autorun.exe [F:\autorun.exe] -> File not found
    \{2256b85b-42f9-11dd-b71a-001a6bdb9438}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2256b85b-42f9-11dd-b71a-001a6bdb9438}\shell\phone\command
    \{2256b85b-42f9-11dd-b71a-001a6bdb9438}\shell\phone\command\\"" -> F:\autorun.exe [F:\autorun.exe] -> File not found
    \{31519f74-54f9-11dd-a0e8-001a6bdb9438}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31519f74-54f9-11dd-a0e8-001a6bdb9438}\shell
    \{31519f74-54f9-11dd-a0e8-001a6bdb9438}\shell\\"" -> [AutoRun] -> File not found
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31519f74-54f9-11dd-a0e8-001a6bdb9438}\shell\AutoRun\command
    \{31519f74-54f9-11dd-a0e8-001a6bdb9438}\shell\AutoRun\command\\"" -> F:\LapNetWizard.exe [F:\LapNetWizard.exe] -> File not found
    \{57ccf86e-816d-11de-93d9-001a6bdb9438}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57ccf86e-816d-11de-93d9-001a6bdb9438}\shell\AutoRun\command
    \{57ccf86e-816d-11de-93d9-001a6bdb9438}\shell\AutoRun\command\\"" -> H:\autorun.exe [H:\autorun.exe] -> File not found
    \{57ccf86e-816d-11de-93d9-001a6bdb9438}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57ccf86e-816d-11de-93d9-001a6bdb9438}\shell\phone\command
    \{57ccf86e-816d-11de-93d9-001a6bdb9438}\shell\phone\command\\"" -> H:\autorun.exe [H:\autorun.exe] -> File not found
    \{9bb74b1c-8458-11de-8309-0016d3afc911}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bb74b1c-8458-11de-8309-0016d3afc911}\shell
    \{9bb74b1c-8458-11de-8309-0016d3afc911}\shell\\"" -> [AutoRun] -> File not found
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bb74b1c-8458-11de-8309-0016d3afc911}\shell\AutoRun\command
    \{9bb74b1c-8458-11de-8309-0016d3afc911}\shell\AutoRun\command\\"" -> F:\LapNetWizard.exe [F:\LapNetWizard.exe] -> File not found
    \{9dc58be7-9a66-11de-b84f-0016d3afc911}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dc58be7-9a66-11de-b84f-0016d3afc911}\shell\AutoRun\command
    \{9dc58be7-9a66-11de-b84f-0016d3afc911}\shell\AutoRun\command\\"" -> G:\autorun.exe [G:\autorun.exe] -> File not found
    \{9dc58be7-9a66-11de-b84f-0016d3afc911}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dc58be7-9a66-11de-b84f-0016d3afc911}\shell\phone\command
    \{9dc58be7-9a66-11de-b84f-0016d3afc911}\shell\phone\command\\"" -> G:\autorun.exe [G:\autorun.exe] -> File not found
    \{a09a3898-c6df-11de-a464-001a6bdb9438}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a09a3898-c6df-11de-a464-001a6bdb9438}\shell
    \{a09a3898-c6df-11de-a464-001a6bdb9438}\shell\\"" -> [AutoRun] -> File not found
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a09a3898-c6df-11de-a464-001a6bdb9438}\shell\AutoRun\command
    \{a09a3898-c6df-11de-a464-001a6bdb9438}\shell\AutoRun\command\\"" -> H:\LaunchU3.exe [H:\LaunchU3.exe -a] -> File not found
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
    comfile [open] -> "%1" %* -> File not found
    exefile [open] -> "%1" %* -> File not found

    [Registry - Additional Scans - Safe List]
    < Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ ->
    C:^Users^Boltons^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -> [2005/03/16 22:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
    C:^Users^Boltons^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MemTurbo.lnk -> C:\PROGRA~1\MEMTUR~1\MemTurbo.exe -> File not found
    C:^Users^Boltons^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE -> [2008/10/25 10:18:50 | 00,098,696 | ---- | M] (Microsoft Corporation)
    C:^Users^Boltons^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TDK Launcher.lnk -> C:\Program Files\TDK\TDKLauncher\TDKLauncher.exe -> [2003/07/24 13:36:28 | 00,241,664 | ---- | M] (TDK)
    < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
    Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe -> [2008/06/12 05:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
    AVG8_TRAY hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\PROGRA~1\AVG\AVG8\avgtray.exe -> File not found
    cdloader hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Users\Boltons\AppData\Roaming\mjusbsp\cdloader2.exe -> [2009/08/01 11:11:28 | 00,050,520 | ---- | M] (magicJack L.P.)
    HP Health Check Scheduler hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe -> [2007/05/16 09:20:12 | 00,071,176 | ---- | M] (Hewlett-Packard)
    HP Software Update hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\HP\HP Software Update\hpwuSchd2.exe -> [2007/05/08 23:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
    OnScreenDisplay hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe -> [2007/06/12 21:14:22 | 00,554,552 | ---- | M] ( Hewlett-Packard Development Company, L.P.)
    QlbCtrl hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found
    QPService hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\HP\QuickPlay\QPService.exe -> [2007/05/18 21:22:36 | 00,181,744 | ---- | M] (CyberLink Corp.)
    RoxAssistant hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Roxio Shared\Upgrade\RoxAssist.exe -> [2003/12/01 16:51:10 | 00,090,112 | ---- | M] (Roxio)
    RoxioAudioCentral hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe -> [2003/07/15 14:38:26 | 00,319,488 | ---- | M] (Roxio, Inc.)
    RoxioDragToDisc hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe -> [2003/12/01 16:46:22 | 00,868,352 | ---- | M] (Roxio)
    RoxioEngineUtility hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe -> [2003/05/01 20:44:50 | 00,065,536 | ---- | M] (Roxio)
    Sharkbyte hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Grooveshark\sharkbyte.exe -> File not found
    TkBellExe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> [2008/03/22 16:36:49 | 00,185,896 | ---- | M] (RealNetworks, Inc.)
    Windows Defender hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found
    < Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state ->
    "services" -> 2 ->
    "startup" -> 2 ->
    < EventViewer Logs - Last 10 Errors > -> Event Information -> Description
    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    [Files/Folders - Created Within 30 Days]
    OTS.exe -> C:\Users\Boltons\Desktop\OTS.exe -> [2009/11/01 23:45:13 | 00,524,800 | ---- | C] (OldTimer Tools)
    avgremover.exe -> C:\Users\Boltons\Desktop\avgremover.exe -> [2009/10/31 14:11:16 | 00,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.)
    deploytk.dll -> C:\Windows\System32\deploytk.dll -> [2009/10/31 13:28:04 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.)
    javaws.exe -> C:\Windows\System32\javaws.exe -> [2009/10/31 13:28:04 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.)
    javaw.exe -> C:\Windows\System32\javaw.exe -> [2009/10/31 13:28:04 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.)
    java.exe -> C:\Windows\System32\java.exe -> [2009/10/31 13:28:04 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.)
    C:\Program Files\Java -> C:\Program Files\Java -> [2009/10/31 13:27:31 | 00,000,000 | ---D | C]
    jre-6u16-windows-i586.exe -> C:\Users\Boltons\Desktop\jre-6u16-windows-i586.exe -> [2009/10/31 13:12:02 | 16,664,352 | ---- | C] (Sun Microsystems, Inc.)
    MEBASch Diesel Course Photos22Oct09 -> C:\Users\Boltons\Desktop\MEBASch Diesel Course Photos22Oct09 -> [2009/10/25 11:51:16 | 00,000,000 | ---D | C]
    MEBASch Diesel Lab Photos ONLY22Oct09 -> C:\Users\Boltons\Desktop\MEBASch Diesel Lab Photos ONLY22Oct09 -> [2009/10/25 11:50:53 | 00,000,000 | ---D | C]
    ERDNT -> C:\Windows\ERDNT -> [2009/10/25 00:35:59 | 00,000,000 | ---D | C]
    Qoobox -> C:\Qoobox -> [2009/10/23 21:13:28 | 00,000,000 | ---D | C]
    C:\Users\Boltons\AppData\Roaming\Malwarebytes -> C:\Users\Boltons\AppData\Roaming\Malwarebytes -> [2009/10/18 19:05:30 | 00,000,000 | ---D | C]
    mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2009/10/18 19:05:26 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
    mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2009/10/18 19:05:24 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
    Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009/10/18 19:05:24 | 00,000,000 | ---D | C]
    C:\ProgramData\Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009/10/18 19:05:24 | 00,000,000 | ---D | C]
    C:\Program Files\Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/10/18 19:05:24 | 00,000,000 | ---D | C]
    Sun -> C:\Windows\Sun -> [2009/10/17 17:55:47 | 00,000,000 | ---D | C]
    My YouTube -> C:\Users\Boltons\Documents\My YouTube -> [2009/10/15 19:34:57 | 00,000,000 | ---D | C]
    C:\Users\Boltons\AppData\Local\YouTubeAssistant -> C:\Users\Boltons\AppData\Local\YouTubeAssistant -> [2009/10/15 19:34:56 | 00,000,000 | ---D | C]
    C:\Program Files\Eurekr.com -> C:\Program Files\Eurekr.com -> [2009/10/15 19:30:19 | 00,000,000 | ---D | C]
    Ares Tube -> C:\Ares Tube -> [2009/10/15 18:47:29 | 00,000,000 | ---D | C]
    wucltux.dll -> C:\Windows\System32\wucltux.dll -> [2009/10/06 00:18:40 | 02,421,760 | ---- | C] (Microsoft Corporation)
    wuaueng.dll -> C:\Windows\System32\wuaueng.dll -> [2009/10/06 00:18:40 | 01,929,952 | ---- | C] (Microsoft Corporation)
    wuauclt.exe -> C:\Windows\System32\wuauclt.exe -> [2009/10/06 00:18:40 | 00,053,472 | ---- | C] (Microsoft Corporation)
    wups2.dll -> C:\Windows\System32\wups2.dll -> [2009/10/06 00:18:40 | 00,044,768 | ---- | C] (Microsoft Corporation)
    wuapi.dll -> C:\Windows\System32\wuapi.dll -> [2009/10/06 00:17:54 | 00,575,704 | ---- | C] (Microsoft Corporation)
    wudriver.dll -> C:\Windows\System32\wudriver.dll -> [2009/10/06 00:17:54 | 00,087,552 | ---- | C] (Microsoft Corporation)
    wups.dll -> C:\Windows\System32\wups.dll -> [2009/10/06 00:17:54 | 00,035,552 | ---- | C] (Microsoft Corporation)
    wuwebv.dll -> C:\Windows\System32\wuwebv.dll -> [2009/10/06 00:17:44 | 00,171,608 | ---- | C] (Microsoft Corporation)
    wuapp.exe -> C:\Windows\System32\wuapp.exe -> [2009/10/06 00:17:44 | 00,033,792 | ---- | C] (Microsoft Corporation)
    1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp ->
    CONTINUED IN 3RD POST REPLY.............SEASALT
     
  14. SeaSalt

    SeaSalt Thread Starter

    Joined:
    Oct 11, 2009
    Messages:
    56
    CookieGal,
    Here is the THIRD portion of my post reply to you.
    I'm really sorry I didn't divide the message into two parts. Poor guessing on my part.
    ==============================
    00:17:44 | 00,033,792 | ---- | C] (Microsoft Corporation)
    1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp ->

    [Files/Folders - Modified Within 30 Days]
    NTUSER.DAT -> C:\Users\Boltons\NTUSER.DAT -> [2009/11/01 23:50:41 | 06,029,312 | -HS- | M] ()
    OTS.exe -> C:\Users\Boltons\Desktop\OTS.exe -> [2009/11/01 23:45:14 | 00,524,800 | ---- | M] (OldTimer Tools)
    7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009/11/01 23:31:21 | 00,003,072 | ---- | M] ()
    7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009/11/01 23:31:21 | 00,003,072 | ---- | M] ()
    DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Boltons\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/11/01 16:17:26 | 00,146,944 | ---- | M] ()
    perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2009/11/01 15:36:24 | 00,621,552 | ---- | M] ()
    perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2009/11/01 15:36:24 | 00,104,868 | ---- | M] ()
    PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2009/11/01 15:36:23 | 00,720,952 | ---- | M] ()
    SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009/11/01 15:31:28 | 00,000,006 | -H-- | M] ()
    bootstat.dat -> C:\Windows\bootstat.dat -> [2009/11/01 15:30:24 | 00,067,584 | --S- | M] ()
    hiberfil.sys -> C:\hiberfil.sys -> [2009/11/01 15:30:19 | 20,792,48384 | -HS- | M] ()
    IconCache.db -> C:\Users\Boltons\AppData\Local\IconCache.db -> [2009/11/01 11:55:50 | 04,409,821 | -H-- | M] ()
    nvModes.dat -> C:\Users\Boltons\AppData\Roaming\nvModes.dat -> [2009/10/31 14:31:09 | 00,054,503 | ---- | M] ()
    nvModes.001 -> C:\Users\Boltons\AppData\Roaming\nvModes.001 -> [2009/10/31 14:31:08 | 00,054,503 | ---- | M] ()
    deploytk.dll -> C:\Windows\System32\deploytk.dll -> [2009/10/31 13:27:43 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.)
    javaws.exe -> C:\Windows\System32\javaws.exe -> [2009/10/31 13:27:43 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
    javaw.exe -> C:\Windows\System32\javaw.exe -> [2009/10/31 13:27:43 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.)
    java.exe -> C:\Windows\System32\java.exe -> [2009/10/31 13:27:43 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.)
    jre-6u16-windows-i586.exe -> C:\Users\Boltons\Desktop\jre-6u16-windows-i586.exe -> [2009/10/31 13:12:18 | 16,664,352 | ---- | M] (Sun Microsystems, Inc.)
    Java Updating Steps 31Oct09 - Shortcut.lnk -> C:\Users\Boltons\Desktop\Java Updating Steps 31Oct09 - Shortcut.lnk -> [2009/10/31 12:59:46 | 00,001,009 | ---- | M] ()
    avgremover.exe -> C:\Users\Boltons\Desktop\avgremover.exe -> [2009/10/31 12:28:05 | 00,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.)
    6 Wk Diesels PPT Course CMES 12Oct09 - Shortcut.lnk -> C:\Users\Boltons\Desktop\6 Wk Diesels PPT Course CMES 12Oct09 - Shortcut.lnk -> [2009/10/28 20:19:23 | 00,000,923 | ---- | M] ()
    zeztlu49.exe -> C:\Users\Boltons\Desktop\zeztlu49.exe -> [2009/10/27 16:16:18 | 00,291,328 | ---- | M] ()
    system.ini -> C:\Windows\system.ini -> [2009/10/25 01:28:58 | 00,000,248 | ---- | M] ()
    _test1a_Book1_14October09.xls -> C:\Users\Boltons\Documents\_test1a_Book1_14October09.xls -> [2009/10/24 14:14:59 | 00,041,472 | ---- | M] ()
    puppy.exe.exe -> C:\Users\Boltons\Desktop\puppy.exe.exe -> [2009/10/23 19:56:40 | 03,351,787 | R--- | M] ()
    Combofix.exe -> C:\Users\Boltons\Desktop\Combofix.exe -> [2009/10/23 19:56:40 | 03,351,787 | ---- | M] ()
    Sample Book from MarineDiesels UK.lnk -> C:\Users\Boltons\Desktop\Sample Book from MarineDiesels UK.lnk -> [2009/10/21 22:48:51 | 00,000,754 | ---- | M] ()
    Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/10/18 19:05:28 | 00,000,818 | ---- | M] ()
    _test1_Book1OLD.xls -> C:\Users\Boltons\Documents\_test1_Book1OLD.xls -> [2009/10/14 19:35:39 | 00,023,552 | ---- | M] ()
    magicJack.lnk -> C:\Users\Boltons\Desktop\magicJack.lnk -> [2009/10/10 08:02:30 | 00,000,903 | ---- | M] ()
    HijackThis.lnk -> C:\Users\Boltons\Desktop\HijackThis.lnk -> [2009/10/09 12:16:07 | 00,001,877 | ---- | M] ()
    MEBA Related - Shortcut.lnk -> C:\Users\Boltons\Desktop\MEBA Related - Shortcut.lnk -> [2009/10/09 12:16:07 | 00,000,721 | ---- | M] ()
    Worthy Inventory VER2003 pipes & fittings Aug09 - Shortcut.lnk -> C:\Users\Boltons\Desktop\Worthy Inventory VER2003 pipes & fittings Aug09 - Shortcut.lnk -> [2009/10/09 12:16:06 | 00,002,250 | ---- | M] ()
    _MOU Between Patriot Contract Services & MEBA dtd June 2007 19Dec08 - Shortcut.lnk -> C:\Users\Boltons\Desktop\_MOU Between Patriot Contract Services & MEBA dtd June 2007 19Dec08 - Shortcut.lnk -> [2009/10/09 12:16:05 | 00,001,287 | ---- | M] ()
    54 C:\Users\Boltons\AppData\Local\Temp\*.tmp files -> C:\Users\Boltons\AppData\Local\Temp\*.tmp ->
    54 C:\Users\Boltons\AppData\Local\Temp\*.tmp files -> C:\Users\Boltons\AppData\Local\Temp\*.tmp ->
    54 C:\Users\Boltons\AppData\Local\Temp\*.tmp files -> C:\Users\Boltons\AppData\Local\Temp\*.tmp ->
    1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp ->

    [Files - No Company Name]
    Java Updating Steps 31Oct09 - Shortcut.lnk -> C:\Users\Boltons\Desktop\Java Updating Steps 31Oct09 - Shortcut.lnk -> [2009/10/31 12:59:46 | 00,001,009 | ---- | C] ()
    6 Wk Diesels PPT Course CMES 12Oct09 - Shortcut.lnk -> C:\Users\Boltons\Desktop\6 Wk Diesels PPT Course CMES 12Oct09 - Shortcut.lnk -> [2009/10/28 20:19:23 | 00,000,923 | ---- | C] ()
    zeztlu49.exe -> C:\Users\Boltons\Desktop\zeztlu49.exe -> [2009/10/27 16:16:17 | 00,291,328 | ---- | C] ()
    puppy.exe.exe -> C:\Users\Boltons\Desktop\puppy.exe.exe -> [2009/10/23 21:03:21 | 03,351,787 | R--- | C] ()
    Combofix.exe -> C:\Users\Boltons\Desktop\Combofix.exe -> [2009/10/23 21:03:21 | 03,351,787 | ---- | C] ()
    Sample Book from MarineDiesels UK.lnk -> C:\Users\Boltons\Desktop\Sample Book from MarineDiesels UK.lnk -> [2009/10/21 22:48:51 | 00,000,754 | ---- | C] ()
    Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/10/18 19:05:28 | 00,000,818 | ---- | C] ()
    OGACheckControl.dll -> C:\Windows\System32\OGACheckControl.dll -> [2009/08/03 17:07:42 | 00,403,816 | ---- | C] ()
    ACROREAD.INI -> C:\Windows\ACROREAD.INI -> [2008/09/28 03:18:00 | 00,000,153 | ---- | C] ()
    MSVCRT10.DLL -> C:\Windows\System32\MSVCRT10.DLL -> [2008/09/28 03:16:18 | 00,210,944 | ---- | C] ()
    px.ini -> C:\Windows\System32\px.ini -> [2007/02/27 15:43:02 | 00,000,000 | ---- | C] ()
    CddbPlaylist2Roxio.dll -> C:\Windows\System32\CddbPlaylist2Roxio.dll -> [2006/12/14 01:01:36 | 00,520,192 | ---- | C] ()
    CddbFileTaggerRoxio.dll -> C:\Windows\System32\CddbFileTaggerRoxio.dll -> [2006/12/14 01:01:36 | 00,204,800 | ---- | C] ()
    sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 07:35:32 | 00,005,632 | ---- | C] ()
    igfxTMM.dll -> C:\Windows\System32\igfxTMM.dll -> [2006/11/02 05:25:21 | 00,061,440 | ---- | C] ()
    system.ini -> C:\Windows\system.ini -> [2006/11/02 05:23:31 | 00,000,248 | ---- | C] ()
    win.ini -> C:\Windows\win.ini -> [2006/11/02 05:23:31 | 00,000,219 | ---- | C] ()
    pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 02:40:29 | 00,013,750 | ---- | C] ()
    rixdicon.dll -> C:\Windows\System32\rixdicon.dll -> [2005/05/06 16:06:00 | 00,016,480 | ---- | C] ()

    [HardLinks - Junction Points - Mount Points - Symbolic Links]
    capilock.dat -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat -> HardLink
    < End of report >
    [/code]
    ===============
    END OF ORIGINAL POST.............SEASALT
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,608
    I don't know why you posted an old OTS log and there was no OTS Zone Alarm removal tool. The cpes_clean was the Zone Alarm removal tool, not the AVG one.

    In any event, we really are getting nowhere. I think the best thing to do to get things in order at this point would be to back up all important data, music, photos etc. to an external drive and then wipe the drive and reload the operating system to start fresh.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/867841