1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Firefox Broswer Redirect

Discussion in 'Virus & Other Malware Removal' started by qwerdf, Oct 31, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. qwerdf

    qwerdf Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    35
    Hi everyone. Here are my specs.

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
    Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz, x86 Family 15 Model 2 Stepping 4
    Processor Count: 1
    RAM: 479 Mb
    Graphics Card: SiS 650_740, 32 Mb
    Hard Drives: C: Total - 16378 MB, Free - 569 MB; D: Total - 40868 MB, Free - 40823 MB;
    Motherboard: ASUSTeK Computer INC., P4S266VX
    Antivirus: avast! Antivirus, Updated: Yes, On-Demand Scanner: Enabled


    I have been having some trouble lately with Firefox. I have noticed that every time I do a search on google or yahoo I get redirected to another site when I click on the links. This only seems to happen on firefox. I would really appreciate any help with this matter. Thank you. Here is my hijackthis logfile.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:50:23 PM, on 10/31/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\LTSMMSG.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
    O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [WorkForce 520(Network)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGIA.EXE /FU "C:\WINDOWS\TEMP\E_SB27.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [KeyboardManagerVerifier] rundll32.exe "C:\Documents and Settings\All Users\Application Data\KeyboardManagerVerifier.dll",DllRegisterServer
    O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - Software - (no file)
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: Contains -
    O16 - DPF: DownloadInformation -
    O16 - DPF: InstalledVersion -
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 216.127.92.38
    O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = mydomain.com
    O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 216.127.92.38
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.127.92.38
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: Google Update Service (gupdate1cadf534a566adc) (gupdate1cadf534a566adc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 12424 bytes
     
  2. Scolabar

    Scolabar

    Joined:
    Apr 15, 2011
    Messages:
    289
    Hi qwerdf,

    Firstly, welcome to the TSG - Virus & Other Malware Removal Forum. :)
    My name is Scolabar, and I'll be helping you with your malware problems.
    Logs can take a while to research, so please be patient.

    I am currently working under the guidance of teachers, everything I post to you, will need to be reviewed by them.
    This additional review process can add some extra time to my responses, but hopefully not too much.
    ;)

    Please note the following important guidelines before proceeding:

    1. The instructions that will be provided are for YOUR computer and system only!
      Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable
      !
    2. If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
    3. Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
    4. Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
      Absence of symptoms does not necessarily mean that everything is clear.
    5. DO NOT run any other fix or removal tools unless instructed to do so!
    6. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
    7. Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
    8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.

    If you follow these guidelines, things should proceed smoothly. :)
    I am currently reviewing your log and will return, as soon as possible, with additional instructions.

    Thank you for your patience.

    Scolabar
     
  3. qwerdf

    qwerdf Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    35
    Thanks for your help I really appreciate it.
     
  4. Scolabar

    Scolabar

    Joined:
    Apr 15, 2011
    Messages:
    289
    Hi qwerdf,

    Thank you again for your patience. :)

    I note from the information provided by the System Info Utility that your system only has 500Mb of RAM installed, which is considered to be the bare minimum for the Windows XP operating system at the level of SP3.
    I recommend that you upgrade the RAM in your PC to at least 1Gb - preferrably 2Gb - as this will improve performance of your computer. You can use the online scanning tool at Crucial by clicking on the Scan My Computer button to find the right RAM for your PC.

    Additionally, your computer has less than 4% free disk space available on the system's boot drive/partition. 15% free space is the minimum recommended amount for the stability of the operating system.
    As a consequence any tools I ask you to run may only do so very slowly, if at all.
    Do you have the original Windows installation media and applications installation media for your PC?
    If so, and if just a single hard drive is installed on your system, I would strongly recommend that you back up all your user data, perform a low-level reformat of the hard drive, partiton the drive as a single partition using all of the capacity of the hard disk (- for optimum performance in this case) and reinstall the operating system and applications software, performing all the software patches to bring the system up-to-date.

    If you would prefer to try to resolve the computer issues without reformatting the hard drive, please read these instructions carefully before executing and perform the steps, in the order given.
    lf you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before we proceed please make sure any open programs are closed.

    Step 1:
    DDS

    Please download DDS by sUBs. Save it to your Desktop.
    Alternate download link: here.

    1. Double-click the DDS tool to run the program.
    2. A black screen will open. Read the contents but do nothing.
    3. When DDS finishes Notepad will open two reports ... DDS.txt and Attach.txt
      The two report files are not saved anywhere. If you close Notepad before copying and pasting the contents, you will need to run DDS again.
    4. Copy and Paste the contents of the DDS.txt file into your next reply.
    5. Also Attach the Attach.txt file to your post.
    Step 2:
    GMER

    The downloaded file will have a random filename. This prevents malware from detecting and blocking it.

    Please download GMER ... random named.exe by GMER. An alternative (zip file) download is available here.
    IMPORTANT: Do not run any programs while GMER is running.
    CAUTION: Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.

    1. Double click on the random named.exe to execute. If asked, allow the gmer.sys driver load.
    2. If it gives you a warning about rootkit activity and asks if you want to run a scan click on NO. <--- Important!
    3. On the right side panel, several boxes have been checked. Please UNCHECK the following: (See image below.)
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All <-- don't miss this one

      [​IMG]
      Click on image to enlarge

    4. If you don't get a warning, then click on the Rootkit/Malware tab at the top of the GMER window.
    5. Click on the Scan button.
    6. Once the scan has finished, click on Save. The Save window will open.
    7. Save the scan results as ark.txt to your Desktop.
    8. Double-click on the ark.txt file on the Desktop to open it in Notepad.
    9. Copy and Paste the entire contents of ark.txt into your next reply.
    Step 3:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. DDS.txt.
    3. ark.txt.
    4. Do you have the original Windows installation media for your PC?
    5. Attachment(s) Required:
      • Attach.txt.

    Scolabar
     
  5. qwerdf

    qwerdf Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    35
    Hi Scolabar,

    Unfortunately, I do not have the original Windows Installation Media. Is there any way I can do what you suggested without the installation media? I decided to go on with your directions. Unfortunately, I was unable to fully scan my computer with GMER. I tried multiple times to scan my computer with GMER but either a) my computer froze or b) my computer turned off by itself. So I have just included the dds.txt and the attach.txt like you mentioned.


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
    Run by DBac at 13:37:40 on 2011-11-04
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.480.130 [GMT -7:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\LTSMMSG.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
    uInternet Connection Wizard,ShellNext = iexplore
    uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
    mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
    BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
    BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
    TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
    TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No File
    TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
    TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
    EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\ypager.exe" -quiet
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [WorkForce 520(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigia.exe /fu "c:\windows\temp\E_SB27.tmp" /EF "HKCU"
    uRun: [KeyboardManagerVerifier] rundll32.exe "c:\documents and settings\all users\application data\KeyboardManagerVerifier.dll",DllRegisterServer
    mRun: [LTSMMSG] LTSMMSG.exe
    mRun: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
    mRun: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
    mRun: [QuickFinder Scheduler] "c:\program files\corel\wordperfect office 2002\programs\QFSCHD100.EXE"
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Microsoft Works Update Detection] "c:\program files\common files\microsoft shared\works shared\WkUFind.exe"
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
    mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
    mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    dRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    dRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\diegob~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vaioac~1.lnk - c:\program files\sony\vaio action setup\VAServ.exe
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-us\local\search.html
    IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim95\aim.exe
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: Contains
    DPF: DownloadInformation - file://g:\workshop\install.cab
    DPF: InstalledVersion
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
    DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - hxxp://www.live365.com/players/play365.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{5095CBF0-242A-48F5-826B-7B086112AB76} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{B1F9C4DE-0403-45AA-8F11-9E30FA2DAE56} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{BA134AAE-3D05-499B-83D6-8481FF5E255E} : DhcpNameServer = 192.168.1.254
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\diego back\application data\mozilla\firefox\profiles\ngrkfmld.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\nos\bin\np_gp.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-12 294608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-12 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-12 40384]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-2 24652]
    R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [2011-1-4 816672]
    R3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [2002-4-24 807917]
    R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2002-4-24 175232]
    S2 gupdate1cadf534a566adc;Google Update Service (gupdate1cadf534a566adc);c:\program files\google\update\GoogleUpdate.exe [2010-4-18 133104]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-18 133104]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [2002-4-24 594668]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2011-10-31 10:30:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-14 07:33:47 1409 ----a-w- c:\windows\QTFont.for
    2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
    2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2006-07-09 01:08:18 448921 ------r- c:\program files\common files\atl49096.exe
    .
    ============= FINISH: 13:39:59.46 ===============
     

    Attached Files:

  6. Scolabar

    Scolabar

    Joined:
    Apr 15, 2011
    Messages:
    289
    Hi qwerdf,

    Apologies for the delay. I will get back to you as soon as my teacher has approved my next set of instructions.

    Scolabar
     
  7. Scolabar

    Scolabar

    Joined:
    Apr 15, 2011
    Messages:
    289
    Hi qwerdf,

    Thank you for the feedback and logs. (y)

    Firstly, without your original installation media you will be unable to reformat and reinstall your system.
    I'm afraid it is also unlikely you will be able to arrange for replacement media for the computer manufacturer given the apparent age of the machine. :(

    Don't worry about GMER. We'll leave that for the time being.

    Can you confirm whether or not your computer is connected to a network - either at home or otherwise?

    Please can you confirm whether or not you have installed/uninstalled any software or run any tools/utilites in the meantime?
    I would appreciate it you could refrain from doing so until after the computer has been declared to be clear of infection. Otherwise the cleanup process is likely to long-winded at best, if not fruitless.

    Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
    If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before we proceed please make sure any open programs are closed.

    Step 1:
    Create Recovery Console CD

    Please create a bootable Recovery Console CD in case we need to boot into the Recovery Console at a later stage.

    1. Download recovery_console_cd.zip and extract/unzip it to it's own folder.
    2. Download the correct floppy disk setup package for your operating system from Microsoft and save it to same the folder you extracted the recovery_console_cd.zip to.
    3. Rename the floppy disk setup package to Bootdisk.exe.
    4. Insert a blank CD into your burner.
    5. Now double-click RecoveryCD.bat and follow the prompts to burn a CD that will allow you to boot to the recovery console.
    Step 2:
    Batch - Registry Query

    1. Click on Start > Run.
    2. In the text entry box type:

      notepad

    3. Then click on the OK button.
    4. This will open an empty Notepad file.
    5. Copy and Paste the contents of the box below into the Notepad window:
      Code:
      @ echo off
      reg query "HKEY_LOCAL_MACHINE\System\CCS\Services\VxD\MSTCP" /s > "%userprofile%"\desktop\reglook.txt
      reg query "HKEY_LOCAL_MACHINE\System\CS1\Services\VxD\MSTCP" /s >> "%userprofile%"\desktop\reglook.txt
      reg query "HKEY_LOCAL_MACHINE\System\CS2\Services\VxD\MSTCP" /s >> "%userprofile%"\desktop\reglook.txt
      notepad "%userprofile%"\desktop\reglook.txt
      del reglook.txt
      del %0
    6. Click Format and ensure Wordwrap is Unchecked.
    7. Save as reglook.bat to the Desktop.
    8. Save as file type All Files or it won't work.
    9. Now double-click on reglook.bat to allow it to run the Registry fix.
      (A command prompt window will flash on the screen briefly.)
    10. Please Copy and Paste the contents of the file reglook.txt into your next reply.
    Step 3:
    Uninstall Programs

    Please remove the following programs.
    In addition, remove any others you no longer use/need to help free up more disk space (- instruction 6 of this step).

    1. Select Start > Control Panel > Add/Remove Programs.
    2. Scroll down the list of installed programs and select each of the following programs:

      Kazaa Media Desktop 2.0.2
      SideStep
      Viewpoint Manager (Remove Only)
      Viewpoint Media Player
      Viewpoint Toolbar
      Winamp Toolbar for Firefox
      Winamp Toolbar for Internet Explorer
      Windows Blaster Worm Removal Tool (KB833330)

    3. Click on the Remove button to uninstall the program.
    4. Click on the Yes button at the prompt.
    5. Repeat steps 4 to 6 for each of the above programs.
    6. In addition, also repeat steps 4 to 6 for any other programs you no longer need.
    7. Close the Add/Remove Programs control panel when the removals have been completed.
    8. Restart the computer to complete removal of the programs.
    Step 4:
    TFC

    1. Please download TFC.exe by Old Timer. Save it to your Desktop.
      Print these instructions. Save any unsaved work. TFC will close ALL open programs including your browser!
    2. Double-click on TFC.exe to run it.
    3. TFC will now begin cleaning up the "temp" files.
      Note: This process may take only a few seconds or it could take several minutes, depending on the amount of temp files found.
    4. If prompted to reboot, click on the Yes button to confirm.
    ! IMPORTANT ! If TFC prompts you to reboot, please do so immediately, before proceeding with any other steps or other use of your computer.

    Step 5:
    GooredFix

    1. Please download GooredFix.exe by jpshortstuff and save it to your Desktop.
      Alternate Site.
    2. Ensure all Firefox windows are closed.
    3. Double-click GooredFix.exe to run the program.
    4. When prompted to run the scan, click on the Yes button.
    5. GooredFix will check for infections and then a log file will automatically open, named GooredFix.txt.
    6. Please Copy and Paste the entire contents of the GooredFix.txt file into your next reply.
    Step 6:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. Is your computer connected to a network - either at home or otherwise?
    3. Have you installed/uninstalled any software or run any tools/utilites since the earlier HijackThis log?
      If so, please list the programs/tools installed/uninstalled or run.
    4. reglook.txt.
    5. GooredFix.txt.
    6. How is the computer now running?

    Scolabar
     
  8. qwerdf

    qwerdf Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    35
    Thanks again Scolabar. I have one quick question, however. I am not sure which version of the floppy disk setup package I should download. I have service pack 3 and I believe Microsoft does not have the setup package for service pack 3. Should I just go ahead and download the setup package for service pack 2?
     
  9. Scolabar

    Scolabar

    Joined:
    Apr 15, 2011
    Messages:
    289
    Hi qwerdf,

    Yes. Please go ahead and use the SP2 setup package. (y)

    Scolabar
     
  10. qwerdf

    qwerdf Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    35
    Hello Scolabar,

    I have completed all the steps from your previous post. For step 2, however, the contents of reglook.txt were empty. From the command prompt I was getting the following messages,

    Error: The System was unable to find the specified registry key or value.
    Error: The System was unable to find the specified registry key or value.
    Error: The System was unable to find the specified registry key or value.

    I decided to go ahead and continue the steps anyway. I hope this is okay. For step 3 I was not able to uninstall some programs. I would try to uninstall sidestep but nothing would happen. When I tried to uninstall Kazaa Media Desktop 2.0.2 I would get the following message,

    Error loading C:\Windows\System32\cd-clint.dll
    The specified module could not be found.

    I did manage to uninstall other programs that I currently do not use.

    With respect to my network, I have a wireless home network. Also, to the best of my knowledge there has not been any installation/uninstallation of any software or running of tools/utilities since the HijackThis log. Since then the only programs that have been used are microsoft word and excel. Is this okay? If not my family members and I will refrain from using them. Here are the contents of GooredFix.txt,

    GooredFix by jpshortstuff (03.07.10.1)
    Log created at 17:53 on 08/11/2011 (DBac)
    Firefox version 6.0.2 (en-US)
    ========== GooredScan ==========
    Deleting "C:\Documents and Settings\DBac\Application Data\Mozilla\Firefox\Profiles\ngrkfmld.default\extensions\{0234eb66-0fe7-4aff-b041-fe80b10dd2e5}" -> Success!
    Deleting "C:\Documents and Settings\DBac\Application Data\Mozilla\Firefox\Profiles\ngrkfmld.default\extensions\{130d2036-15c6-4892-afaa-6953bd998b96}" -> Success!
    Deleting "C:\Documents and Settings\DBac\Application Data\Mozilla\Firefox\Profiles\ngrkfmld.default\extensions\{516a3033-d554-46dd-b0d5-1f0dec066371}" -> Success!
    Deleting "C:\Documents and Settings\DBac\Application Data\Mozilla\Firefox\Profiles\ngrkfmld.default\extensions\{5414996c-bfab-4627-bdce-3e620919a213}" -> Success!
    Deleting "C:\Documents and Settings\DBac\Application Data\Mozilla\Firefox\Profiles\ngrkfmld.default\extensions\{d265feb0-21bf-455e-8cb7-fa598098ba13}" -> Success!
    Deleting "C:\Documents and Settings\DBac\Application Data\Mozilla\Firefox\Profiles\ngrkfmld.default\extensions\{e60cab62-f168-4216-841f-a8867effb928}" -> Success!
    ========== GooredLog ==========
    C:\Program Files\Mozilla Firefox\extensions\
    {972ce4c6-7e08-4474-a285-3208198ce6fd} [06:00 25/03/2011]
    {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [09:26 14/03/2010]
    C:\Documents and Settings\DBac\Application Data\Mozilla\Firefox\Profiles\ngrkfmld.default\extensions\
    (none)
    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    "[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [09:25 14/03/2010]
    "{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [03:14 15/07/2011]
    -=E.O.F=-
     
  11. Scolabar

    Scolabar

    Joined:
    Apr 15, 2011
    Messages:
    289
    Hi qwerdf,

    Thank you for the feedback and logs. :)

    This should be fine. :thumbright: However, it would be advisable, for the other users refrain from using the computer until it has been declared clean, if practical. ;)

    Given the issues you encountered with the last set of instructions you omitted to let me know how the computer is now running.

    Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
    If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before we proceed please make sure any open programs are closed.

    Step 1:
    Re-Run Batch - Registry Query

    Let's try re-running the Batch - Registry Query using revised code:

    1. Click on Start > Run.
    2. In the text entry box type:

      notepad
    3. Then click on the OK button.
    4. This will open an empty Notepad file.
    5. Copy and Paste the contents of the box below into the Notepad window:
      Code:
      @ echo off
      reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP" /s > "%userprofile%"\desktop\reglook.txt
      reg query "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VxD\MSTCP" /s >> "%userprofile%"\desktop\reglook.txt
      reg query "HKEY_LOCAL_MACHINE\System\ControlSet002\Services\VxD\MSTCP" /s >> "%userprofile%"\desktop\reglook.txt
      notepad "%userprofile%"\desktop\reglook.txt
      del reglook.txt
      del %0
    6. Click Format and ensure Wordwrap is Unchecked.
    7. Save as reglook.bat to the Desktop.
    8. Save as file type All Files or it won't work.
    9. Now double-click on reglook.bat to allow it to run the Registry fix.
      (A command prompt window will flash on the screen briefly.)
    10. Please Copy and Paste the contents of the file reglook.txt into your next reply.
    Step 2:
    Revo Uninstaller

    Uninstall programs and remove remnants left from previous uninstalls.
    Tutorial with screen shots available here, if needed.

    1. Please download Revo Uninstaller Free and Save it to your Desktop.
    2. Double-click on revosetup.exe to install the program. Accept the default installation options.
    3. Double-click Revo Uninstaller from the Start Menu programs list, to run it.
    4. From the list of programs click on (one at a time if more than one program is listed):

      SideStep
      Kazaa Media Desktop 2.0.2

    5. Select Uninstall. When prompted click on the Yes button.
    6. Make sure the Moderate option is checked and then click on the Next button.
    7. The program will now run.
    8. When prompted, click on the Yes button and then the Next button to continue.
    9. Once the program has searched for leftovers, click on the Next button.
    10. Check ONLY the bolded items in the list.
    11. Click on the Next button and then the Yes button to complete the removal of the program.
    12. When done click on the Finish button.
      The problem program(s) should now be removed. Please repeat the instructions for each of the programs listed above.
    Step 3:
    Online Multi Anti-Virus File Scan

    I need to ask you to upload a file for further inspection.

    1. Please go to either:
      VirusTotal or Jotti in order to upload the following file(s) for scanning:

      c:\program files\common files\atl49096.exe

    2. Navigate to and select the file(s) to be uploaded - only one file per scan.
    3. Click on the Send/Submit button as appropriate. The file will upload to VirusTotal/Jotti, where it will be scanned by several Anti-Virus programmes.
    4. Please wait for all the scanners to finish.
    5. Then Copy and Paste the results in your next reply.
    Step 4:
    OTL - Scan

    1. Please download OTL by Old Timer. Save it to your Desktop.
    2. Double click on OTL.exe to run the program.
    3. Under Output, ensure that the Minimal Output option is selected.
    4. Click the Scan All Users checkbox.
      Note: Please leave the remaining selections on the default settings.
    5. Click on Run Scan at the top left hand corner.
    6. When done, two Notepad files will automatically open:
      • OTL.txt <-- Will be opened, maximized.
      • Extras.txt <-- Will be minimized on task bar.
    7. Please Copy and Paste the entire contents of both OTL.txt and Extras.txt files into your next reply.
    Step 5:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. reglook.txt.
    3. All the Jotti scan results or Virus Total scan results.
    4. OTL.txt.
    5. Extras.txt.
    6. How is the computer now running?

    Scolabar
     
  12. qwerdf

    qwerdf Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    35
    Hi Scolabar,

    I am still having trouble completing step 1. I run the batch file like you mention and the command prompt opens up this time empty without warnings. The reglook.txt file also opens up with empty contents but within notepad there is another window saying that "Access is denied".
     
  13. Scolabar

    Scolabar

    Joined:
    Apr 15, 2011
    Messages:
    289
    Hi qwerdf,

    Thankyou for the update and apologies again for the inconvenience.
    Please leave the Registry Query step for the time being and continue with the remainder of the instructions.

    Scolabar
     
  14. qwerdf

    qwerdf Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    35
    Hi Scolabar,

    Other than the Registry Query there wasn't really any problems carrying out the instructions. For step 2, SideStep and Kazaa Media Desktop were successfully uninstalled. The contents of Virus Total Scan, OTL.txt, Extras.txt will be posted below. As for the computer and the internet, everything seems to be running fine. I made some test searches on google and there were no redirects when I clicked on the links. Here are the results:

    Virus Total Scan:
    0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
    File name: atl49096.exe
    Submission date: 2011-11-12 05:34:16 (UTC)
    Current status: queued (#4) queued analysing finished

    Result: 0/ 42 (0.0%)


    Antivirus Version Last Update Result
    AhnLab-V3 2011.11.11.02 2011.11.11 -
    AntiVir 7.11.17.145 2011.11.11 -
    Antiy-AVL 2.0.3.7 2011.11.12 -
    Avast 6.0.1289.0 2011.11.11 -
    AVG 10.0.0.1190 2011.11.11 -
    BitDefender 7.2 2011.11.12 -
    ByteHero 1.0.0.1 2011.11.04 -
    CAT-QuickHeal 11.00 2011.11.12 -
    ClamAV 0.97.3.0 2011.11.12 -
    Commtouch 5.3.2.6 2011.11.12 -
    Comodo 10752 2011.11.12 -
    Emsisoft 5.1.0.11 2011.11.12 -
    eSafe 7.0.17.0 2011.11.10 -
    eTrust-Vet 37.0.9564 2011.11.11 -
    F-Prot 4.6.5.141 2011.11.12 -
    F-Secure 9.0.16440.0 2011.11.12 -
    Fortinet 4.3.370.0 2011.11.12 -
    GData 22 2011.11.12 -
    Ikarus T3.1.1.109.0 2011.11.11 -
    Jiangmin 13.0.900 2011.11.11 -
    K7AntiVirus 9.119.5443 2011.11.11 -
    Kaspersky 9.0.0.837 2011.11.12 -
    McAfee 5.400.0.1158 2011.11.12 -
    McAfee-GW-Edition 2010.1D 2011.11.11 -
    Microsoft 1.7801 2011.11.11 -
    NOD32 6622 2011.11.12 -
    Norman 6.07.13 2011.11.11 -
    nProtect 2011-11-11.01 2011.11.11 -
    Panda 10.0.3.5 2011.11.11 -
    PCTools 8.0.0.5 2011.11.12 -
    Prevx 3.0 2011.11.12 -
    Rising 23.83.04.03 2011.11.11 -
    Sophos 4.71.0 2011.11.12 -
    SUPERAntiSpyware 4.40.0.1006 2011.11.12 -
    Symantec 20111.2.0.82 2011.11.12 -
    TheHacker 6.7.0.1.342 2011.11.11 -
    TrendMicro 9.500.0.1008 2011.11.12 -
    TrendMicro-HouseCall 9.500.0.1008 2011.11.12 -
    VBA32 3.12.16.4 2011.11.11 -
    VIPRE 11026 2011.11.12 -
    ViRobot 2011.11.11.4769 2011.11.12 -
    VirusBuster 14.1.59.0 2011.11.11 -


    Additional information Show all
    MD5 : 1ad427be62a4a4c3b57e433aaaf29ad9
    SHA1 : 8579db0d64fb50b9c5c5c53eeeaf17a3841c17c7
    SHA256: df586a38fa27ae94ca6452c67ce080e4f68892198e9eb1e296588baacb235edc
    ssdeep: 12288:7gwvzdkUgC5xc0OtCrmJURYFOOMOx1Wq3pWgZxvn/oEk8whun1dWT6XMNtTJVtcD:7gwv
    zOUgCnNOtCrmJURYFOOMO1WqZWg7
    File size : 448921 bytes
    First seen: 2011-11-12 05:34:16
    Last seen : 2011-11-12 05:34:16
    TrID:
    Unknown!
    sigcheck:
    publisher....: n/a
    copyright....: n/a
    product......: n/a
    description..: n/a
    original name: n/a
    internal name: n/a
    file version.: n/a
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned

    ExifTool:
    file metadata
    Error: File format error
    FileSize: 438 kB


    OTL.txt
    OTL logfile created on: 11/11/2011 9:50:51 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\DBac\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

    479.53 Mb Total Physical Memory | 250.33 Mb Available Physical Memory | 52.20% Memory free
    1.10 Gb Paging File | 0.87 Gb Available in Paging File | 79.10% Paging File free
    Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 15.99 Gb Total Space | 1.86 Gb Free Space | 11.60% Space Free | Partition Type: NTFS
    Drive D: | 39.91 Gb Total Space | 39.87 Gb Free Space | 99.89% Space Free | Partition Type: NTFS

    Computer Name: BACK | User Name: DBac | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\DBac\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
    PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
    PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
    PRC - C:\WINDOWS\LTSMMSG.exe (Lucent Technologies)
    PRC - C:\Program Files\Sony\VAIO Action Setup\VAServ.exe (Sony Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Alwil Software\Avast5\defs\11111101\algo.dll ()
    MOD - C:\Program Files\Alwil Software\Avast5\defs\11111101\aswRep.dll ()
    MOD - C:\Program Files\Alwil Software\Avast5\aswDld.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (AppMgmt) -- File not found
    SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
    SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
    DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (AE1000) -- C:\WINDOWS\system32\drivers\AE1000XP.sys (Ralink Technology, Corp.)
    DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
    DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
    DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
    DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
    DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
    DRV - (SMBE) Sony MPEG2 Encoder Board (WDM) -- C:\WINDOWS\system32\drivers\Smbe.sys (Sony Corporation)
    DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
    DRV - (LucentSoftModem) -- C:\WINDOWS\system32\drivers\LTSM.sys (Lucent Technologies)
    DRV - (SiS7012) Service for AC'97 Sample Driver (WDM) -- C:\WINDOWS\system32\drivers\sis7012.sys (Silicon Integrated Systems Corporation)
    DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys ()
    DRV - (SONYWBMS) Sony Memory Stick controller(WB) -- C:\WINDOWS\system32\drivers\SonyWBMS.sys (Sony Corporation)
    DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation)
    DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
    DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
    DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/customize/ymsgr/defaults/cs/*http://www.yahoo.com/ext/search/search.html


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 28 75 05 04 38 DC 4C 48 82 24 5F 72 89 BD 59 9C [binary data]
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 28 75 05 04 38 DC 4C 48 82 24 5F 72 89 BD 59 9C [binary data]
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 28 75 05 04 38 DC 4C 48 82 24 5F 72 89 BD 59 9C [binary data]
    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 28 75 05 04 38 DC 4C 48 82 24 5F 72 89 BD 59 9C [binary data]
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3802400216-173008773-135449575-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
    IE - HKU\S-1-5-21-3802400216-173008773-135449575-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKU\S-1-5-21-3802400216-173008773-135449575-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 28 75 05 04 38 DC 4C 48 82 24 5F 72 89 BD 59 9C [binary data]
    IE - HKU\S-1-5-21-3802400216-173008773-135449575-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 57192

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/08 17:17:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/08 17:17:27 | 000,000,000 | ---D | M]

    [2009/12/10 14:30:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DBac\Application Data\Mozilla\Extensions
    [2011/11/08 17:53:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DBac\Application Data\Mozilla\Firefox\Profiles\ngrkfmld.default\extensions
    [2011/03/24 22:00:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/03/14 01:25:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/07/15 19:43:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/09/06 15:25:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2010/01/01 00:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    ========== Chrome ==========

    CHR - default_search_provider: ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - Extension: No name found = C:\Documents and Settings\DBac\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\
    CHR - Extension: No name found = C:\Documents and Settings\DBac\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

    O1 HOSTS File: ([2010/03/13 01:17:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\Drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
    O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
    O3 - HKU\S-1-5-21-3802400216-173008773-135449575-1005\..\Toolbar\ShellBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKU\S-1-5-21-3802400216-173008773-135449575-1005\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
    O3 - HKU\S-1-5-21-3802400216-173008773-135449575-1005\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
    O4 - HKLM..\Run: [LTSMMSG] C:\WINDOWS\LTSMMSG.exe (Lucent Technologies)
    O4 - HKLM..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" File not found
    O4 - HKLM..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize File not found
    O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE (Novell, Inc., c/o Corel Corporation Limited)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
    O4 - HKLM..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe (Support.com, Inc.)
    O4 - HKU\.DEFAULT..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKU\S-1-5-18..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKU\S-1-5-21-3802400216-173008773-135449575-1005..\Run: [KeyboardManagerVerifier] rundll32.exe "C:\Documents and Settings\All Users\Application Data\KeyboardManagerVerifier.dll",DllRegisterServer File not found
    O4 - HKU\S-1-5-21-3802400216-173008773-135449575-1005..\Run: [WorkForce 520(Network)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGIA.EXE (SEIKO EPSON CORPORATION)
    O4 - HKU\S-1-5-21-3802400216-173008773-135449575-1005..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe (Sony Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3802400216-173008773-135449575-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3802400216-173008773-135449575-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-3802400216-173008773-135449575-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-3802400216-173008773-135449575-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 2.0\resources\en-us\local\search.html ()
    O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O15 - HKU\S-1-5-21-3802400216-173008773-135449575-1005\..Trusted Domains: ([]msn in My Computer)
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe (Reg Error: Key error.)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} http://www.live365.com/players/play365.cab (Live365Player Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Contains Reg Error: Key error. (Reg Error: Key error.)
    O16 - DPF: DownloadInformation Reg Error: Key error. (Reg Error: Key error.)
    O16 - DPF: InstalledVersion Reg Error: Key error. (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5095CBF0-242A-48F5-826B-7B086112AB76}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1F9C4DE-0403-45AA-8F11-9E30FA2DAE56}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA134AAE-3D05-499B-83D6-8481FF5E255E}: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\DBac\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\DBac\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/10/05 12:23:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2007/10/05 12:23:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.CAM -- [ NTFS ]
    O33 - MountPoints2\{3915c928-17ad-11e0-a489-00e0187c34c1}\Shell - "" = AutoRun
    O33 - MountPoints2\{3915c928-17ad-11e0-a489-00e0187c34c1}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{3915c928-17ad-11e0-a489-00e0187c34c1}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
    O33 - MountPoints2\{6ac3c2b1-36de-11e0-a48e-687f74725ee5}\Shell - "" = AutoRun
    O33 - MountPoints2\{6ac3c2b1-36de-11e0-a48e-687f74725ee5}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{6ac3c2b1-36de-11e0-a48e-687f74725ee5}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/11 21:49:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DBac\Desktop\OTL.exe
    [2011/11/11 21:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2011/11/11 21:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DBac\Start Menu\Programs\Revo Uninstaller
    [2011/11/11 21:22:20 | 002,617,176 | ---- | C] (VS Revo Group Ltd.) -- C:\Documents and Settings\DBac\Desktop\revosetup.exe
    [2011/11/08 17:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DBac\Desktop\GooredFix Backups
    [2011/11/08 17:52:27 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\DBac\Desktop\GooredFix.exe
    [2011/11/08 17:36:55 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DBac\Desktop\TFC.exe
    [2011/11/08 17:14:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2011/11/07 13:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DBac\Desktop\recoverycd
    [2011/11/04 12:37:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\DBac\My Documents\My Videos
    [2011/11/04 12:37:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
    [2011/11/04 12:37:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\DBac\Start Menu\Programs\Administrative Tools
    [2011/11/04 12:36:47 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\DBac\Desktop\dds.com
    [2 C:\Documents and Settings\DBac\Desktop\*.tmp files -> C:\Documents and Settings\DBac\Desktop\*.tmp -> ]
    [1 C:\Documents and Settings\DBac\My Documents\*.tmp files -> C:\Documents and Settings\DBac\My Documents\*.tmp -> ]
    [1 C:\Documents and Settings\DBac\*.tmp files -> C:\Documents and Settings\DBac\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/11/11 21:51:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/11/11 21:49:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DBac\Desktop\OTL.exe
    [2011/11/11 21:23:06 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\DBac\Desktop\Revo Uninstaller.lnk
    [2011/11/11 21:22:33 | 002,617,176 | ---- | M] (VS Revo Group Ltd.) -- C:\Documents and Settings\DBac\Desktop\revosetup.exe
    [2011/11/11 17:24:17 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/11/11 15:51:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/11/11 13:27:28 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\DBac\Desktop\Microsoft Office Word 2007.lnk
    [2011/11/08 17:52:27 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\DBac\Desktop\GooredFix.exe
    [2011/11/08 17:45:34 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
    [2011/11/08 17:44:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/11/08 17:44:26 | 502,894,592 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/08 17:36:59 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DBac\Desktop\TFC.exe
    [2011/11/08 17:16:59 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
    [2011/11/07 13:17:17 | 000,296,972 | ---- | M] () -- C:\Documents and Settings\DBac\Desktop\recovery_console_cd.zip
    [2011/11/06 14:42:45 | 000,433,122 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/11/06 14:42:45 | 000,067,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/11/04 16:27:42 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3802400216-173008773-135449575-1005.job
    [2011/11/04 12:53:31 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\DBac\Desktop\ve0wcnjw.exe
    [2011/11/04 12:49:33 | 000,004,094 | ---- | M] () -- C:\Documents and Settings\DBac\Desktop\attach.zip
    [2011/11/04 12:37:04 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\DBac\Desktop\dds.com
    [2011/10/31 02:30:29 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2011/10/30 23:33:35 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\DBac\Application Data\6b11d0f8
    [2011/10/30 23:32:14 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\DBac\Application Data\8bcc2f07
    [2011/10/30 23:31:41 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\DBac\Application Data\9c69a702
    [2011/10/30 16:09:10 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3802400216-173008773-135449575-1005.job
    [2011/10/29 16:05:31 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\DBac\Application Data\e369dff8
    [2011/10/27 20:05:25 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2 C:\Documents and Settings\DBac\Desktop\*.tmp files -> C:\Documents and Settings\DBac\Desktop\*.tmp -> ]
    [1 C:\Documents and Settings\DBac\My Documents\*.tmp files -> C:\Documents and Settings\DBac\My Documents\*.tmp -> ]
    [1 C:\Documents and Settings\DBac\*.tmp files -> C:\Documents and Settings\DBac\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/11/11 21:23:06 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\DBac\Desktop\Revo Uninstaller.lnk
    [2011/11/07 13:17:10 | 000,296,972 | ---- | C] () -- C:\Documents and Settings\DBac\Desktop\recovery_console_cd.zip
    [2011/11/04 12:53:28 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\DBac\Desktop\ve0wcnjw.exe
    [2011/11/04 12:49:33 | 000,004,094 | ---- | C] () -- C:\Documents and Settings\DBac\Desktop\attach.zip
    [2011/10/07 18:32:30 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\DBac\Application Data\e369dff8
    [2011/10/04 17:31:28 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\DBac\Application Data\9c69a702
    [2011/10/04 17:30:37 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\DBac\Application Data\8bcc2f07
    [2011/10/04 16:44:22 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\DBac\Application Data\6b11d0f8
    [2011/09/15 19:11:56 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2011/07/09 12:36:37 | 000,023,604 | ---- | C] () -- C:\Documents and Settings\DBac\Application Data\B502.2BC
    [2011/02/11 00:43:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
    [2011/01/22 18:50:49 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2011/01/22 18:50:47 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
    [2011/01/22 18:50:47 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
    [2011/01/22 18:50:47 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
    [2011/01/22 18:50:47 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
    [2011/01/22 18:50:47 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
    [2011/01/22 18:50:47 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
    [2011/01/22 18:50:47 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
    [2011/01/22 18:50:47 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
    [2011/01/22 18:50:47 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
    [2011/01/22 18:50:47 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
    [2011/01/22 18:50:47 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
    [2011/01/22 18:50:47 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
    [2011/01/22 18:50:47 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
    [2011/01/22 18:50:47 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
    [2011/01/22 18:50:47 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
    [2011/01/22 18:43:30 | 000,000,063 | ---- | C] () -- C:\WINDOWS\EWF520.ini
    [2011/01/03 23:02:40 | 000,013,931 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
    [2010/08/25 12:48:46 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
    [2010/02/22 09:04:56 | 000,012,784 | -HS- | C] () -- C:\Documents and Settings\DBac\Local Settings\Application Data\6SaHima0v
    [2008/10/16 18:27:58 | 000,000,058 | ---- | C] () -- C:\WINDOWS\OSA.INI
    [2008/08/18 20:25:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2008/05/24 20:51:37 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2007/10/02 18:08:06 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
    [2005/12/07 22:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\kwv2.dat
    [2005/06/22 09:00:59 | 000,000,196 | R--- | C] () -- C:\WINDOWS\htwtb.bin
    [2005/05/20 19:36:04 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2005/04/19 22:04:37 | 000,448,921 | R--- | C] () -- C:\Program Files\Common Files\atl49096.exe
    [2003/11/26 19:13:04 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2003/10/27 16:48:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TEXTART.INI
    [2003/08/30 10:06:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winstt32.dat
    [2003/07/20 22:06:00 | 000,004,035 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2003/07/20 22:04:43 | 000,000,016 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2003/07/19 19:42:28 | 000,004,094 | ---- | C] () -- C:\WINDOWS\System32\rtcsses.dll
    [2003/07/19 19:42:28 | 000,004,094 | ---- | C] () -- C:\WINDOWS\System32\dimces.dll
    [2003/05/27 21:38:20 | 000,000,636 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2003/05/06 19:54:07 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
    [2003/01/13 22:09:48 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
    [2003/01/13 22:07:44 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2002/11/20 20:33:32 | 000,000,031 | ---- | C] () -- C:\WINDOWS\AUTHMGR.INI
    [2002/09/25 17:41:24 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
    [2002/09/23 16:17:16 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
    [2002/09/20 11:38:02 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\DBac\Application Data\PFP100JPR.{PB
    [2002/09/20 11:38:02 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\DBac\Application Data\PFP100JCM.{PB
    [2002/09/20 11:24:00 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\DBac\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2002/05/25 01:59:44 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
    [2002/05/25 01:59:44 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
    [2002/04/26 01:06:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2002/04/25 14:13:18 | 000,000,793 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2002/04/25 14:13:18 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
    [2002/04/25 14:13:17 | 000,007,406 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
    [2002/04/25 14:09:33 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
    [2002/04/25 14:09:10 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
    [2002/04/25 14:08:09 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\Asfv2.dll
    [2002/04/25 13:48:04 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
    [2002/04/24 16:36:03 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\srvkp.sys
    [2002/04/24 16:35:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
    [2002/04/24 16:35:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
    [2002/04/24 16:35:18 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
    [2002/04/24 16:35:18 | 000,086,275 | ---- | C] () -- C:\WINDOWS\System32\waitwnd.exe
    [2002/04/24 10:47:28 | 000,000,855 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2002/04/24 10:42:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2002/04/24 10:39:34 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2002/04/24 10:32:17 | 000,311,912 | ---- | C] () -- C:\WINDOWS\Q320174.exe
    [2002/04/24 10:32:14 | 002,931,304 | ---- | C] () -- C:\WINDOWS\Q317277.exe
    [2002/04/24 10:32:13 | 000,621,672 | ---- | C] () -- C:\WINDOWS\Q316134.exe
    [2002/04/24 10:32:11 | 000,487,016 | ---- | C] () -- C:\WINDOWS\Q315403.EXE
    [2002/04/24 10:32:10 | 000,599,144 | ---- | C] () -- C:\WINDOWS\Q315000.EXE
    [2002/04/24 10:32:10 | 000,234,088 | ---- | C] () -- C:\WINDOWS\Q314147.exe
    [2002/04/24 10:32:09 | 000,605,288 | ---- | C] () -- C:\WINDOWS\Q312368.EXE
    [2002/04/24 10:32:09 | 000,329,320 | ---- | C] () -- C:\WINDOWS\Q312131.exe
    [2002/04/24 10:32:08 | 000,290,920 | ---- | C] () -- C:\WINDOWS\Q311889.EXE
    [2002/04/24 10:32:06 | 002,039,400 | ---- | C] () -- C:\WINDOWS\Q309521.exe
    [2002/04/24 10:32:06 | 000,474,728 | ---- | C] () -- C:\WINDOWS\Q308677.EXE
    [2002/04/24 10:32:06 | 000,162,920 | ---- | C] () -- C:\WINDOWS\Q309056.exe
    [2002/04/24 10:32:05 | 000,359,016 | ---- | C] () -- C:\WINDOWS\Q308402.EXE
    [2002/04/24 10:32:05 | 000,188,520 | ---- | C] () -- C:\WINDOWS\Q307274.exe
    [2002/04/24 10:32:05 | 000,159,336 | ---- | C] () -- C:\WINDOWS\Q307271.exe
    [2002/04/24 10:32:04 | 000,240,232 | ---- | C] () -- C:\WINDOWS\Q306583.exe
    [2002/04/24 10:30:54 | 000,000,672 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2002/04/24 10:30:37 | 000,433,122 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2002/04/24 10:30:37 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2002/04/24 10:30:37 | 000,067,952 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2002/04/24 10:30:37 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2002/04/24 10:30:36 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2002/04/24 10:30:36 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2002/04/24 10:30:35 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2002/04/24 10:30:34 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2002/04/24 10:30:34 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2002/04/24 10:30:30 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2002/04/24 10:30:23 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2002/04/24 03:36:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2002/04/24 03:35:21 | 000,226,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    < End of report >
    Extras.txt
    OTL Extras logfile created on: 11/11/2011 9:50:52 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\DBac\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

    479.53 Mb Total Physical Memory | 250.33 Mb Available Physical Memory | 52.20% Memory free
    1.10 Gb Paging File | 0.87 Gb Available in Paging File | 79.10% Paging File free
    Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 15.99 Gb Total Space | 1.86 Gb Free Space | 11.60% Space Free | Partition Type: NTFS
    Drive D: | 39.91 Gb Total Space | 39.87 Gb Free Space | 99.89% Space Free | Partition Type: NTFS

    Computer Name: BAC | User Name: DBac | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-3802400216-173008773-135449575-1005\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 4

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
    "C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\InvokeSvc2.exe" = C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\InvokeSvc2.exe:*:Enabled:Wireless Network Monitor
    "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager.exe -- (SEIKO EPSON CORPORATION)
    "C:\Program Files\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe" = C:\Program Files\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe:*:Enabled:EpsonNet Setup -- (SEIKO EPSON CORPORATION)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00000000-3976-4267-9F39-1DC4745090B7}" = Microsoft Learning and Research Plus Support Files
    "{00609F70-5043-4C20-895A-D6EF7ACE9304}" = PicoPlayerSplashScreen
    "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
    "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
    "{197A2B90-A998-4603-9B25-2B7D7CC0060E}" = Screenblast Sound Forge 1.0b
    "{1EE377F9-1FBC-440E-82EB-7B8A1EDDEE52}" = SonicStage CD-R Writing Module
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{21CF3E6E-1659-433E-B6CE-165D793560DA}" = VAIO Grid Wallpaper
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
    "{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002 OEM
    "{29F61465-428A-11D4-B646-00C04F790F76}" = DVgate
    "{2B9FBAE1-5016-4F14-B452-E6874A3C1284}" = VAIO Clock Screen Saver
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3C67D8C0-F0EC-11D3-99D3-00C04FCCB775}" = VAIO Action Setup
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{48BE827A-2D06-4804-90C3-4F2F8460F9D4}" = Support Actions Win2K,WinXP
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B6F4C00-E935-11D3-A98A-0080986030D9}" = Smart Capture
    "{4D612FB2-1AE7-4E46-9377-35BB2F06A787}" = Roxio Media Manager
    "{5C70C75F-A265-4C62-B90F-8F80AA69F262}" = PicoPlayer Demo
    "{6060E6A1-5342-4D2B-8F66-B6D6E20BBD03}" = VAIO Help & Support
    "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
    "{662E1348-3D8D-4BCE-B345-BF7EB40308FD}" = Screenblast ACID 2.0a
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony DV Shared Library
    "{6DF804A8-2CC2-4D22-A958-4534F6EC3C76}" = VAIO Registration
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72275927-4241-46A7-A9C4-B86C6B256EB6}" = ImageStation Demo
    "{7443EC4E-DCEB-4B10-8888-CBFB5E7108D9}" = Experience VAIO
    "{7B7044AE-6D1F-456D-B2BA-28BFFFAF3F71}" = Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
    "{802EF464-4992-42B3-8434-45151AD3C933}" = VAIO Serenus Wallpaper
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A54B9A7-24FC-11D5-AEEB-003065C8BCFC}" = SAT Diagnostic
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = 2Wire Wireless Client
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
    "{ACEC9C3E-0100-4EBE-B298-35A2145828A0}" = VAIO Brezza Wallpaper
    "{AD3B1DDF-52AD-405E-B931-7ACF76937E5F}" = ImageStation
    "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    "{BC3ADBE9-5556-4612-8357-5225C8F9E19F}" = PicoPlayer
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1A0A3F9-C302-4A18-A2E0-71C927D24652}" = Epson Easy Photo Print 2
    "{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
    "{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}" = VAIO System Information
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D01C70E7-2ABF-11D1-B36D-444553540000}" = CNC WorkShop
    "{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
    "{D4A49B00-02F8-11D5-B64D-00C04F790F76}" = MovieShaker 3.3
    "{E2069DE3-5924-4766-A385-CDA273885A31}" = DigitalPrint 1.1
    "{E24A0015-C73F-4B57-B8DF-5EB84D2E9685}" = Adobe Flash Player 10 ActiveX
    "{E535DC62-56D6-11D5-8AE3-00105A7276CD}" = SonicStage 1.2.00
    "{E84D2015-4FEB-40CC-A2DD-1A6B8BAC2429}" = OpenMG Secure Module 3.0.03
    "{F8C04C5B-8876-424D-B428-23626373D2A0}" = BlackBerry Desktop Software 5.0
    "2Wire SetupWiz" = AT&T Yahoo! High Speed Internet Home Networking Installer
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
    "AOL Toolbar" = AOL Toolbar 2.0
    "BlackBerry_{F8C04C5B-8876-424D-B428-23626373D2A0}" = BlackBerry Desktop Software 5.0
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "EarthLink TotalAccess 2003" = EarthLink TotalAccess 2003
    "EEPPPlugIn" = Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
    "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
    "EPSON Scanner" = EPSON Scan
    "EPSON WorkForce 520 Series" = EPSON WorkForce 520 Series Printer Uninstall
    "ERUNT_is1" = ERUNT 1.1j
    "ESET Online Scanner" = ESET Online Scanner v3
    "Google Chrome" = Google Chrome
    "GRE POWERPREP" = GRE POWERPREP
    "HijackThis" = HijackThis 2.0.2
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "hp deskjet 3820 series" = hp deskjet 3820 series (Remove only)
    "hp instant support" = hp instant support
    "ie8" = Windows Internet Explorer 8
    "Lucent Technologies Soft Modem" = Lucent Technologies Soft Modem AMR
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Motion JPEG Software Decoder" = Motion JPEG Software Decoder
    "Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
    "MSNMS" = MSN Internet Software
    "NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
    "Quicken 2002 New User Edition" = Quicken 2002 New User Edition
    "QuickTime" = QuickTime
    "RealProducer 8.5" = RealProducer Basic 8.5
    "Revo Uninstaller" = Revo Uninstaller 1.93
    "Shockwave" = Shockwave
    "SideStep" = SideStep
    "SiS Compatible VGA V2.07f.01" = SiS Compatible VGA V2.07f.01
    "SiS7012" = SiS Audio Driver
    "Sony on Yahoo! Essentials" = Sony on Yahoo! Essentials
    "VAIO Support" = VAIO Support
    "VRMLBrowser" = MS VRML2 Control
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/12/2011 1:37:19 AM | Computer Name = BAC | Source = ESENT | ID = 439
    Description = wuauclt (3456) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb.
    Error -1022.

    Error - 11/12/2011 1:37:20 AM | Computer Name = BAC | Source = ESENT | ID = 485
    Description = wuauclt (432) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
    failed with system error 1392 (0x00000570): "The file or directory is corrupted
    and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).

    Error - 11/12/2011 1:37:20 AM | Computer Name = BAC | Source = ESENT | ID = 490
    Description = wuauclt (432) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
    for read / write access failed with system error 1392 (0x00000570): "The file or
    directory is corrupted and unreadable. ". The open file operation will fail with
    error -1022 (0xfffffc02).

    Error - 11/12/2011 1:37:20 AM | Computer Name = BAC | Source = ESENT | ID = 439
    Description = wuauclt (432) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb.
    Error -1022.

    Error - 11/12/2011 1:37:21 AM | Computer Name = BAC | Source = ESENT | ID = 485
    Description = wuauclt (1564) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
    failed with system error 1392 (0x00000570): "The file or directory is corrupted
    and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).

    Error - 11/12/2011 1:37:21 AM | Computer Name = BAC | Source = ESENT | ID = 490
    Description = wuauclt (1564) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
    for read / write access failed with system error 1392 (0x00000570): "The file or
    directory is corrupted and unreadable. ". The open file operation will fail with
    error -1022 (0xfffffc02).

    Error - 11/12/2011 1:37:21 AM | Computer Name = BAC | Source = ESENT | ID = 439
    Description = wuauclt (1564) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb.
    Error -1022.

    Error - 11/12/2011 1:37:22 AM | Computer Name = BAC | Source = ESENT | ID = 485
    Description = wuauclt (2360) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
    failed with system error 1392 (0x00000570): "The file or directory is corrupted
    and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).

    Error - 11/12/2011 1:37:22 AM | Computer Name = BAC | Source = ESENT | ID = 490
    Description = wuauclt (2360) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
    for read / write access failed with system error 1392 (0x00000570): "The file or
    directory is corrupted and unreadable. ". The open file operation will fail with
    error -1022 (0xfffffc02).

    Error - 11/12/2011 1:37:22 AM | Computer Name = BAC | Source = ESENT | ID = 439
    Description = wuauclt (2360) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb.
    Error -1022.

    [ OSession Events ]
    Error - 04/11/2010 5:00:40 PM | Computer Name = BAC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5260
    seconds with 180 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 11/08/2011 9:15:00 PM | Computer Name = BAC | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 11/08/2011 9:15:00 PM | Computer Name = BAC | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 11/08/2011 9:21:41 PM | Computer Name = BAC | Source = DCOM | ID = 10010
    Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
    with DCOM within the required timeout.

    Error - 11/08/2011 9:24:13 PM | Computer Name = BAC | Source = DCOM | ID = 10010
    Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
    with DCOM within the required timeout.

    Error - 11/08/2011 9:30:27 PM | Computer Name = BAC | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
    9 service to connect.

    Error - 11/08/2011 9:37:55 PM | Computer Name = BAC | Source = Service Control Manager | ID = 7034
    Description = The EpsonBidirectionalService service terminated unexpectedly. It
    has done this 1 time(s).

    Error - 11/08/2011 9:37:55 PM | Computer Name = BAC | Source = Service Control Manager | ID = 7034
    Description = The Java Quick Starter service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 11/08/2011 9:37:55 PM | Computer Name = BAC | Source = Service Control Manager | ID = 7034
    Description = The RoxMediaDB9 service terminated unexpectedly. It has done this
    1 time(s).

    Error - 11/08/2011 9:37:55 PM | Computer Name = BAC | Source = Service Control Manager | ID = 7034
    Description = The Roxio Hard Drive Watcher 9 service terminated unexpectedly. It
    has done this 1 time(s).

    Error - 11/08/2011 9:48:05 PM | Computer Name = BAC | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
    9 service to connect.


    < End of report >
     
  15. Scolabar

    Scolabar

    Joined:
    Apr 15, 2011
    Messages:
    289
    Hi qwerdf,

    It has taken me a while to process your OTL logs. I will reply to you as soon as my next set of instructions have been approved.

    Apologies for the delay and inconvenience. :eek:

    Scolabar
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1024871

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice