Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Windows won't boot, black screen before login. Boot.ini or system.ini issue?

8K views 70 replies 2 participants last post by  Punker1234 
#1 ·
Hey everyone.

So I've been having this issue where my computer won't boot up into the login screen for Win Xp. It simply posts, goes to the Windows loading screen, and just as it's suppose to display the users and login page, the screen just goes black. I can however get into safemode, but it simply won't boot on the regular startup.

I believe it's another system or boot file error that has malware as I've had a previous thread years ago with a similar issue, but need some assistance. Any thgouhts? What info can I get for you to take a peek? -Jeff


PS: I will post the event viewer as soon as I get home from work.
 
#2 ·
Hello Punker1234,

You may have used Malwarebytes before. If you have, and still have it on your machine, please update and run. Post the scan report back here.

If you do not have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    Code:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /180
    %systemroot%system32Spoolprtprocsw32x86*.dll
    %systemroot%system32user32.dll /md5
    %systemroot%system32ws2_32.dll /md5
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.

    • o When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      o Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post back here.
So when you return please post
  • MBAM log
  • the two OTL logs - OTL.txt and Extras.txt

Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine. :)
 
#3 ·
Heres the log for Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4188

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

6/10/2010 9:29:53 PM
mbam-log-2010-06-10 (21-29-53).txt

Scan type: Quick scan
Objects scanned: 149619
Time elapsed: 6 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\aivskurq.msdn_hlp (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a9b3ee4c-20cf-4722-bc3e-3347f6ee1910} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7ec6d094-9f40-48ce-b833-aea09bffbbf8} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\xml2u (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\din.ip (Malware.Trace) -> Quarantined and deleted successfully.
 
#4 ·
OTL.TXT

OTL logfile created on: 6/10/2010 9:42:39 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Jeff\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 136.52 Gb Free Space | 29.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINKSYS-975
Current User Name: Jeff
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/10 21:42:00 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
PRC - [2008/07/07 08:15:18 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/06/10 21:42:00 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WMP54Gv4SVC)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008/07/07 08:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/05/02 16:59:14 | 000,077,824 | ---- | M] () [Auto | Stopped] -- C:\Program Files\pyTivo\pyTivoService.exe -- (pyTivo)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/07/03 12:32:16 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/05/11 11:46:54 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2004/05/12 20:32:38 | 000,045,056 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2001/09/25 09:32:50 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)

========== Driver Services (SafeList) ==========

DRV - [2010/04/03 15:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/11/24 16:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 16:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 16:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 16:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 16:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 16:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/12 01:32:25 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/07/19 17:09:32 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/07/19 17:09:32 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/06/16 18:15:52 | 005,095,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/04/08 12:59:00 | 000,008,704 | ---- | M] (SNEG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FStarForce.sys -- (FStarForce)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/10 00:49:13 | 000,094,208 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ezplay.sys -- (ezplay)
DRV - [2007/08/28 17:05:12 | 000,055,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2007/07/03 12:33:04 | 000,006,912 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2007/02/27 13:39:26 | 000,032,256 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2006/11/21 10:27:58 | 000,043,648 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/11/02 17:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2006/10/10 14:53:48 | 000,005,632 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/10/02 20:15:12 | 000,015,440 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2006/09/05 18:48:28 | 000,208,688 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Si3132r5.sys -- (Si3132r5)
DRV - [2006/08/08 21:47:00 | 000,067,712 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2006/07/22 00:07:36 | 000,005,504 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2006/07/13 20:42:42 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2006/05/11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/05/03 13:46:38 | 000,014,592 | ---- | M] (ABIT) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\uGuru.sys -- (UGURU)
DRV - [2006/04/05 22:23:52 | 000,081,664 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/02/16 18:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2006/02/07 19:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/10/27 16:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2004/08/03 23:41:40 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/08/03 22:31:18 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2004/05/12 19:41:32 | 000,652,360 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/05/12 19:38:02 | 000,014,408 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent)
DRV - [2004/05/12 19:35:08 | 000,231,224 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/05/12 19:29:50 | 000,100,384 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/05/12 19:28:06 | 001,395,296 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/05/12 19:21:18 | 000,013,232 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2003/09/25 23:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/07/17 14:19:10 | 000,324,287 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptserial.sys -- (Ptserial)
DRV - [2003/07/17 14:18:54 | 000,071,216 | ---- | M] (PCtel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vvoice.sys -- (Vvoice)
DRV - [2003/07/17 14:18:36 | 000,704,121 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmodem.sys -- (Vmodem)
DRV - [2003/07/17 14:17:50 | 000,799,826 | ---- | M] (PCtel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpctcom.sys -- (Vpctcom)
DRV - [2002/09/17 12:55:06 | 000,003,548 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WinFlash.sys -- (Winflash)
DRV - [2001/09/27 11:00:26 | 000,028,396 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msnbc.msn.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="

FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\:
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Components: C:\Program Files\Common Files\csshare\plugins0942 [2010/05/16 19:02:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Plugins: C:\Program Files\Common Files\csshare\plugins0942 [2010/05/16 19:02:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/30 22:30:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/22 12:46:18 | 000,000,000 | ---D | M]

[2009/05/06 20:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Extensions
[2009/05/06 20:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/06/10 21:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\fj0grz1z.default\extensions
[2009/11/09 23:36:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\fj0grz1z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2006/10/01 14:50:20 | 000,000,000 | ---D | M] (Silver Skin) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\fj0grz1z.default\extensions\{2A10B180-05EF-11D9-8C50-444553540001}
[2009/06/28 19:30:08 | 000,000,000 | ---D | M] (jDownFF) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\fj0grz1z.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2006/10/01 14:50:19 | 000,000,000 | ---D | M] (Firefox Vista) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\fj0grz1z.default\extensions\{C1CCF2A6-D735-4817-866A-993A66CF9A3D}
[2009/06/28 18:08:42 | 000,004,207 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\fj0grz1z.default\searchplugins\aim-search.xml
[2008/09/20 16:12:17 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\fj0grz1z.default\searchplugins\daemon-search.xml
[2010/06/10 21:19:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/22 12:46:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/04/11 23:17:00 | 000,311,587 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 cohlive-1.quazal.net
O1 - Hosts: 127.0.0.1 cohlive.quazal.net
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 10752 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe (Hagel Technologies)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [PCTVOICE] C:\WINDOWS\System32\pctspk.exe ()
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe (IGN Entertainment)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159777509576 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159777470951 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/01 22:06:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{905469f2-8769-11dd-bbb4-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{905469f2-8769-11dd-bbb4-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{905469f2-8769-11dd-bbb4-00038a000015}\Shell\AutoRun\command - "" = E:\AutoRunCD.exe -- File not found
O33 - MountPoints2\{ba7f47fc-2ae9-11de-bcc7-0014bf72b27b}\Shell - "" = AutoRun
O33 - MountPoints2\{ba7f47fc-2ae9-11de-bcc7-0014bf72b27b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ba7f47fc-2ae9-11de-bcc7-0014bf72b27b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{be402c04-8f60-11dc-ba28-0014bf72b27b}\Shell - "" = AutoRun
O33 - MountPoints2\{be402c04-8f60-11dc-ba28-0014bf72b27b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{be402c04-8f60-11dc-ba28-0014bf72b27b}\Shell\AutoRun\command - "" = E:\AutoRunCD.exe -- File not found
O33 - MountPoints2\{e67d5a1a-2fb8-11de-bcce-0014bf72b27b}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/10/01 14:56:46 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010/06/10 21:41:53 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
[2010/06/10 21:32:02 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/06/10 21:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Application Data\Malwarebytes
[2010/06/10 21:11:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/10 21:11:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/10 21:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/10 21:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/10 21:11:02 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jeff\Desktop\mbam-setup.exe
[2010/05/22 12:47:12 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/05/22 12:47:11 | 011,647,592 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2010/05/22 12:46:18 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2006/12/13 22:43:35 | 000,014,992 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2006/12/13 22:43:24 | 001,395,296 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2006/12/13 22:43:24 | 000,652,360 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2006/12/13 22:43:24 | 000,231,224 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2006/12/13 22:43:24 | 000,100,384 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2006/12/13 22:43:24 | 000,014,408 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys
[2006/12/13 22:43:24 | 000,013,232 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/10 21:42:00 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
[2010/06/10 21:38:53 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/10 21:33:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/10 21:31:26 | 016,252,928 | ---- | M] () -- C:\Documents and Settings\Jeff\ntuser.dat
[2010/06/10 21:31:26 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jeff\ntuser.ini
[2010/06/10 21:12:00 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/10 21:11:40 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jeff\Desktop\mbam-setup.exe
[2010/06/05 12:55:47 | 000,000,619 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/05 12:55:47 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/03 22:18:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/03 22:02:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/03 21:02:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/03 20:52:20 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/06/03 19:52:43 | 000,272,073 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/05/31 22:57:41 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/23 22:36:44 | 000,967,967 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\f0abec5a8d8cee8083b6b0d9655cf548.pdf
[2010/05/23 22:36:44 | 000,602,280 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\c03bec77e3a6bc3d609da049021fcf2c.pdf
[2010/05/18 18:19:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/13 22:05:07 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/10 21:12:00 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/23 22:36:40 | 000,602,280 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\c03bec77e3a6bc3d609da049021fcf2c.pdf
[2010/05/23 22:36:37 | 000,967,967 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\f0abec5a8d8cee8083b6b0d9655cf548.pdf
[2010/05/22 12:47:12 | 000,009,046 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/05/13 22:05:07 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/07/14 17:15:00 | 000,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/11/06 09:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 09:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 09:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 09:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/01/19 00:17:17 | 000,000,159 | ---- | C] () -- C:\WINDOWS\cedt.INI
[2007/11/17 00:40:05 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/11/04 14:21:25 | 000,000,233 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/12 19:03:08 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/03/12 12:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2007/02/25 19:02:12 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/02/25 19:02:03 | 000,000,890 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2007/01/25 17:19:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/13 22:43:35 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2006/12/13 22:43:35 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2006/12/13 22:43:35 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2006/12/13 22:43:24 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2006/12/13 22:43:24 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2006/12/13 22:43:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2006/11/14 17:00:34 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2006/11/14 17:00:34 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2006/10/17 13:45:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/10/09 20:33:22 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/09 20:33:20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/01 22:17:41 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ALLOW-IO.SYS
[2006/10/01 15:11:34 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2006/10/01 15:00:57 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/10/01 12:19:32 | 000,003,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\WinFlash.sys
[2005/09/20 04:29:32 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2005/09/20 04:29:31 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\PureSimPopupMenu.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/08/10 19:58:05 | 000,000,375 | ---- | M] () -- C:\aaw7boot.log
[2006/10/01 22:06:23 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/01 23:45:43 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2006/12/14 19:48:08 | 000,000,211 | ---- | M] () -- C:\boot.ini.comodofirewall
[2007/06/19 12:42:07 | 000,004,007 | ---- | M] () -- C:\ComboFix-quarantined-files.txt
[2007/11/11 13:44:21 | 000,024,065 | ---- | M] () -- C:\ComboFix.txt
[2007/11/10 15:05:12 | 000,014,396 | ---- | M] () -- C:\ComboFix2.txt
[2007/11/07 18:48:01 | 000,048,934 | ---- | M] () -- C:\ComboFix3.txt
[2006/10/01 22:06:23 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/06/21 13:47:32 | 000,231,335 | ---- | M] () -- C:\HH_0409_WeatherCities.xml
[2007/07/23 10:32:44 | 000,270,848 | ---- | M] () -- C:\HTCHome.dll
[2006/10/01 22:06:23 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/28 18:00:02 | 000,001,954 | -H-- | M] () -- C:\IPH.PH
[2006/10/01 22:06:23 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/10/01 12:07:12 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/07/03 20:16:14 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2005/10/31 08:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[13 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/10/01 14:58:16 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/10/01 14:58:16 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/10/01 14:58:16 | 000,413,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/04/03 15:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys

< %systemroot%system32Spoolprtprocsw32x86*.dll >

< %systemroot%system32user32.dll /md5 >

< %systemroot%system32ws2_32.dll /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 477 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >
 
#5 ·
EXTRAS.TXT

OTL Extras logfile created on: 6/10/2010 9:42:39 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Jeff\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 136.52 Gb Free Space | 29.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINKSYS-975
Current User Name: Jeff
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:UDP" = 5353:UDP:LocalSubNet:Enabled:mDNS-SD/Bonjour
"7288:TCP" = 7288:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7288
"7289:TCP" = 7289:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7289
"7290:TCP" = 7290:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7290
"7291:TCP" = 7291:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7291
"7292:TCP" = 7292:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7292
"7293:TCP" = 7293:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7293
"7294:TCP" = 7294:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7294
"7295:TCP" = 7295:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7295
"7296:TCP" = 7296:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7296
"7297:TCP" = 7297:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7297

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\Stardock Games\Sins of a Solar Empire Demo\Sins of a Solar Empire.exe" = C:\Program Files\Stardock Games\Sins of a Solar Empire Demo\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire Demo -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:BitTornado -- ()
"C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- File not found
"C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- File not found
"C:\Program Files\StickmanStudios\Buccaneer Demo\T3D.exe" = C:\Program Files\StickmanStudios\Buccaneer Demo\T3D.exe:*:Enabled:Buccaneer: The Pursuit of Infamy -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" = C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:LocalSubNet:Enabled:TiVo Transfer Service -- (TiVo Inc.)
"C:\Program Files\TiVo\Desktop\TiVoServer.exe" = C:\Program Files\TiVo\Desktop\TiVoServer.exe:LocalSubNet:Enabled:TiVo Server Service -- (TiVo Inc.)
"C:\Program Files\TiVo\Desktop\TiVoDesktop.exe" = C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:LocalSubNet:Enabled:TiVo Desktop User Interface -- (TiVo Inc.)
"C:\Program Files\TiVo\Desktop\curl.exe" = C:\Program Files\TiVo\Desktop\curl.exe:LocalSubNet:Enabled:TiVo Curl Service -- ()
"C:\Program Files\Dragon Age\bin_ship\daorigins.exe" = C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare)
"C:\Program Files\Dragon Age\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare)
"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
"{4E839090-3B68-436A-B3CF-A2A08C38DD26}" = TiVo Desktop 2.7
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6833245E-DD86-479A-882A-8360D62C8194}" = NVIDIA PhysX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBAB6D5D-1DD4-4D46-B5D9-121DCAB17DEC}" = Battlestations: Pacific
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EA0B63C1-E579-43DD-A5F7-0DA5E9092554}" = CryEngine(R)2 Sandbox(TM)2
"{EBC91840-41E1-4CC3-AC11-0B889546223C}" = Microsoft IntelliPoint 5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FF8500E6-EA0D-11D7-8755-0080C8F92A32}" = ABIT uGuru
"7-Zip" = 7-Zip 4.65
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6" = AIM 6
"avast!" = avast! Antivirus
"BitLord" = BitLord 1.1
"BitTornado" = BitTornado 0.3.17
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Canon MP560 series User Registration" = Canon MP560 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CompuServe us" = CompuServe
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"DCS Black Shark" = DCS Black Shark
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dumeter3_is1" = DU Meter
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"FLV Player" = FLV Player 2.0 (build 25)
"Google Updater" = Google Updater
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HandBrake" = HandBrake 0.9.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"IGN Download Manager" = IGN Download Manager 2.3.0
"Installing HSP56 MicroModem Drivers" = HSP56 Modem Drivers
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"JDownloader" = JDownloader
"LimeWire" = LimeWire 5.5.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mount&Blade Warband" = Mount&Blade Warband
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"NVTray_is1" = NVIDIA Tray Tools v1.0.4.8
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"pyTivo" = pyTivo wmcbrine-2009.03.19-RC1
"RealAlt_is1" = Real Alternative 1.51
"RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X
"ShockwaveFlash" = Macromedia Flash Player 8
"SLAMRNTV" = Smart Link 56K Voice Modem
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"TiVo Desktop 2.7" = TiVo Desktop 2.7
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 7/18/2007 3:32:41 AM | Computer Name = LINKSYS-975 | Source = avast! | ID = 33554522
Description = AAVM - initialization error: P2P provider: cannot start because 'Kaspersky
Anti-Virus' is active!, 00000000.

Error - 7/18/2007 3:32:41 AM | Computer Name = LINKSYS-975 | Source = avast! | ID = 33554522
Description = AAVM - initialization error: Standard Shield provider: cannot start
because 'Kaspersky Anti-Virus' is active!, 00000000.

Error - 7/7/2008 10:08:44 PM | Computer Name = LINKSYS-975 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://picard.exceed.hu/tcpmp/test/tcpmp.pocketpc.0.72RC1.cab failed, 00000026.

Error - 7/29/2008 10:16:38 AM | Computer Name = LINKSYS-975 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Jeff\My Documents\Downloads\In.Bruges.2008.DVDR.[Eng.Spa.Fr].bydk\IN_BRUGES-bydk.iso
failed, 00000084.

Error - 4/22/2009 11:45:43 PM | Computer Name = LINKSYS-975 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\JEFF\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FJ0GRZ1Z.DEFAULT\PREFS.JS
failed, 00000005.

Error - 6/14/2009 3:01:03 AM | Computer Name = LINKSYS-975 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\JEFF\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FJ0GRZ1Z.DEFAULT\PREFS.JS
failed, 00000005.

Error - 11/3/2009 11:31:22 PM | Computer Name = LINKSYS-975 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Jeff\My Documents\Downloads\Dragon.Age.Origins.SKIDROW\sr-dgnage.iso
failed, 00000084.

Error - 11/3/2009 11:58:40 PM | Computer Name = LINKSYS-975 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Jeff\My Documents\Downloads\Dragon.Age.Origins.SKIDROW\sr-dgnage.iso
failed, 00000084.

Error - 11/7/2009 12:15:56 AM | Computer Name = LINKSYS-975 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Jeff\My Documents\Downloads\Dragon.Age.Origins.SKIDROW\sr-dgnage.iso
failed, 00000084.

Error - 6/4/2010 10:05:23 PM | Computer Name = LINKSYS-975 | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function 00000002.

[ Application Events ]
Error - 4/14/2010 1:02:26 AM | Computer Name = LINKSYS-975 | Source = Google Update | ID = 20
Description =

Error - 4/17/2010 8:00:11 PM | Computer Name = LINKSYS-975 | Source = Application Error | ID = 1000
Description = Faulting application javaw.exe, version 6.0.190.4, faulting module
java.dll, version 6.0.190.4, fault address 0x00005875.

Error - 4/18/2010 3:49:30 AM | Computer Name = LINKSYS-975 | Source = Application Error | ID = 1000
Description = Faulting application mb_warband.exe, version 1.0.0.0, faulting module
mb_warband.exe, version 1.0.0.0, fault address 0x0021ea7f.

Error - 4/24/2010 8:38:07 PM | Computer Name = LINKSYS-975 | Source = Application Hang | ID = 1002
Description = Hanging application QuickTimePlayer.exe, version 7.65.17.80, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/3/2010 1:48:35 AM | Computer Name = LINKSYS-975 | Source = Application Hang | ID = 1002
Description = Hanging application BitLord.exe, version 1.1.5.6, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/3/2010 1:48:49 AM | Computer Name = LINKSYS-975 | Source = Application Hang | ID = 1002
Description = Hanging application BitLord.exe, version 1.1.5.6, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/3/2010 1:48:52 AM | Computer Name = LINKSYS-975 | Source = Application Hang | ID = 1002
Description = Hanging application BitLord.exe, version 1.1.5.6, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/6/2010 11:40:28 PM | Computer Name = LINKSYS-975 | Source = Application Hang | ID = 1002
Description = Hanging application DivX Player.exe, version 7.0.0.186, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/6/2010 11:40:29 PM | Computer Name = LINKSYS-975 | Source = Application Hang | ID = 1002
Description = Hanging application DivX Player.exe, version 7.0.0.186, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/19/2010 10:15:59 PM | Computer Name = LINKSYS-975 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 6/10/2010 1:38:23 AM | Computer Name = LINKSYS-975 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 6/10/2010 1:38:23 AM | Computer Name = LINKSYS-975 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL
Tcpip
WS2IFSL

Error - 6/10/2010 1:43:36 AM | Computer Name = LINKSYS-975 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 6/10/2010 11:59:03 PM | Computer Name = LINKSYS-975 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 6/10/2010 11:59:11 PM | Computer Name = LINKSYS-975 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/10/2010 11:59:43 PM | Computer Name = LINKSYS-975 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSP Fips intelppm SASDIFSV SASKUTIL

Error - 6/11/2010 12:31:25 AM | Computer Name = LINKSYS-975 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/11/2010 12:34:05 AM | Computer Name = LINKSYS-975 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 6/11/2010 12:34:48 AM | Computer Name = LINKSYS-975 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSP Fips intelppm ohci1394 SASDIFSV SASKUTIL SI3132

Error - 6/11/2010 12:39:12 AM | Computer Name = LINKSYS-975 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

< End of report >
 
#7 ·
Hello Jeff,

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
 
#9 ·
I am posting this. See my post #2.

ComboFix 10-06-10.03 - Jeff 06/10/2010 22:56:52.5.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1706 [GMT -7:00]
Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-05-11 to 2010-06-11 )))))))))))))))))))))))))))))))
.

2010-06-11 04:15 . 2010-06-11 04:15 -------- d-----w- c:\documents and settings\Jeff\Application Data\Malwarebytes
2010-06-11 04:11 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-11 04:11 . 2010-06-11 04:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-11 04:11 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-11 04:11 . 2010-06-11 04:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-06 04:57 . 2010-06-06 04:57 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-22 19:47 . 2010-04-03 22:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-05-22 19:47 . 2010-04-03 22:55 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-05-22 19:46 . 2010-05-22 19:46 503808 ----a-w- c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-23138be6-n\msvcp71.dll
2010-05-22 19:46 . 2010-05-22 19:46 499712 ----a-w- c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-23138be6-n\jmc.dll
2010-05-22 19:46 . 2010-05-22 19:46 348160 ----a-w- c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-23138be6-n\msvcr71.dll
2010-05-22 19:46 . 2010-05-22 19:46 61440 ----a-w- c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4584aedb-n\decora-sse.dll
2010-05-22 19:46 . 2010-05-22 19:46 12800 ----a-w- c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4584aedb-n\decora-d3d.dll
2010-05-22 19:46 . 2010-04-13 00:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-04 03:52 . 2008-04-13 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-05-28 02:34 . 2008-05-15 04:49 -------- d-----w- c:\program files\BitLord
2010-05-22 19:48 . 2007-10-27 05:59 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-22 19:46 . 2006-12-06 02:05 -------- d-----w- c:\program files\Java
2010-05-16 02:17 . 2006-10-02 05:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-14 05:04 . 2006-10-03 07:21 -------- d-----w- c:\program files\Google
2010-05-01 17:00 . 2007-07-16 01:50 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-01 05:32 . 2010-05-01 05:32 -------- d-----w- c:\program files\iTunes
2010-05-01 05:32 . 2010-05-01 05:32 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-01 05:32 . 2010-05-01 05:32 -------- d-----w- c:\program files\iPod
2010-05-01 05:32 . 2008-06-09 05:13 -------- d-----w- c:\program files\Common Files\Apple
2010-05-01 05:30 . 2006-10-18 01:36 -------- d-----w- c:\program files\QuickTime
2010-05-01 05:28 . 2010-05-01 05:28 -------- d-----w- c:\program files\Bonjour
2010-05-01 05:26 . 2010-05-01 05:26 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-24 01:33 . 2006-10-02 01:31 -------- d-----w- c:\documents and settings\Jeff\Application Data\.BitTornado
2010-04-23 00:35 . 2006-12-06 02:04 -------- d-----w- c:\program files\LimeWire
2010-04-19 03:57 . 2009-11-04 03:54 -------- d-----w- c:\program files\JDownloader
2010-04-08 20:20 . 2010-04-08 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20 . 2010-04-08 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-06 02:58 . 2010-04-06 02:58 503808 ----a-w- c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3b817b49-n\msvcp71.dll
2010-04-06 02:58 . 2010-04-06 02:58 499712 ----a-w- c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3b817b49-n\jmc.dll
2010-04-06 02:58 . 2010-04-06 02:58 348160 ----a-w- c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3b817b49-n\msvcr71.dll
2010-04-06 02:58 . 2010-04-06 02:58 61440 ----a-w- c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6726d283-n\decora-sse.dll
2010-04-06 02:58 . 2010-04-06 02:58 12800 ----a-w- c:\documents and settings\Jeff\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6726d283-n\decora-d3d.dll
2010-04-04 02:23 . 2010-04-04 02:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-04 02:23 . 2010-04-04 02:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-04 02:23 . 2010-04-04 02:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-04 02:23 . 2010-04-04 02:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-04 02:23 . 2010-04-04 02:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-04 02:22 . 2010-04-04 02:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-03 22:55 . 2009-06-10 13:03 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-03 22:55 . 2009-06-10 13:03 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-04-03 22:55 . 2009-06-10 13:03 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-03 22:55 . 2008-10-07 20:33 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-03 22:55 . 2006-10-10 03:33 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-04-03 22:55 . 2006-10-10 03:33 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-04-03 22:55 . 2006-10-10 03:33 227944 ----a-w- c:\windows\system32\nvcodins.dll
2010-04-03 22:55 . 2006-10-10 03:33 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-04-03 22:55 . 2006-10-10 03:33 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-04-03 22:55 . 2004-08-04 07:56 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-03 22:55 . 2004-08-04 05:29 10232128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-04-02 23:54 . 2007-06-09 04:38 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 81920]
"igndlm.exe"="c:\program files\IGN\Download Manager\dlm.exe" [2009-05-15 1103216]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2009-10-28 257440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 461584]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2005-02-02 1469952]
"PCTVOICE"="pctspk.exe" [2003-07-17 180224]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-05-11 151552]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-17 1953792]
"RTHDCPL"="RTHDCPL.EXE" [2009-06-12 17887232]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-20 136544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 21:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CompuServe 7.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CompuServe 7.0 Tray Icon.lnk
backup=c:\windows\pss\CompuServe 7.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-05-15 02:03 1103216 ----a-w- c:\program files\IGN\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 22:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-06 06:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-12-07 02:37 69216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoNotify]
2009-01-27 23:18 425472 ----a-w- c:\program files\TiVo\Desktop\TiVoNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoServer]
2009-01-27 23:21 2143232 ----a-w- c:\program files\TiVo\Desktop\TiVoServer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TranscodingService]
2009-01-27 23:03 520192 ----a-w- c:\program files\TiVo\Desktop\TranscodingService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2007-09-27 01:05 734264 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [10/1/2006 11:58 AM 14592]
R3 FStarForce;FStarForce;c:\windows\system32\drivers\FStarForce.sys [4/8/2009 12:59 PM 8704]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/1/2006 3:00 PM 721904]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 2:53 PM 5632]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 32256]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/27/2009 8:42 PM 133104]
S2 pyTivo;pyTivo;c:\program files\pyTivo\pyTivoService.exe [5/2/2008 4:59 PM 77824]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/28/2007 1:30 AM 24652]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/18/2009 7:56 PM 1684736]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [12/6/2009 3:38 PM 25832]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096]
S3 TCCrystalCpuInfo;TCCrystalCpuInfo;\??\c:\docume~1\Jeff\LOCALS~1\Temp\TCCpuInfo.sys --> c:\docume~1\Jeff\LOCALS~1\Temp\TCCpuInfo.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-05-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:34]

2010-06-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-13 02:44]

2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 03:42]

2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 03:42]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\fj0grz1z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-MsUpdate - C:\MsUpdate.exe
AddRemove-DCS Black Shark - c:\program files\Eagle Dynamics\Ka-50\uninstall.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\UninstFl.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-10 23:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1844237615-1035525444-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e4,35,6d,f9,77,d6,14,e7,c2,2c,7c,e7,51,ab,9e,a4,96,13,79,64,d8,f6,ab,
32,1f,d7,b8,85,31,a3,ee,70,66,e8,22,a5,60,f4,8e,b6,1f,b0,80,e3,f6,a9,5d,64,\
"??"=hex:d2,af,fc,d8,ac,e9,33,c1,81,f3,b7,8d,54,15,c2,5f

[HKEY_USERS\S-1-5-21-1844237615-1035525444-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:68,3e,a7,eb,81,3e,97,e3,1d,63,bf,84,41,2d,5a,ee,7a,27,35,9d,ae,
d5,88,04,f5,63,b7,df,15,dd,58,be,1b,90,64,4b,b2,d8,18,57,bf,e5,96,6b,70,c5,\
"rkeysecu"=hex:02,46,5d,61,ae,2b,31,97,30,79,11,df,eb,d4,9e,9d
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\l3codecx.acm
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

- - - - - - - > 'explorer.exe'(1700)
c:\windows\system32\WININET.dll
.
Completion time: 2010-06-10 23:01:48
ComboFix-quarantined-files.txt 2010-06-11 06:01
ComboFix2.txt 2007-11-11 20:44

Pre-Run: 146,607,288,320 bytes free
Post-Run: 148,135,124,992 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - A4BE70DDD09C36FAEC8FBCCCC5CD3268
 
#10 ·
Hello Punker1234,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Code:
KillAll::

Driver::
TCCrystalCpuInfo

File::
c:\docume~1\Jeff\LOCALS~1\Temp\TCCpuI nfo.sys

Reboot::
Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.

Now

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3.

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Copy and paste that information in your next post.

So when you return please post
  • ComboFix.txt
  • MBAM log
  • Kaspersky scan results
  • and tell me how your computer is performing now
 
#12 ·
Oops, now it's here.

Also listed is the Malwarebytes log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4188

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

6/11/2010 12:26:31 AM
mbam-log-2010-06-11 (00-26-31).txt

Scan type: Quick scan
Objects scanned: 139735
Time elapsed: 4 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 

Attachments

#13 ·
Hello Punker1234,

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :processes
    killallprocesses
    
    :Files
    c:\program files\Viewpoint
    :Commands
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
Next

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3. It uses Java Runtime Environment (JRE) .

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Copy and paste that information in your next post.

So when you return please post
  • OTL fix log
  • Kaspersky scan results
  • and tell me how your machine is now
 
#14 ·
Good afternoon. Below is the OTL Log, and I've attached the Kasp scan. The scan took awhile, so I went to sleep last night, that's why I submitted half of what you asked. I really thank you for your help!

So far, when I try to boot my computer up in regular mode, it still won't have the login screen appear. It's just simply black. I also have strange artifacts in my bios post. There's a ton of apostrophe's all over the place in blank spaces. I had a similar problem quite a few years back regarding the blank screen, and tried messing with some stuff from the old thread but no success. I'll include the link below if you think that will help.

Link: http://forums.techguy.org/windows-xp/596146-solved-windows-cant-boot-black.html

OTL logfile created on: 6/11/2010 7:06:13 PM - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Jeff\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 137.83 Gb Free Space | 29.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINKSYS-975
Current User Name: Jeff
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/10 21:42:00 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
PRC - [2010/04/03 23:23:32 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/07/07 08:15:18 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/06/10 21:42:00 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WMP54Gv4SVC)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008/07/07 08:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/05/02 16:59:14 | 000,077,824 | ---- | M] () [Auto | Stopped] -- C:\Program Files\pyTivo\pyTivoService.exe -- (pyTivo)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/07/03 12:32:16 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/05/11 11:46:54 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2004/05/12 20:32:38 | 000,045,056 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2001/09/25 09:32:50 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)

========== Driver Services (SafeList) ==========

DRV - [2010/04/03 15:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/09/12 01:32:25 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/07/19 17:09:32 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/07/19 17:09:32 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/06/16 18:15:52 | 005,095,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/04/08 12:59:00 | 000,008,704 | ---- | M] (SNEG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FStarForce.sys -- (FStarForce)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/10 00:49:13 | 000,094,208 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ezplay.sys -- (ezplay)
DRV - [2007/08/28 17:05:12 | 000,055,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2007/07/03 12:33:04 | 000,006,912 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2007/02/27 13:39:26 | 000,032,256 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2006/11/21 10:27:58 | 000,043,648 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/11/02 17:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2006/10/10 14:53:48 | 000,005,632 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/10/02 20:15:12 | 000,015,440 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2006/09/05 18:48:28 | 000,208,688 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Si3132r5.sys -- (Si3132r5)
DRV - [2006/08/08 21:47:00 | 000,067,712 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2006/07/22 00:07:36 | 000,005,504 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2006/07/13 20:42:42 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2006/05/11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/05/03 13:46:38 | 000,014,592 | ---- | M] (ABIT) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\uGuru.sys -- (UGURU)
DRV - [2006/04/05 22:23:52 | 000,081,664 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/02/16 18:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2006/02/07 19:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/10/27 16:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2004/08/03 23:41:40 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/08/03 22:31:18 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2004/05/12 19:41:32 | 000,652,360 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/05/12 19:38:02 | 000,014,408 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent)
DRV - [2004/05/12 19:35:08 | 000,231,224 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/05/12 19:29:50 | 000,100,384 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/05/12 19:28:06 | 001,395,296 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/05/12 19:21:18 | 000,013,232 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2003/09/25 23:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/07/17 14:19:10 | 000,324,287 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptserial.sys -- (Ptserial)
DRV - [2003/07/17 14:18:54 | 000,071,216 | ---- | M] (PCtel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vvoice.sys -- (Vvoice)
DRV - [2003/07/17 14:18:36 | 000,704,121 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmodem.sys -- (Vmodem)
DRV - [2003/07/17 14:17:50 | 000,799,826 | ---- | M] (PCtel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpctcom.sys -- (Vpctcom)
DRV - [2002/09/17 12:55:06 | 000,003,548 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WinFlash.sys -- (Winflash)
DRV - [2001/09/27 11:00:26 | 000,028,396 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msnbc.msn.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="

FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\:
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Components: C:\Program Files\Common Files\csshare\plugins0942 [2010/05/16 19:02:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Plugins: C:\Program Files\Common Files\csshare\plugins0942 [2010/05/16 19:02:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/30 22:30:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/22 12:46:18 | 000,000,000 | ---D | M]

[2009/05/06 20:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Extensions
[2009/05/06 20:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/06/10 21:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\fj0grz1z.default\extensions
[2009/11/09 23:36:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\fj0grz1z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2006/10/01 14:50:20 | 000,000,000 | ---D | M] (Silver Skin) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\fj0grz1z.default\extensions\{2A10B180-05EF-11D9-8C50-444553540001}
[2009/06/28 19:30:08 | 000,000,000 | ---D | M] (jDownFF) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\fj0grz1z.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2006/10/01 14:50:19 | 000,000,000 | ---D | M] (Firefox Vista) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\fj0grz1z.default\extensions\{C1CCF2A6-D735-4817-866A-993A66CF9A3D}
[2009/06/28 18:08:42 | 000,004,207 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\fj0grz1z.default\searchplugins\aim-search.xml
[2008/09/20 16:12:17 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\fj0grz1z.default\searchplugins\daemon-search.xml
[2010/06/10 21:19:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/22 12:46:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/06/11 00:02:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe (Hagel Technologies)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PCTVOICE] C:\WINDOWS\System32\pctspk.exe ()
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe (IGN Entertainment)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159777509576 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159777470951 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/01 22:06:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/11 00:06:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/06/10 22:55:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/10 22:51:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/10 22:51:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/10 22:51:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/10 21:41:53 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
[2010/06/10 21:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Application Data\Malwarebytes
[2010/06/10 21:11:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/10 21:11:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/10 21:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/10 21:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/10 21:11:02 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jeff\Desktop\mbam-setup.exe
[2010/05/22 12:47:12 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/05/22 12:47:11 | 011,647,592 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2010/05/22 12:46:18 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2006/12/13 22:43:35 | 000,014,992 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2006/12/13 22:43:24 | 001,395,296 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2006/12/13 22:43:24 | 000,652,360 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2006/12/13 22:43:24 | 000,231,224 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2006/12/13 22:43:24 | 000,100,384 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2006/12/13 22:43:24 | 000,014,408 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys
[2006/12/13 22:43:24 | 000,013,232 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/11 18:57:12 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/11 18:57:10 | 000,000,436 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/06/11 18:56:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/11 03:15:13 | 016,252,928 | ---- | M] () -- C:\Documents and Settings\Jeff\ntuser.dat
[2010/06/11 03:15:13 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jeff\ntuser.ini
[2010/06/11 00:30:25 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/11 00:02:46 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/11 00:02:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/10 22:55:08 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/10 22:46:02 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/10 22:36:00 | 003,705,848 | R--- | M] () -- C:\Documents and Settings\Jeff\Desktop\ComboFix.exe
[2010/06/10 21:42:00 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
[2010/06/10 21:12:00 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/10 21:11:40 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jeff\Desktop\mbam-setup.exe
[2010/06/05 12:55:47 | 000,000,619 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/03 22:18:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/03 22:02:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/03 21:02:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/03 20:52:20 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/06/03 19:52:43 | 000,272,073 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/05/31 22:57:41 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/23 22:36:44 | 000,967,967 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\f0abec5a8d8cee8083b6b0d9655cf548.pdf
[2010/05/23 22:36:44 | 000,602,280 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\c03bec77e3a6bc3d609da049021fcf2c.pdf
[2010/05/18 18:19:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/13 22:05:07 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/10 22:55:08 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/10 22:55:07 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/10 22:51:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/10 22:51:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/10 22:51:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/10 22:51:31 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/10 22:51:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/10 22:35:39 | 003,705,848 | R--- | C] () -- C:\Documents and Settings\Jeff\Desktop\ComboFix.exe
[2010/06/10 21:12:00 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/23 22:36:40 | 000,602,280 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\c03bec77e3a6bc3d609da049021fcf2c.pdf
[2010/05/23 22:36:37 | 000,967,967 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\f0abec5a8d8cee8083b6b0d9655cf548.pdf
[2010/05/22 12:47:12 | 000,009,046 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/05/13 22:05:07 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/07/14 17:15:00 | 000,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/11/06 09:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 09:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 09:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 09:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/01/19 00:17:17 | 000,000,159 | ---- | C] () -- C:\WINDOWS\cedt.INI
[2007/11/17 00:40:05 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/11/04 14:21:25 | 000,000,233 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/12 19:03:08 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/03/12 12:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2007/02/25 19:02:12 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/02/25 19:02:03 | 000,000,890 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2007/01/25 17:19:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/13 22:43:35 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2006/12/13 22:43:35 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2006/12/13 22:43:35 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2006/12/13 22:43:24 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2006/12/13 22:43:24 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2006/12/13 22:43:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2006/11/14 17:00:34 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2006/11/14 17:00:34 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2006/10/17 13:45:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/10/09 20:33:22 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/09 20:33:20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/01 22:17:41 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ALLOW-IO.SYS
[2006/10/01 15:11:34 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2006/10/01 15:00:57 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/10/01 12:19:32 | 000,003,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\WinFlash.sys
[2005/09/20 04:29:32 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2005/09/20 04:29:31 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\PureSimPopupMenu.dll

========== Custom Scans ==========

< :processes >

< killallprocesses >

< >

< :Files >

< c:\program files\Viewpoint >

< :Commands >

< [Reboot] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 477 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >
 
#16 ·
Hello Punker1234,

That OTL fix didn't work.

I think you may have clicked the Scan button instead of Run Fix.

Here it is again. I have added some more to it from the Kaspersky scan.

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :Files
    C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\14\7f33110e-201897b3
    C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\14\7f33110e-201897b3
    C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\2\1f3f8202-2d5477e9
    C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\23\35249897-73d64edf
    C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\33\6e741361-7016d829
    C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\33\6e741361-7016d829
    C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\35\362cfe3-41bf0817
    C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\37\301cb0e5-7bafe2b4
    C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\38\67df4166-7e15a8bc
    C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\38\67df4166-7e15a8bc
    C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\40\42123aa8-12b0c03d
    C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\41\54714329-7e9104b3
    C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\56\68eb5f8-2a95e49d
    C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\56\68eb5f8-2a95e49d
    C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\6\5b3d5486-1753549d
    c:\program files\Viewpoint
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
 
#19 ·
As I say that and open OTL, a log pops up.... See below.

All processes killed
========== FILES ==========
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\14\7f33110e-201897b3 moved successfully.
File\Folder C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\14\7f33110e-201897b3 not found.
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\2\1f3f8202-2d5477e9 moved successfully.
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\23\35249897-73d64edf moved successfully.
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\33\6e741361-7016d829 moved successfully.
File\Folder C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\33\6e741361-7016d829 not found.
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\35\362cfe3-41bf0817 moved successfully.
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\37\301cb0e5-7bafe2b4 moved successfully.
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\38\67df4166-7e15a8bc moved successfully.
File\Folder C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\38\67df4166-7e15a8bc not found.
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\40\42123aa8-12b0c03d moved successfully.
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\41\54714329-7e9104b3 moved successfully.
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\56\68eb5f8-2a95e49d moved successfully.
File\Folder C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\56\68eb5f8-2a95e49d not found.
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\6.0\6\5b3d5486-1753549d moved successfully.
c:\program files\Viewpoint\Viewpoint Toolbar folder moved successfully.
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents folder moved successfully.
c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\VMgr_Win folder moved successfully.
c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\AxMetaStream_Win folder moved successfully.
c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents folder moved successfully.
c:\program files\Viewpoint\Viewpoint Media Player\Components folder moved successfully.
c:\program files\Viewpoint\Viewpoint Media Player folder moved successfully.
c:\program files\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
c:\program files\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
c:\program files\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents folder moved successfully.
c:\program files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents\AxMetaStream_Win folder moved successfully.
c:\program files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents folder moved successfully.
c:\program files\Viewpoint\Viewpoint Experience Technology\Components folder moved successfully.
c:\program files\Viewpoint\Viewpoint Experience Technology folder moved successfully.
c:\program files\Viewpoint\Common folder moved successfully.
c:\program files\Viewpoint folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 83 bytes

User: Family

User: Jeff
->Temp folder emptied: 109377907 bytes
->Temporary Internet Files folder emptied: 411864 bytes
->Java cache emptied: 65317912 bytes
->FireFox cache emptied: 151991620 bytes
->Flash cache emptied: 2611778 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1494970 bytes
%systemroot%\System32 .tmp files removed: 8139841 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 324.00 mb

OTL by OldTimer - Version 3.2.6.0 log created on 06112010_204352

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
#21 ·
Hello Punker1234,

Let's try using the Recovery Console. This should have been installed when you downloaded ComboFix.

To logon to the Recovery Console.

1. Restart your computer.
2. Before Windows loads, you will be prompted to choose which Operating System to start.



Use the up and down arrow key to select Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press 'Enter'.
5. At the C:\Windows prompt, type the following bolded entrie, and press 'Enter':

fixmbr

After that come back and tell me if there is any change.
 
#22 ·
I ran the recovery and ran fixmbr. It asked about creating a new boot and/or damaging the partition if it failed, accepted and it ran. I exited and restarted the computer and still a black screen. Craziness I tell you.

Whats your name by the way? I feel silly that your helping me and I don't even know your name. I'm Jeff by the way.
 
#25 ·
Okay, you might like to check this link out:

http://support.microsoft.com/kb/314503

It's a bit complicated but if you just take your time and follow it through step by step you should be fine.

I am not a tech but I did have one other idea which you might like to try before following those instructions (up to you). I think a possible cause might be damage on your hard disk so chkdsk might work, although, if it is a damaged sector I don't think it will be a permanent answer i.e. might be a signal that your hard disk is beginning to go.
 
#26 ·
Further to my last post, I overlooked giving you the instructions for chkdsk.

Chkdsk (Chkdsk.exe) is a command-line tool that checks volumes for problems. The tool then tries to repair any that it finds. For example, Chkdsk can repair problems related to bad sectors, lost clusters, cross-linked files, and directory errors. To use Chkdsk, you must log on as an administrator or as a member of the Administrators group.

You can manually run the chkdsk command to check for problems.

To do this:

*Click Start, select Run,

Then type cmd in the box; to get to the Command Prompt utility

*Click Ok

*Run the chkdsk utility by typing in the following command:

chkdsk c: /f /r and hit enter (note the spaces... they should be there)

Note: If one or more of the files on the hard disk are open, you will receive the following message:

Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)
Type Y, and then press ENTER to schedule the disk check, and then restart your computer to start the disk check. When it's finished, (This process can take quite a while depending on the size of your disk, etc.), it will boot back to normal Windows.


NOTE: The /f command automatically fixes any errors encountered, the /r command locates bad sectors and recovers readable information.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top