Jump to content

Inkatoo

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Sorry to take so long to get back on this. I tried to do some things on my own and I actually got rid of the AntiPro Virus, however, my computer is not back up to par in anyway. I still have a lot of issues and it has taken me some time just to be able to get onto this website. Here are the two posts from the OTL program you told me to use. Thank you for your help and I am sorry to take so long again. OTL logfile created on: 12/13/2009 2:46:54 PM - Run 1 OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Kurtis.ON-A-KURTIE\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.63% Memory free 3.85 Gb Paging File | 3.45 Gb Available in Paging File | 89.72% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 461.06 Gb Total Space | 338.39 Gb Free Space | 73.39% Space Free | Partition Type: NTFS Drive D: | 1.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive J: | 553.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: ON-A-KURTIE Current User Name: Kurtis Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Kurtis.ON-A-KURTIE\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs) PRC - C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe (Trend Micro Incorporated.) PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe (Intel Corporation) PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe () PRC - C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.) PRC - C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) PRC - C:\WINDOWS\system32\dlcccoms.exe ( ) PRC - C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell) PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) PRC - C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe (Trend Micro Incorporated.) PRC - C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe (Trend Micro Incorporated.) PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) PRC - C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Kurtis.ON-A-KURTIE\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\butabefu.dll () MOD - C:\WINDOWS\system32\serwvdrv.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\umdmxfrm.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs) SRV - (PcCtlCom) -- C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe (Trend Micro Incorporated.) SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ELService) Intel® -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe (Intel Corporation) SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ( ) SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exe (Trend Micro Inc.) SRV - (Tmntsrv) -- C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe (Trend Micro Incorporated.) SRV - (tmproxy) -- C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe (Trend Micro Inc.) SRV - (StarWindService) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Creative Service for CDROM Access) -- C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (Tmfilter) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.) DRV - (Tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.) DRV - (Vsapint) -- C:\WINDOWS\system32\drivers\VsapiNT.sys (Trend Micro Inc.) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (ithsgt) -- C:\WINDOWS\system32\drivers\ithsgt.sys () DRV - (lilsgt) -- C:\WINDOWS\system32\drivers\lilsgt.sys () DRV - (vaxscsi) -- C:\WINDOWS\System32\Drivers\vaxscsi.sys () DRV - (Haspnt) -- C:\WINDOWS\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (ASCTRM) -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows ® 2000 DDK provider) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (iastor) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation) DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation) DRV - (SCDEmu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation ) DRV - (ELacpi) -- C:\WINDOWS\system32\drivers\ELacpi.sys (Intel Corporation) DRV - (ELmon) -- C:\WINDOWS\system32\drivers\Elmon.sys (Intel Corporation) DRV - (ELkbd) -- C:\WINDOWS\system32\drivers\Elkbd.sys (Intel Corporation) DRV - (ELmou) -- C:\WINDOWS\system32\drivers\Elmou.sys (Intel Corporation) DRV - (ELhid) -- C:\WINDOWS\system32\drivers\Elhid.sys (Intel Corporation) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.) DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.) DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions) DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions) DRV - (tmtdi) -- C:\WINDOWS\System32\Drivers\tmtdi.sys (Trend Micro Inc.) DRV - (tm_cfw) -- C:\WINDOWS\System32\Drivers\tm_cfw.sys (Trend Micro Inc.) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions) DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions) DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions) DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\ctusfsyn.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.) DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation) DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.) DRV - (Sntnlusb) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061009 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/en/...html?channel=us IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061009 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061009 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.msn.com/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/19 18:55:32 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/28 18:36:17 | 00,000,000 | ---D | M] [2009/08/29 09:13:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Application Data\Mozilla\Extensions [2009/08/29 09:13:44 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/08/29 09:13:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Application Data\Mozilla\Firefox\Profiles\j5az63kj.default\extensions [2009/09/25 12:49:16 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2009/09/25 12:49:17 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2009/09/25 12:49:17 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2009/09/25 12:49:17 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2009/09/25 12:49:17 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2009/09/25 12:49:17 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2009/09/25 12:49:17 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll O1 HOSTS File: (852 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O1 - Hosts: 127.255.255.255 www.alcohol-soft.com O1 - Hosts: 127.255.255.255 images.alcohol-soft.com O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [buildBU] c:\dell\bldbubg.exe () O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL () O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell) O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe () O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [iSUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found O4 - HKLM..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe (PureEdge Solutions Inc.) O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL () O4 - HKLM..\Run: [molilukep] C:\WINDOWS\System32\butabefu.DLL () O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe (Trend Micro Incorporated.) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [updReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation) O4 - HKCU..\Run: [bitTorrent] C:\Program Files\BitTorrent\bittorrent.exe () O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\Run: [OE_OEM] C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.) O4 - HKCU..\Run: [setDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) O4 - Startup: C:\Documents and Settings\Kurtis.ON-A-KURTIE\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: world-of-dungeons.net ([]https in Trusted sites) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1161140326968 (WUWebControl Class) O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v5.cab (GameLauncher Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.212.255.11 64.212.255.12 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (hanugupi.dll) - File not found O20 - AppInit_DLLs: (nezogeju.dll) - File not found O20 - AppInit_DLLs: (c:\windows\system32\butabefu.dll) - C:\WINDOWS\system32\butabefu.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: sapalumod - {f19db9f7-080a-4212-ae1b-39c87ac56a70} - C:\WINDOWS\system32\butabefu.dll () O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {f19db9f7-080a-4212-ae1b-39c87ac56a70} - tokatiluy - C:\WINDOWS\system32\butabefu.dll () O24 - Desktop Components:0 (My Current Home Page) - About:Home O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/16 17:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2000/04/03 02:36:38 | 00,000,030 | R--- | M] () - J:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{0dabf899-7070-11de-b769-001676da976f}\Shell\AutoRun\command - "" = L:\WDSetup.exe -- File not found O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found O33 - MountPoints2\{df3fdb4b-5fdc-11dd-b71e-001676da976f}\Shell - "" = AutoRun O33 - MountPoints2\{df3fdb4b-5fdc-11dd-b71e-001676da976f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{df3fdb4b-5fdc-11dd-b71e-001676da976f}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found O33 - MountPoints2\{eefbf601-b190-11de-b7b9-001676da976f}\Shell\sorthb\command - "" = C:\Program Files\PSP Brew\PSPbrew.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2009/12/13 14:35:56 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Desktop\OTL.exe [2009/12/12 22:02:58 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2009/12/02 18:59:22 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2009/12/02 18:59:18 | 00,000,000 | ---D | C] -- C:\Program Files\Avira [2009/12/02 18:52:03 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/02 18:52:01 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/11/30 11:24:50 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/11/30 11:09:31 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Desktop\mbam-setup.exe [2009/11/30 00:15:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Application Data\PC [2009/11/29 23:55:26 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy [2009/11/29 21:55:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2009/11/29 21:55:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2009/11/26 20:36:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Application Data\BSplayer Pro [2009/11/26 20:36:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Application Data\BSplayer [2009/11/26 20:36:03 | 00,000,000 | ---D | C] -- C:\Program Files\Webteh [2009/11/26 20:23:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Application Data\Creative [2009/11/21 17:16:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared [2009/11/14 09:47:32 | 00,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll [2009/11/14 09:47:28 | 00,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll [2009/11/14 09:47:28 | 00,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll [2009/11/14 09:47:28 | 00,847,872 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll [2009/11/14 09:47:28 | 00,843,776 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll [2009/11/14 09:47:28 | 00,839,680 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll [2009/11/14 09:47:28 | 00,696,320 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll [2008/07/19 03:42:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\COMCASTTOOLBAR [2008/07/14 03:00:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2008/03/22 05:58:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple [2006/12/30 11:42:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2006/10/18 16:03:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth [2006/10/10 12:17:37 | 01,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll [2006/10/10 12:17:37 | 01,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll [2006/10/10 12:17:37 | 00,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll [2006/10/10 12:17:37 | 00,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll [2006/10/10 12:17:37 | 00,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll [2006/10/10 12:17:37 | 00,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll [2006/10/10 12:17:37 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll [2006/10/10 12:17:37 | 00,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll [2006/10/10 12:17:37 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll [2005/08/16 17:49:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2005/08/16 17:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2005/08/16 17:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/12/13 14:49:08 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\lagotofu [2009/12/13 14:36:02 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Desktop\OTL.exe [2009/12/13 14:32:42 | 00,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/12/13 14:26:26 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\wisahiri.dll [2009/12/13 14:26:18 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\ooizqnhp.job [2009/12/13 14:26:17 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/12/13 14:24:27 | 08,405,015 | ---- | M] () -- C:\WINDOWS\TempFile [2009/12/13 14:24:09 | 00,050,257 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009/12/13 14:24:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/12/13 14:24:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/12/13 14:24:03 | 21,454,35648 | -HS- | M] () -- C:\hiberfil.sys [2009/12/13 14:21:16 | 00,092,672 | ---- | M] () -- C:\WINDOWS\System32\butabefu.dll [2009/12/12 22:11:19 | 06,029,312 | ---- | M] () -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\ntuser.dat [2009/12/12 22:11:19 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\ntuser.ini [2009/12/12 22:03:55 | 01,583,930 | -H-- | M] () -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Local Settings\Application Data\IconCache.db [2009/12/12 20:49:33 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2009/12/07 20:34:25 | 00,003,574 | ---- | M] () -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Application Data\wklnhst.dat [2009/12/02 21:55:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe [2009/12/02 21:35:17 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe [2009/12/02 21:06:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe [2009/12/02 20:46:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe [2009/12/02 20:25:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe [2009/12/02 20:05:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe [2009/12/02 19:45:01 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe [2009/12/02 18:56:25 | 30,909,992 | ---- | M] () -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Desktop\avira_antivir_personal_en.exe [2009/12/02 18:25:46 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Desktop\mbam-setup.exe [2009/11/30 23:40:14 | 00,001,261 | ---- | M] () -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Desktop\ark.rar [2009/11/30 23:04:03 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\karirabo.dll [2009/11/30 23:04:03 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\jofamoja.dll [2009/11/30 19:14:11 | 00,000,266 | ---- | M] () -- C:\xcrashdump.dat [2009/11/30 19:06:12 | 00,292,352 | ---- | M] () -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Desktop\nhuedk07.exe [2009/11/30 19:01:59 | 00,524,800 | ---- | M] () -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Desktop\dds.scr [2009/11/30 18:54:35 | 00,050,621 | ---- | M] () -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Desktop\Defogger.exe [2009/11/30 11:28:11 | 00,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol [2009/11/30 11:03:41 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\yuhasifo.dll [2009/11/30 00:44:30 | 00,000,670 | ---- | M] () -- C:\WINDOWS\win.ini [2009/11/30 00:18:18 | 00,262,656 | ---- | M] () -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Desktop\rkill.com [2009/11/29 20:49:05 | 00,003,046 | ---- | M] () -- C:\WINDOWS\System32\t1p0_31313653522.b1k [2009/11/27 11:16:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/11/26 12:59:51 | 00,076,800 | ---- | M] () -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/26 03:00:57 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/11/14 09:47:32 | 00,090,112 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll [2009/11/14 09:47:28 | 00,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll [2009/11/14 09:47:28 | 00,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll [2009/11/14 09:47:28 | 00,847,872 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll [2009/11/14 09:47:28 | 00,843,776 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll [2009/11/14 09:47:28 | 00,839,680 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll [2009/11/14 09:47:28 | 00,696,320 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/12/13 14:26:26 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\wisahiri.dll [2009/12/13 14:26:18 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\ooizqnhp.job [2009/12/13 14:21:16 | 00,092,672 | ---- | C] () -- C:\WINDOWS\System32\butabefu.dll [2009/12/02 21:06:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe [2009/12/02 20:46:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe [2009/12/02 20:25:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe [2009/12/02 20:05:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe [2009/12/02 19:45:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe [2009/12/02 19:24:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe [2009/12/02 19:04:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe [2009/12/02 18:56:26 | 30,909,992 | ---- | C] () -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Desktop\avira_antivir_personal_en.exe [2009/12/02 18:52:05 | 00,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/30 23:40:14 | 00,001,261 | ---- | C] () -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Desktop\ark.rar [2009/11/30 23:04:03 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\karirabo.dll [2009/11/30 23:04:03 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\jofamoja.dll [2009/11/30 19:06:10 | 00,292,352 | ---- | C] () -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Desktop\nhuedk07.exe [2009/11/30 19:01:54 | 00,524,800 | ---- | C] () -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Desktop\dds.scr [2009/11/30 18:54:35 | 00,050,621 | ---- | C] () -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Desktop\Defogger.exe [2009/11/30 11:03:41 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\yuhasifo.dll [2009/11/30 00:18:16 | 00,262,656 | ---- | C] () -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Desktop\rkill.com [2009/11/29 23:58:45 | 00,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2009/11/29 20:49:05 | 00,003,046 | ---- | C] () -- C:\WINDOWS\System32\t1p0_31313653522.b1k [2009/11/29 20:49:05 | 00,000,266 | ---- | C] () -- C:\xcrashdump.dat [2009/09/13 14:26:21 | 00,006,144 | -HS- | C] () -- C:\WINDOWS\System32\vupehihi.dll [2009/09/13 14:26:19 | 00,045,568 | -HS- | C] () -- C:\WINDOWS\System32\wilawibe.dll [2009/09/13 14:26:16 | 00,061,952 | -HS- | C] () -- C:\WINDOWS\System32\boyeseti.dll [2009/09/13 14:26:16 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\wahayaga.dll [2009/09/12 20:48:10 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\litikene.dll [2009/09/12 20:48:05 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\zugezevu.dll [2009/09/09 06:24:04 | 00,011,168 | ---- | C] () -- C:\Program Files\Common Files\ifamakore.bat [2009/09/08 22:34:07 | 00,019,533 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uquqerad.bat [2009/09/08 22:34:07 | 00,019,411 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yvodin.exe [2009/09/08 22:34:07 | 00,017,123 | ---- | C] () -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Application Data\zika._dl [2009/09/08 22:34:07 | 00,013,215 | ---- | C] () -- C:\Program Files\Common Files\egyzygoc.sys [2009/09/08 22:34:06 | 00,017,416 | ---- | C] () -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Local Settings\Application Data\lypoboc.sys [2009/09/08 22:34:06 | 00,016,187 | ---- | C] () -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Local Settings\Application Data\uwigywutyc.exe [2009/09/07 16:55:13 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\rimolodo.dll [2009/09/07 16:55:11 | 00,092,672 | ---- | C] () -- C:\WINDOWS\System32\neremije.dll [2009/09/06 19:01:02 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\palifomu.dll [2009/09/06 19:01:02 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\mebarepo.dll [2009/09/06 19:00:32 | 00,000,003 | -HS- | C] () -- C:\WINDOWS\System32\fumupofo.dll [2009/09/06 19:00:29 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\wonizaki.dll [2009/09/06 19:00:29 | 00,000,003 | -HS- | C] () -- C:\WINDOWS\System32\febudipi.dll [2009/09/02 19:57:29 | 00,011,264 | -HS- | C] () -- C:\WINDOWS\System32\vamegeye.dll [2009/08/30 23:04:01 | 00,004,096 | -HS- | C] () -- C:\WINDOWS\System32\galotupu.dll [2008/02/24 12:30:19 | 00,000,061 | ---- | C] () -- C:\WINDOWS\PureEdgeAPI.ini [2008/02/24 12:30:18 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\MSQOLE.DLL [2007/05/16 09:20:46 | 00,000,024 | ---- | C] () -- C:\WINDOWS\wldtlk20.ini [2007/01/13 11:11:56 | 00,000,621 | ---- | C] () -- C:\WINDOWS\tlknw20.ini [2007/01/11 05:38:29 | 00,162,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\ithsgt.sys [2007/01/11 05:38:29 | 00,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\lilsgt.sys [2006/12/15 00:37:09 | 00,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176 [2006/12/15 00:35:10 | 00,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105 [2006/11/06 07:38:23 | 00,003,574 | ---- | C] () -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Application Data\wklnhst.dat [2006/10/18 22:59:50 | 00,076,800 | ---- | C] () -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/10/18 21:26:25 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2006/10/17 13:16:51 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2006/10/17 12:02:38 | 00,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys [2006/10/17 10:11:28 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2006/10/17 09:46:22 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\vaxscsi.sys [2006/10/17 09:21:39 | 00,611,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2006/10/17 08:33:50 | 00,000,141 | ---- | C] () -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Local Settings\Application Data\fusioncache.dat [2006/10/10 12:51:04 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/10/10 12:47:22 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/10/10 12:43:10 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006/10/10 12:39:53 | 00,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI [2006/10/10 12:39:41 | 00,000,040 | ---- | C] () -- C:\WINDOWS\System32\mes2046.dll [2006/10/10 12:39:26 | 00,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini [2006/10/10 12:17:49 | 01,355,042 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL [2006/10/10 12:17:38 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll [2006/10/10 12:17:38 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll [2006/10/10 12:17:38 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll [2006/10/10 12:17:38 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll [2006/10/10 12:17:37 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll [2006/10/10 12:17:37 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll [2006/10/10 12:17:37 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll [2006/10/10 12:17:37 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll [2006/10/10 12:17:37 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll [2006/10/10 12:17:37 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll [2006/10/10 12:17:22 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006/10/10 12:16:19 | 00,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/11/10 14:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005/08/16 17:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/08/06 03:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/08/03 03:00:16 | 00,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini [2004/08/04 11:59:42 | 00,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptddrv1.sys [2003/01/08 04:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2005/08/17 09:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream [2006/12/15 00:35:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft [2008/02/24 12:30:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge [2007/12/22 02:47:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2006/10/10 12:42:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/11/10 22:52:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/07/24 11:48:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009/12/05 12:00:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Application Data\BitTorrent [2009/11/27 11:50:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Application Data\BSplayer [2009/11/26 20:36:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Application Data\BSplayer Pro [2008/07/06 12:33:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Application Data\CVS [2006/12/15 00:37:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Application Data\Final Draft [2006/10/17 09:14:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Application Data\Leadertech [2006/10/20 03:07:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Application Data\Opera [2009/12/02 22:10:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Application Data\PC [2008/02/24 12:30:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Application Data\PureEdge [2006/11/06 07:38:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Application Data\Template [2007/04/22 23:09:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Application Data\Walgreens [2009/10/10 19:48:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kurtis.ON-A-KURTIE\Application Data\Wizards of the Coast [2009/12/13 14:26:18 | 00,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\ooizqnhp.job ========== Purity Check ========== ========== Custom Scans ========== < MD5 for: AGP440.SYS > [2008/04/14 03:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/14 03:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004/08/04 12:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2008/04/14 03:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/14 03:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/04 11:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 09:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/14 09:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004/08/10 18:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: IASTOR.SYS > [2006/07/06 17:59:42 | 00,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\drivers\storage\onboard\iastor.sys [2006/07/06 19:59:42 | 00,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys [2006/07/06 19:59:42 | 00,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\WINDOWS\system32\drivers\iaStor.sys [2006/07/06 17:59:42 | 00,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\iaStor.sys [2006/07/06 20:01:32 | 00,484,864 | ---- | M] (Intel Corporation) MD5=6A3C354BFC163B81F6EF2FC421280DB5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys < MD5 for: NETLOGON.DLL > [2008/04/14 09:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/14 09:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [2004/08/10 18:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2004/08/10 18:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/14 09:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/14 09:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < MD5 for: VAXSCSI.SYS > [2006/10/17 13:00:06 | 00,223,128 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\vaxscsi.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Kurtis.ON-A-KURTIE\Desktop\mbam-setup.exe:SummaryInformation < End of report > -Here is the 2nd- OTL Extras logfile created on: 12/13/2009 2:46:54 PM - Run 1 OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Kurtis.ON-A-KURTIE\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.63% Memory free 3.85 Gb Paging File | 3.45 Gb Available in Paging File | 89.72% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 461.06 Gb Total Space | 338.39 Gb Free Space | 73.39% Space Free | Partition Type: NTFS Drive D: | 1.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive J: | 553.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: ON-A-KURTIE Current User Name: Kurtis Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2606:TCP" = 2606:TCP:*:Enabled:dlordsgs "6500:TCP" = 6500:TCP:*:Enabled:gamespy "11111:TCP" = 11111:TCP:*:Enabled:gamespy "6667:TCP" = 6667:TCP:*:Enabled:gamespy "59904:TCP" = 59904:TCP:*:Disabled:SolidNetworkManager "59904:UDP" = 59904:UDP:*:Disabled:SolidNetworkManager "28894:TCP" = 28894:TCP:*:Disabled:SolidNetworkManager "28894:UDP" = 28894:UDP:*:Disabled:SolidNetworkManager "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- () "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation) "C:\Program Files\Dreamcatcher\Dungeon Lords\dlords.exe" = C:\Program Files\Dreamcatcher\Dungeon Lords\dlords.exe:*:Enabled:dlords -- () "C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- File not found "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation) "C:\WINDOWS\system32\winlogon.exe" = C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon -- (Microsoft Corporation) "C:\WINDOWS\system32\logonui.exe" = C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui -- (Microsoft Corporation) "C:\WINDOWS\system32\lsass.exe" = C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{059EAEBE-4BC8-403C-9210-B6C1FCB9FAB9}" = Knuckles in China Land "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data "{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel® PRO Network Connections "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 15 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9 "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2 "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers "{3846E811-639D-4DE1-844B-30491C0A6C0C}" = Dell Support 3.2 "{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer "{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon "{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder "{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool "{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer "{742320FA-CE17-421A-91B3-E5DFA865BD19}" = PureEdge Submission Upgrade "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{7698EDA5-A90F-4205-99CB-8FF6F9048ED9}" = Trend Micro PC-cillin Internet Security 12 "{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7EAB1D85-7BA3-47C1-BBF7-A0EBC241DB94}" = Intel
  2. First off I woul thank anyone and everyone who helps out with this matter. I understand that none of you are being paid to do this but you still take your time to help out and that is truly wonderful. My issue in a nutshell... I was hit with the Antivirus Pro 2009 "software" and I am sure there are other bugs/virus besides that in my computer. I have managed to remove the Antivirus Pro but I still have problems with internet explorer ( the top of IE is missing if I start it with add-ons but looks normal if I start it without add-ons), using malware.exe, pages popping up for unwanted services, slower processing, errors with webpages, can not open folders/programs/etc. and I am unable to install an antivirus program. I am sure there is more wrong with my computer, but this is all I have come across that I could not fix on my own. I can not get any files out of DDS whenever I run it, sorry. Here is my log from hackthis. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:42:19 PM, on 11/30/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe C:\DOCUME~1\KURTIS~1.ON-\LOCALS~1\Temp\clclean.0001 C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\KURTIS~1.ON-\LOCALS~1\Temp\lsass.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\WINDOWS\system32\dlcccoms.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\eHome\ehmsas.exe C:\Documents and Settings\Kurtis.ON-A-KURTIE\Local Settings\Temp\notepad.exe C:\Documents and Settings\Kurtis.ON-A-KURTIE\Local Settings\Temp\notepad.exe C:\Documents and Settings\Kurtis.ON-A-KURTIE\Local Settings\Temp\notepad.exe C:\Documents and Settings\Kurtis.ON-A-KURTIE\Local Settings\Temp\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Kurtis.ON-A-KURTIE\Desktop\nhuedk07.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061009 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061009 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O1 - Hosts: 127.255.255.255 www.alcohol-soft.com O1 - Hosts: 127.255.255.255 images.alcohol-soft.com O2 - BHO: C:\WINDOWS\system32\b1j3luw7mq.dll - {B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - C:\WINDOWS\system32\b1j3luw7mq.dll (file missing) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [buildBU] c:\dell\bldbubg.exe O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0 O4 - HKLM\..\Run: [molilukep] Rundll32.exe "c:\windows\system32\tokivafa.dll",a O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\LOCALS~1\ntuser.dll,_IWMPEvents@0 O4 - HKCU\..\Run: [A_M_P_NET] C:\Program Files\AntiMalware_Pro\AntiMalware_Pro.exe O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Documents and Settings\Kurtis.ON-A-KURTIE\Local Settings\Temp\notepad.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161140326968 O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E372A035-D29C-4652-9554-82E9A6CB3875}: NameServer = 83.149.115.182 O20 - AppInit_DLLs: wolekojo.dll c:\windows\system32\tokivafa.dll O20 - Winlogon Notify: __c0069766 - C:\WINDOWS\system32\__c0069766.dat O21 - SSODL: tarojutob - {11d0564f-4a40-4bf8-9319-120a3faccc6d} - c:\windows\system32\tokivafa.dll O22 - SharedTaskScheduler: jkshf8a3rudbfa873fudfhbdugf87whjdb - {B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - C:\WINDOWS\system32\b1j3luw7mq.dll (file missing) O22 - SharedTaskScheduler: tokatiluy - {11d0564f-4a40-4bf8-9319-120a3faccc6d} - c:\windows\system32\tokivafa.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe -- End of file - 11441 bytes Attached also is my log from GMER. I hope what I have given you is a begining to a solution. Thank you again for all you help. -Inkatoo ark.rar
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.