Jump to content


Photo
- - - - -

My computer....


  • Please log in to reply
19 replies to this topic

#1 Crazypete3

Crazypete3

    New Member

  • Members
  • Pip
  • 12 posts
  • Gender:Male
  • Location:Murfreesboro

Posted 03 January 2010 - 10:30 AM

My computer has been starting to like "glitch" up lately. I have ran malwarebytes and it says nothing is wrong, but when i changed the properties (The name, and compatibility or the icon) it says Rundll32.exe is infected, then i removed it. Ever since then it has been messing with the way my screen looks. My clock or parts of my desktop will disappear unless i click on it or run my mouse over it. My icons change, when i minimize my screen part of the old window shows up on my desktop or new window. I have pictures if this can help at all.

Also if i am in the wrong type of forum please tell me because i didn't know weather it would be a virus or error.

(i put the pictures in paint and put red arrows to what is missing)

Attached File  untitled_3.bmp   2.66MB   28 downloads

Attached File  untitled2.bmp   2.66MB   22 downloads

Attached File  untitled.bmp   2.66MB   23 downloads

BTW this all goes away when i restart my computer, but if im on the internet for more than a hour or two then it comes back.

#2 sjpritch25

sjpritch25

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 1,611 posts
  • Gender:Male
  • Location:West Coast of Florida

Posted 05 January 2010 - 12:39 PM

:D

Sorry for the delay

Do you still need assistance?
Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case

#3 Crazypete3

Crazypete3

    New Member

  • Members
  • Pip
  • 12 posts
  • Gender:Male
  • Location:Murfreesboro

Posted 05 January 2010 - 10:32 PM

Yes i do, please

#4 sjpritch25

sjpritch25

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 1,611 posts
  • Gender:Male
  • Location:West Coast of Florida

Posted 06 January 2010 - 02:47 PM

Download GMER Antirootkit Here, click on Download EXE and save to your Desktop

  • Disconnect from the internet and disable all active protection so your security program drivers will not conflict with gmer's driver
  • Double-click Gmer.exe to run the program.
  • When the program opens, click the "Rootkit" Tab
  • On the right-side, check all the items to be scanned, but leave "Show All" unchecked
  • Select all drives that are connected to your system to be scanned
  • Click the Scan button
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard
  • Open Notepad or a similar text editor
  • Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
  • Save the gmer scan log and post it in your next reply.
  • Close Gmer
  • Open a command prompt (Start | run |type cmd and hit Enter)
    • Type or paste the following to unload the gmer driver:
    • net stop gmer
    • Hit Enter
    • Exit the command prompt.
  • Re-enable all active protection.

Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case

#5 Crazypete3

Crazypete3

    New Member

  • Members
  • Pip
  • 12 posts
  • Gender:Male
  • Location:Murfreesboro

Posted 06 January 2010 - 09:12 PM

My computer got massively slower when i was done with scanning it and i tried to unload the gmer driver using the cmd thing
and it said something like that there was no specific driver or something so i turned off my computer and turned it back on
and now everythings running pretty smooth but i tried the cmd thing again to see if i can get what it said and now it says

' stop' is not recognized as an internal or external command,
operable program or batch file.

anyways here is my gmer log


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-06 19:35:36
Windows 5.1.2600 Service Pack 3
Running: 8vu00875.exe; Driver: C:\DOCUME~1\CRAZYP~1\LOCALS~1\Temp\uflyyuow.sys


---- System - GMER 1.0.15 ----

SSDT spot.sys ZwCreateKey [0xF74120E0]
SSDT spot.sys ZwEnumerateKey [0xF7430CA2]
SSDT spot.sys ZwEnumerateValueKey [0xF7431030]
SSDT spot.sys ZwOpenKey [0xF74120C0]
SSDT spot.sys ZwQueryKey [0xF7431108]
SSDT spot.sys ZwQueryValueKey [0xF7430F88]
SSDT spot.sys ZwSetValueKey [0xF743119A]

INT 0x73 ? 867D8BF8
INT 0x73 ? 867D8BF8
INT 0x73 ? 867D8BF8
INT 0x73 ? 867D8BF8
INT 0x73 ? 867D7BF8
INT 0x73 ? 867D7BF8
INT 0x73 ? 867D8BF8
INT 0x94 ? 867D7BF8
INT 0xA4 ? 867D7BF8
INT 0xB4 ? 867D7BF8

---- Kernel code sections - GMER 1.0.15 ----

? spot.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6431000, 0x22AD47, 0xE8000020]
.text USBPORT.SYS!DllUnload F63CF8AC 5 Bytes JMP 867D71D8
? System32\Drivers\a8s80hic.SYS The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[496] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2720] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 012DEDC0 C:\Program Files\McAfee\SiteAdvisor\saPlugin.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7413040] spot.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F741313C] spot.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74130BE] spot.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74137FC] spot.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74136D2] spot.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [61449CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [61449CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6144AE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6144A3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [6144A3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61449C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61449B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61449B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [61449CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6144AE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61449D87] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61449B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6144A3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [61449C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [6144A3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [61449CF2] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61449B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe[2804] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 867D61F8
Device \FileSystem\Fastfat \FatCdrom 86217500
Device \Driver\usbuhci \Device\USBPDO-0 867671F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 867681F8
Device \Driver\dmio \Device\DmControl\DmConfig 867681F8
Device \Driver\dmio \Device\DmControl\DmPnP 867681F8
Device \Driver\dmio \Device\DmControl\DmInfo 867681F8
Device \Driver\usbuhci \Device\USBPDO-1 867671F8
Device \Driver\usbuhci \Device\USBPDO-2 867671F8
Device \Driver\usbehci \Device\USBPDO-3 867DA1F8
Device \Driver\usbehci \Device\USBPDO-4 867DA1F8
Device \Driver\usbuhci \Device\USBPDO-5 867671F8
Device \Driver\PCI_PNP6868 \Device\00000049 spot.sys
Device \Driver\usbuhci \Device\USBPDO-6 867671F8
Device \Driver\usbuhci \Device\USBPDO-7 867671F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 867D91F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 867D91F8
Device \Driver\Cdrom \Device\CdRom0 864501F8
Device \Driver\Cdrom \Device\CdRom1 864501F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7348B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7348B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7348B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F7348B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F7348B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F7348B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume3 867D91F8
Device \Driver\Cdrom \Device\CdRom2 864501F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 861E1500
Device \Driver\NetBT \Device\NetbiosSmb 861E1500
Device \Driver\NetBT \Device\NetBT_Tcpip_{65211607-850E-4EE4-9C1B-FD5529F9CB2E} 861E1500
Device \Driver\usbuhci \Device\USBFDO-0 867671F8
Device \Driver\usbuhci \Device\USBFDO-1 867671F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8619B500
Device \Driver\usbuhci \Device\USBFDO-2 867671F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8619B500
Device \Driver\usbehci \Device\USBFDO-3 867DA1F8
Device \Driver\usbuhci \Device\USBFDO-4 867671F8
Device \Driver\sptd \Device\683496868 spot.sys
Device \Driver\Ftdisk \Device\FtControl 867D91F8
Device \Driver\usbuhci \Device\USBFDO-5 867671F8
Device \Driver\usbuhci \Device\USBFDO-6 867671F8
Device \Driver\usbehci \Device\USBFDO-7 867DA1F8
Device \Driver\a8s80hic \Device\Scsi\a8s80hic1Port5Path0Target0Lun0 864131F8
Device \Driver\a8s80hic \Device\Scsi\a8s80hic1 864131F8
Device \FileSystem\Fastfat \Fat 86217500
Device \FileSystem\Cdfs \Cdfs 861ED500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x35 0x22 0x16 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x87 0xE5 0xA0 0xC7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0A 0x5B 0x84 0xE0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x35 0x22 0x16 0x4B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x87 0xE5 0xA0 0xC7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0A 0x5B 0x84 0xE0 ...

---- EOF - GMER 1.0.15 ----

#6 sjpritch25

sjpritch25

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 1,611 posts
  • Gender:Male
  • Location:West Coast of Florida

Posted 07 January 2010 - 09:10 PM

Looks like you have daemon tools installed or a related program. Cd emulation software can cause a lot of problems. I would start with removing that first.


  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Extra Registry change it to Use SafeList.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case

#7 Crazypete3

Crazypete3

    New Member

  • Members
  • Pip
  • 12 posts
  • Gender:Male
  • Location:Murfreesboro

Posted 07 January 2010 - 09:41 PM

OTL logfile created on: 1/7/2010 8:36:21 PM - Run 1
OTL by OldTimer - Version 3.1.21.1 Folder = C:\Documents and Settings\Crazypete3\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 700.00 Mb Available Physical Memory | 68.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 294.73 Gb Total Space | 162.22 Gb Free Space | 55.04% Space Free | Partition Type: NTFS
Drive D: | 605.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 2.08 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUTTERBALL
Current User Name: Crazypete3
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/07 20:35:25 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Crazypete3\Desktop\OTL.exe
PRC - [2009/11/10 15:39:26 | 00,079,160 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2009/10/21 19:08:39 | 00,289,072 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/13 00:10:56 | 00,160,592 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2009/05/16 03:15:54 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2009/02/23 18:43:12 | 00,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2009/02/11 10:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/12 15:57:18 | 00,991,584 | ---- | M] (Vendio Services, Inc.) -- C:\Program Files\Search Settings\SearchSettings.exe
PRC - [2008/05/26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/09 15:25:04 | 16,859,648 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2007/09/26 17:05:58 | 00,734,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
PRC - [2007/08/02 11:33:50 | 00,080,528 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\Mabinogi\npkcmsvc.exe
PRC - [2004/07/08 15:13:42 | 00,106,496 | ---- | M] (Sony Corporation.) -- C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
PRC - [2003/11/21 20:02:42 | 00,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe


========== Modules (SafeList) ==========

MOD - [2010/01/07 20:35:25 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Crazypete3\Desktop\OTL.exe
MOD - [2009/02/11 10:06:38 | 00,014,032 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/05/16 03:15:54 | 00,602,112 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009/02/11 10:06:36 | 00,210,216 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/08/02 11:33:50 | 00,080,528 | ---- | M] (INCA Internet Co., Ltd.) [Auto | Running] -- C:\Nexon\Mabinogi\npkcmsvc.exe -- (npkcmsvc)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/05/16 03:58:46 | 04,069,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/03/12 11:18:44 | 00,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/02/26 19:57:53 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009/02/24 17:42:14 | 00,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/24 13:35:32 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/13 11:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 10:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 10:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/15 19:17:58 | 04,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/28 16:05:12 | 00,055,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2007/06/26 09:39:02 | 00,035,600 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | Auto | Running] -- C:\Nexon\Mabinogi\npkcrypt.sys -- (npkcrypt)
DRV - [2007/04/13 20:33:34 | 00,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/09/24 07:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2004/12/13 15:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/03/08 11:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/11/17 15:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/10/02 02:16:48 | 00,119,552 | ---- | M] ( ) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\pnpshark.sys -- (pnpshark)
DRV - [2003/09/27 13:37:16 | 00,005,504 | ---- | M] ( ) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\st3shark.sys -- (st3shark)
DRV - [2003/04/09 13:48:08 | 00,011,043 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2002/10/15 21:41:06 | 00,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [1996/04/03 13:33:26 | 00,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=20011&l=dis
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.youtube.com/"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2
FF - prefs.js..extensions.enabledItems: fbdislike@doweb.fr:1.0.1
FF - prefs.js..extensions.enabledItems: {096fce39-df8c-49ad-a4ce-9ef4a875bb76}:1.69
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="
FF - prefs.js..network.proxy.http: "131.179.50.70"
FF - prefs.js..network.proxy.http_port: 3124
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/23 20:09:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 20:17:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 20:17:25 | 00,000,000 | ---D | M]

[2009/02/23 22:32:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Crazypete3\Application Data\Mozilla\Extensions
[2010/01/07 13:37:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Crazypete3\Application Data\Mozilla\Firefox\Profiles\tzakp163.default\extensions
[2009/07/19 14:16:39 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Crazypete3\Application Data\Mozilla\Firefox\Profiles\tzakp163.default\extensions\{096fce39-df8c-49ad-a4ce-9ef4a875bb76}
[2009/03/10 18:28:22 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Crazypete3\Application Data\Mozilla\Firefox\Profiles\tzakp163.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/23 21:28:05 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Crazypete3\Application Data\Mozilla\Firefox\Profiles\tzakp163.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/12/13 18:25:19 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Crazypete3\Application Data\Mozilla\Firefox\Profiles\tzakp163.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/12/14 17:33:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Crazypete3\Application Data\Mozilla\Firefox\Profiles\tzakp163.default\extensions\fbdislike@doweb.fr
[2009/04/14 15:34:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Crazypete3\Application Data\Mozilla\Firefox\Profiles\tzakp163.default\extensions\moveplayer@movenetworks.com
[2009/02/23 23:02:55 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\Crazypete3\Application Data\Mozilla\Firefox\Profiles\tzakp163.default\searchplugins\ask.xml
[2010/01/07 09:57:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/02/22 19:45:04 | 00,177,592 | ---- | M] (MGame) -- C:\Program Files\Mozilla Firefox\plugins\NPMFireLauncher.dll
[2009/07/28 21:24:18 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009/10/09 03:20:04 | 00,002,393 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\findbasic114.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [XboxStat] c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Crazypete3\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1235446995140 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1235446990234 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/08 15:28:22 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/04 06:00:00 | 00,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2005/09/29 10:06:55 | 00,155,648 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/10/04 09:48:21 | 00,000,000 | R--D | M] - F:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2003/10/10 03:52:58 | 00,000,052 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.Now.exe -- [2003/10/06 07:58:20 | 00,034,304 | R--- | M] (Mastertronic)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/07 20:35:24 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Crazypete3\Desktop\OTL.exe
[2010/01/03 09:04:44 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Crazypete3\Recent
[2010/01/03 09:02:10 | 00,679,936 | ---- | C] (Generated by JEDI) -- C:\WINDOWS\System32\D3DX81ab.dll
[2010/01/02 04:11:27 | 00,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/01/02 04:11:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Crazypete3\Application Data\Desktopicon
[2009/12/28 20:22:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/12/15 12:45:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Crazypete3\My Documents\ConvertXtoDVD
[2009/12/13 18:25:17 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/12/01 21:11:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/12/01 20:47:02 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/23 21:11:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/10/08 03:24:04 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/10/08 03:24:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/10/08 03:24:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/08/05 17:59:36 | 39,537,784 | ---- | C] (Online Media Technologies Ltd. ) -- C:\Documents and Settings\Crazypete3\Application Data\AVSVideoConverter.exe
[2009/06/07 10:13:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire
[2009/03/28 01:53:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/02/26 19:24:23 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Crazypete3\Application Data\pcouffin.sys
[2003/10/02 02:16:48 | 00,119,552 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\pnpshark.sys
[2003/09/27 13:37:16 | 00,005,504 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\st3shark.sys
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/07 20:35:25 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Crazypete3\Desktop\OTL.exe
[2010/01/07 20:34:19 | 00,000,069 | ---- | M] () -- C:\Documents and Settings\Crazypete3\jagex_runescape_preferences2.dat
[2010/01/07 20:34:19 | 00,000,039 | ---- | M] () -- C:\Documents and Settings\Crazypete3\jagex_runescape_preferences.dat
[2010/01/07 18:22:24 | 02,786,358 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\wth.bmp
[2010/01/07 09:47:28 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/07 09:47:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/07 09:47:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/07 00:28:42 | 05,242,880 | -H-- | M] () -- C:\Documents and Settings\Crazypete3\NTUSER.DAT
[2010/01/07 00:28:42 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Crazypete3\ntuser.ini
[2010/01/06 05:57:29 | 00,142,848 | ---- | M] () -- C:\Documents and Settings\Crazypete3\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/03 09:24:30 | 02,786,358 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\untitled 3.bmp
[2010/01/03 09:22:16 | 02,786,358 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\untitled2.bmp
[2010/01/03 09:19:57 | 02,786,358 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\untitled.bmp
[2010/01/02 08:09:03 | 11,674,19118 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0219.avi
[2010/01/02 08:06:19 | 15,400,516 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0218.avi
[2010/01/02 08:06:11 | 04,206,852 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0217.avi
[2010/01/02 08:05:16 | 45,465,978 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0216.avi
[2010/01/02 08:04:57 | 62,989,366 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0215.avi
[2010/01/02 08:04:31 | 62,943,700 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0214.avi
[2010/01/02 08:02:59 | 03,153,964 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0213.avi
[2010/01/02 08:02:35 | 23,908,7116 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0212.avi
[2010/01/02 07:59:58 | 00,049,558 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0211.avi
[2010/01/02 07:59:50 | 00,270,490 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0210.avi
[2010/01/01 18:52:55 | 00,050,553 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\me n her.jpg
[2010/01/01 04:30:44 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\Crazypete3\Application Data\vso_ts_preview.xml
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/28 20:21:53 | 00,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/12/27 23:25:29 | 93,536,372 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0209.avi
[2009/12/27 23:25:08 | 00,010,260 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0208.avi
[2009/12/27 02:02:00 | 00,000,454 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2009/12/17 15:50:26 | 00,087,450 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\16333_105643016119524_100000214772120_162817_5660956_n.jpg
[2009/12/16 19:26:53 | 02,060,126 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\Jakes fagout 2.jpg
[2009/12/16 19:26:33 | 01,417,267 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\Jakes fagout 1.jpg
[2009/12/12 12:39:02 | 00,010,260 | ---- | M] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0207.avi
[2009/12/09 15:19:12 | 00,550,666 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/09 15:19:12 | 00,462,058 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/09 15:19:12 | 00,078,260 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/07 18:22:23 | 02,786,358 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\wth.bmp
[2010/01/03 09:24:29 | 02,786,358 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\untitled 3.bmp
[2010/01/03 09:22:16 | 02,786,358 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\untitled2.bmp
[2010/01/03 09:19:57 | 02,786,358 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\untitled.bmp
[2010/01/03 09:02:10 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/01/02 08:06:27 | 11,674,19118 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0219.avi
[2010/01/02 08:06:16 | 15,400,516 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0218.avi
[2010/01/02 08:06:10 | 04,206,852 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0217.avi
[2010/01/02 08:05:10 | 45,465,978 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0216.avi
[2010/01/02 08:04:47 | 62,989,366 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0215.avi
[2010/01/02 08:04:23 | 62,943,700 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0214.avi
[2010/01/02 08:02:54 | 03,153,964 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0213.avi
[2010/01/02 08:02:28 | 23,908,7116 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0212.avi
[2010/01/02 07:59:57 | 00,049,558 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0211.avi
[2010/01/02 07:59:37 | 00,270,490 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0210.avi
[2010/01/01 18:52:51 | 00,050,553 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\me n her.jpg
[2009/12/28 20:21:53 | 00,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/12/27 23:25:14 | 93,536,372 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0209.avi
[2009/12/27 23:25:07 | 00,010,260 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0208.avi
[2009/12/17 15:50:26 | 00,087,450 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\16333_105643016119524_100000214772120_162817_5660956_n.jpg
[2009/12/16 19:26:50 | 02,060,126 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\Jakes fagout 2.jpg
[2009/12/16 19:26:31 | 01,417,267 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\Jakes fagout 1.jpg
[2009/12/12 12:39:01 | 00,010,260 | ---- | C] () -- C:\Documents and Settings\Crazypete3\My Documents\clip0207.avi
[2009/08/30 21:25:28 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/28 21:21:57 | 00,224,056 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/03/25 14:52:57 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2009/03/12 11:18:42 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/03/08 15:43:31 | 00,000,560 | ---- | C] () -- C:\Documents and Settings\Crazypete3\Application Data\ViewerApp.dat
[2009/03/08 14:58:34 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2009/02/26 19:28:01 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/02/26 19:24:41 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\Crazypete3\Application Data\vso_ts_preview.xml
[2009/02/26 19:24:28 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Crazypete3\Application Data\pcouffin.log
[2009/02/26 19:24:23 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Crazypete3\Application Data\inst.exe
[2009/02/26 19:24:23 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Crazypete3\Application Data\pcouffin.cat
[2009/02/26 19:24:23 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Crazypete3\Application Data\pcouffin.inf
[2009/02/24 19:55:21 | 00,142,848 | ---- | C] () -- C:\Documents and Settings\Crazypete3\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/22 11:57:52 | 04,421,889 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/02/18 07:57:22 | 00,557,451 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/02/16 11:19:42 | 00,790,190 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/16 10:32:20 | 00,425,040 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/02/16 10:30:30 | 00,903,703 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/02/16 10:23:50 | 00,145,081 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/02/16 08:49:30 | 00,328,334 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/02/14 09:15:42 | 00,486,400 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/02/09 16:28:18 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/02/09 14:19:18 | 00,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/02/09 14:19:12 | 00,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/02/09 14:18:52 | 00,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/02/09 14:18:32 | 00,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/02/09 14:18:24 | 00,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/02/09 14:18:20 | 00,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/02/09 13:56:22 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/10 16:17:32 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/01/10 16:16:56 | 00,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/01/10 16:16:50 | 00,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/01/10 16:16:14 | 00,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/01/10 16:15:54 | 00,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/01/10 16:15:44 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/10 16:15:32 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/01/10 16:15:28 | 00,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/01/10 16:15:12 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/01/10 16:14:08 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/01/10 16:14:06 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/12/03 16:11:50 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/06 10:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 10:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 10:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/10/13 03:30:20 | 00,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/10 11:10:12 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2003/10/02 01:20:48 | 00,061,952 | ---- | C] () -- C:\WINDOWS\daemon.dll
[1996/04/03 13:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 508 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B211CA64
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB6AC38B
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >

#8 Crazypete3

Crazypete3

    New Member

  • Members
  • Pip
  • 12 posts
  • Gender:Male
  • Location:Murfreesboro

Posted 07 January 2010 - 09:42 PM

OTL Extras logfile created on: 1/7/2010 8:36:21 PM - Run 1
OTL by OldTimer - Version 3.1.21.1 Folder = C:\Documents and Settings\Crazypete3\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 700.00 Mb Available Physical Memory | 68.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 294.73 Gb Total Space | 162.22 Gb Free Space | 55.04% Space Free | Partition Type: NTFS
Drive D: | 605.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 2.08 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUTTERBALL
Current User Name: Crazypete3
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- Reg Error: Key error.
InternetShortcut [open] -- Reg Error: Key error.
InternetShortcut [print] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:UPnP System
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:UPnP System
"58383:TCP" = 58383:TCP:*:Enabled:Pando Media Booster
"58383:UDP" = 58383:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"58196:TCP" = 58196:TCP:*:Enabled:Pando Media Booster
"58196:UDP" = 58196:UDP:*:Enabled:Pando Media Booster
"58972:TCP" = 58972:TCP:*:Enabled:Pando Media Booster
"58972:UDP" = 58972:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:UPnP System
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:UPnP System
"58383:TCP" = 58383:TCP:*:Enabled:Pando Media Booster
"58383:UDP" = 58383:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe" = C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe:*:Enabled:Stronghold Legends -- (Firefly Studios)
"C:\Program Files\play2p\play2p.exe" = C:\Program Files\play2p\play2p.exe:*:Enabled:play2p -- File not found
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios)
"C:\Program Files\CyberBuddy\CyberBud.exe" = C:\Program Files\CyberBuddy\CyberBud.exe:*:Enabled:CyberBuddy -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = The Sims™ 2 Mansion and Garden Stuff
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{2DF9A978-DEA1-4433-805D-66790FC28C62}" = DAEMON Tools
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3C38BF3E-9A36-4562-80D7-2086DDEDA7F5}" = 183968
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kitchen & Bath Interior Design Stuff
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.2.1.55b
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A201AB41-F4B1-42BD-AF91-316C88477744}" = Cabela's Big Game Hunter
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}" = Sony Vegas Pro 8.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = The Sims™ 2 Celebration! Stuff
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"Acid Pack for Pocket Tanks Deluxe_is1" = Acid Pack v1.0 for Pocket Tanks Deluxe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AI RoboForm" = AI RoboForm (All Users)
"Ask Toolbar_is1" = Ask Toolbar
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.6 (Unicode)
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"eBay Icon" = eBay Icon
"Fraps" = Fraps
"HijackThis" = HijackThis 2.0.2
"HyperCam 2" = HyperCam 2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Logon Loader" = Logon Loader 3.0
"Mabinogi" = Mabinogi
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"Magic ISO Maker v5.5 (build 0273)" = Magic ISO Maker v5.5 (build 0273)
"Magic Pack for Pocket Tanks Deluxe_is1" = Magic Pack v1.0 for Pocket Tanks Deluxe
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.4.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pocket Tanks_is1" = Pocket Tanks v1.3
"PUBLISHERR" = Microsoft Office Publisher 2007
"Replay Media Catcher 3.01" = Replay Media Catcher 3.01
"SpeedFan" = SpeedFan (remove only)
"Stopwatch_is1" = Stopwatch 1.2
"Total Video Converter 3.50_is1" = Total Video Converter 3.50
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Unlocker" = Unlocker 1.8.8
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/29/2009 11:02:24 PM | Computer Name = BUTTERBALL | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 11/29/2009 11:02:26 PM | Computer Name = BUTTERBALL | Source = Application Error | ID = 1001
Description = Fault bucket 1228265902.

Error - 11/30/2009 11:46:56 PM | Computer Name = BUTTERBALL | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 11/30/2009 11:46:58 PM | Computer Name = BUTTERBALL | Source = Application Error | ID = 1001
Description = Fault bucket 1228265902.

Error - 12/1/2009 10:46:48 PM | Computer Name = BUTTERBALL | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Windows Application,
SystemIndex Catalog

Error - 12/3/2009 5:12:54 PM | Computer Name = BUTTERBALL | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 14.0.8089.726, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/5/2009 12:25:07 AM | Computer Name = BUTTERBALL | Source = Application Error | ID = 1000
Description = Faulting application client.exe, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 12/8/2009 7:45:55 PM | Computer Name = BUTTERBALL | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\CRAZYPETE3\MY DOCUMENTS\MY PICTURES\PHOTOSHOP
CS4\DATA\PHOTOSHOP\SETTINGS\GPUINITCRASHED> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 12/8/2009 7:45:55 PM | Computer Name = BUTTERBALL | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\CRAZYPETE3\MY DOCUMENTS\MY PICTURES\PHOTOSHOP
CS4\DATA\PHOTOSHOP\SETTINGS\GPUINITCRASHED> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 12/16/2009 5:29:38 PM | Computer Name = BUTTERBALL | Source = Application Hang | ID = 1002
Description = Hanging application Client.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/3/2010 3:16:53 AM | Computer Name = BUTTERBALL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
pnpshark

Error - 1/3/2010 6:43:45 AM | Computer Name = BUTTERBALL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
pnpshark

Error - 1/4/2010 1:54:19 AM | Computer Name = BUTTERBALL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
pnpshark

Error - 1/4/2010 3:22:25 PM | Computer Name = BUTTERBALL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
pnpshark

Error - 1/5/2010 6:57:56 AM | Computer Name = BUTTERBALL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
pnpshark

Error - 1/5/2010 5:07:04 PM | Computer Name = BUTTERBALL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
pnpshark

Error - 1/6/2010 7:03:06 AM | Computer Name = BUTTERBALL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
pnpshark

Error - 1/6/2010 5:14:44 PM | Computer Name = BUTTERBALL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
pnpshark

Error - 1/6/2010 10:03:40 PM | Computer Name = BUTTERBALL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
pnpshark

Error - 1/7/2010 11:47:33 AM | Computer Name = BUTTERBALL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
pnpshark


< End of report >

#9 sjpritch25

sjpritch25

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 1,611 posts
  • Gender:Male
  • Location:West Coast of Florida

Posted 07 January 2010 - 11:11 PM

Please navigate to Add/Remove Programs

Remove the following

Search Settings 1.2
Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case

#10 Crazypete3

Crazypete3

    New Member

  • Members
  • Pip
  • 12 posts
  • Gender:Male
  • Location:Murfreesboro

Posted 07 January 2010 - 11:56 PM

When i uninstalled Search Settings 1.2 is kind of stopped for a second but then came back when i was messing around in my documents is there anything else u think is causing this


i also uninstalled daemon tool too

#11 sjpritch25

sjpritch25

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 1,611 posts
  • Gender:Male
  • Location:West Coast of Florida

Posted 16 January 2010 - 11:25 AM

sorry for the delay

could you run another gmer scan. Thanks
Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case

#12 Crazypete3

Crazypete3

    New Member

  • Members
  • Pip
  • 12 posts
  • Gender:Male
  • Location:Murfreesboro

Posted 16 January 2010 - 11:51 PM

Ive been waiting weeks with this annoying bug or w/e it is so if u leave for a bit doesn't bother me much.

It was extremely annoying dealing with Gmer. :)
I first did it and waited about 2 hours and it seemed near finish then my power supply on my monitor went on, and it stopped the scan of gmer. I thought power supply had to do with screen saver so i made it 200 minutes then did it again. About 2 hours later power supply got on and it stopped it.
I found out that power supply was not the screen saver and made power supply on the never option for now.
I realized the first two times the main reason why it took so long was the games i had installed in my computer, so i uninstalled all those games, and deleted a lot of files.
I then ran gmer, about 30 minutes in my computer restarts, when i go to log into my account on my computer it says an error occurred, then when i get on everyone of my files are gone. I restarted my computer it went back to normal
then i did gmer and blue screen of death happened.... :)
finally after 11 hours of bs it finally didn't mess up and i got it :)

Here is your log

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F73A6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 86A681F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 86D6A1F8
Device \Driver\Cdrom \Device\CdRom2 86A681F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 85FDA1F8
Device \Driver\NetBT \Device\NetbiosSmb 85FDA1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{65211607-850E-4EE4-9C1B-FD5529F9CB2E} 85FDA1F8
Device \Driver\sptd \Device\3310932516 spsf.sys
Device \Driver\usbuhci \Device\USBFDO-0 86B3D1F8
Device \Driver\usbuhci \Device\USBFDO-1 86B3D1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85FD41F8
Device \Driver\usbuhci \Device\USBFDO-2 86B3D1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 85FD41F8
Device \Driver\usbehci \Device\USBFDO-3 86B111F8
Device \Driver\usbuhci \Device\USBFDO-4 86B3D1F8
Device \Driver\Ftdisk \Device\FtControl 86D6A1F8
Device \Driver\usbuhci \Device\USBFDO-5 86B3D1F8
Device \Driver\usbuhci \Device\USBFDO-6 86B3D1F8
Device \Driver\usbehci \Device\USBFDO-7 86B111F8
Device \Driver\a8j85jsr \Device\Scsi\a8j85jsr1 86A341F8
Device \Driver\a8j85jsr \Device\Scsi\a8j85jsr1Port5Path0Target0Lun0 86A341F8
Device \FileSystem\Fastfat \Fat 869711F8
Device \FileSystem\Fastfat \Fat B716E297
Device \FileSystem\Cdfs \Cdfs 86838500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x35 0x22 0x16 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x87 0xE5 0xA0 0xC7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0A 0x5B 0x84 0xE0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x35 0x22 0x16 0x4B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x87 0xE5 0xA0 0xC7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0A 0x5B 0x84 0xE0 ...

---- EOF - GMER 1.0.15 ----

#13 sjpritch25

sjpritch25

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 1,611 posts
  • Gender:Male
  • Location:West Coast of Florida

Posted 17 January 2010 - 10:18 PM

okay it looks like you may have tdl3 rootkit, but i need you to run this next tool to be sure. However, it still might be a false positive because of stupid daemon tools.


We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case

#14 Crazypete3

Crazypete3

    New Member

  • Members
  • Pip
  • 12 posts
  • Gender:Male
  • Location:Murfreesboro

Posted 17 January 2010 - 10:36 PM

You know you love daemon tools, im just kidding i uninstalled it like a week ago so i guess there may be a few files in there acting stupid, or corrupted.



ComboFix 10-01-16.04 - Crazypete3 01/17/2010 21:30:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.680 [GMT -6:00]
Running from: c:\documents and settings\Crazypete3\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Crazypete3\Application Data\inst.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-18 to 2010-01-18 )))))))))))))))))))))))))))))))
.

2010-01-16 19:52 . 2010-01-16 19:52 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-16 19:52 . 2010-01-17 22:09 -------- d-----w- c:\documents and settings\Crazypete3\Application Data\skypePM
2010-01-16 19:47 . 2010-01-18 03:26 -------- d-----w- c:\documents and settings\Crazypete3\Application Data\Skype
2010-01-16 19:46 . 2010-01-16 19:46 -------- d-----w- c:\program files\Common Files\Skype
2010-01-16 19:46 . 2010-01-16 19:46 -------- d-----r- c:\program files\Skype
2010-01-16 19:46 . 2010-01-16 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-11 04:24 . 2010-01-11 04:24 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-09 21:11 . 2010-01-09 21:11 -------- d-----w- c:\documents and settings\Crazypete3\Local Settings\Application Data\LogiShrd
2010-01-09 21:11 . 2009-04-30 23:02 539160 ----a-r- c:\windows\system32\LVUI2RC.dll
2010-01-09 21:11 . 2009-04-30 23:02 539160 ----a-r- c:\windows\system32\LVUI2.dll
2010-01-09 21:11 . 2009-04-30 22:57 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2010-01-09 21:11 . 2009-04-30 23:03 6754712 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2010-01-09 21:10 . 2009-04-30 22:39 34068 ----a-r- c:\windows\system32\Repository.reg
2010-01-09 21:10 . 2009-04-30 23:01 265496 ----a-r- c:\windows\system32\drivers\lvrs.sys
2010-01-09 21:10 . 2009-04-30 22:57 199192 ----a-r- c:\windows\system32\lvci1201278.dll
2010-01-09 21:10 . 2009-04-30 23:03 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2010-01-09 21:09 . 2010-01-12 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-01-09 21:09 . 2010-01-09 21:11 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-01-09 21:08 . 2010-01-09 21:11 -------- d-----w- c:\program files\Logitech
2010-01-02 10:11 . 2010-01-12 01:17 -------- d-----w- c:\program files\Unlocker
2010-01-02 09:52 . 2010-01-08 07:00 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-29 02:21 . 2009-11-10 20:39 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-18 03:27 . 2010-01-09 21:11 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-18 03:27 . 2010-01-09 21:10 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-01-18 01:01 . 2009-09-05 03:34 69 ----a-w- c:\documents and settings\Crazypete3\jagex_runescape_preferences2.dat
2010-01-18 01:00 . 2009-03-11 23:29 39 ----a-w- c:\documents and settings\Crazypete3\jagex_runescape_preferences.dat
2010-01-17 01:40 . 2009-03-12 17:30 -------- d-----w- c:\program files\MagicISO
2010-01-17 01:36 . 2009-05-07 22:29 -------- d-----w- c:\program files\Pocket Tanks
2010-01-17 01:36 . 2009-05-07 23:06 -------- d-----w- c:\program files\Pocket Tanks Deluxe
2010-01-17 01:35 . 2009-02-22 20:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-17 01:34 . 2009-02-22 20:23 -------- d-----w- c:\documents and settings\Crazypete3\Application Data\Atari
2010-01-17 01:33 . 2009-02-24 03:41 69232 ----a-w- c:\documents and settings\Crazypete3\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-17 01:32 . 2009-04-23 11:01 -------- d-----w- c:\program files\Firefly Studios
2010-01-17 01:31 . 2009-04-23 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Firefly Studios
2010-01-17 01:26 . 2009-04-29 20:50 -------- d-----w- c:\program files\EA GAMES
2010-01-16 08:04 . 2009-02-27 01:57 -------- d-----w- c:\program files\VSO
2010-01-16 08:04 . 2009-02-27 01:24 -------- d-----w- c:\documents and settings\Crazypete3\Application Data\Vso
2010-01-16 08:04 . 2009-02-27 01:24 47360 ----a-w- c:\documents and settings\Crazypete3\Application Data\pcouffin.sys
2010-01-16 08:04 . 2009-02-27 01:24 47360 ----a-w- c:\documents and settings\Crazypete3\Application Data\pcouffin.sys
2010-01-16 08:03 . 2009-10-09 09:59 -------- d-----w- c:\program files\Logon Loader
2010-01-16 08:02 . 2009-08-31 03:42 -------- d-----w- c:\program files\Total Video Converter
2010-01-16 08:01 . 2009-02-26 23:13 -------- d-----w- c:\program files\uTorrent
2010-01-16 07:58 . 2009-02-24 23:49 -------- d-----w- c:\documents and settings\Crazypete3\Application Data\Audacity
2010-01-08 11:34 . 2009-02-25 00:45 -------- d-----w- c:\program files\Yahoo!
2010-01-08 07:00 . 2009-02-24 04:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-08 06:59 . 2009-10-15 02:56 -------- d-----w- c:\program files\Cheat Engine
2010-01-07 22:07 . 2009-10-08 06:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-10-08 06:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-29 02:23 . 2009-02-25 00:45 -------- d-----w- c:\documents and settings\Crazypete3\Application Data\Yahoo!
2009-12-29 02:22 . 2009-02-25 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-12-17 01:22 . 2009-08-25 20:30 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-04 03:22 . 2009-12-04 03:22 -------- d-----w- c:\documents and settings\Crazypete3\Application Data\Windows Search
2009-12-02 03:13 . 2009-02-24 05:01 -------- d-----w- c:\program files\Java
2009-12-02 03:11 . 2009-12-02 03:11 152576 ----a-w- c:\documents and settings\Crazypete3\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-02 03:11 . 2009-12-02 03:11 79488 ----a-w- c:\documents and settings\Crazypete3\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-02 02:59 . 2009-12-02 02:46 -------- d-----w- c:\program files\Windows Desktop Search
2009-12-02 02:46 . 2009-12-02 02:46 -------- d-----w- c:\documents and settings\Crazypete3\Application Data\Windows Desktop Search
2009-12-02 02:40 . 2009-11-03 23:25 -------- d-----w- c:\program files\Uniblue
2009-12-01 04:56 . 2009-12-01 04:56 -------- d-----w- c:\program files\Microsoft
2009-12-01 04:56 . 2009-12-01 04:55 -------- d-----w- c:\program files\Windows Live
2009-12-01 04:56 . 2009-12-01 04:56 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-01 04:52 . 2009-12-01 04:52 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-01 04:47 . 2009-10-09 09:24 -------- d-----w- c:\program files\AlienGUIse
2009-12-01 04:44 . 2009-10-09 08:50 -------- d-----w- c:\program files\ydt
2009-12-01 04:43 . 2009-11-01 05:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-26 08:06 . 2009-08-31 03:23 -------- d-----w- c:\program files\Replay Media Catcher
2009-11-26 07:44 . 2009-08-31 03:25 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-11-26 07:44 . 2009-08-31 03:25 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-11-26 07:44 . 2009-09-19 03:09 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-11-21 15:51 . 2004-08-04 10:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 08:46 . 2009-11-21 08:46 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-10 05:37 . 2009-07-29 03:21 224056 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-01 05:46 . 2009-11-01 05:46 117760 ----a-w- c:\documents and settings\Crazypete3\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-29 07:45 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 10:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 10:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 10:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-09-13 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Crazypete3^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Crazypete3\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Crazypete3^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Crazypete3\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-04-30 20:39 5472016 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-05-08 16:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 21:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 19:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2007-09-26 23:05 734264 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58196:TCP"= 58196:TCP:Pando Media Booster
"58196:UDP"= 58196:UDP:Pando Media Booster
"58972:TCP"= 58972:TCP:Pando Media Booster
"58972:UDP"= 58972:UDP:Pando Media Booster
"58383:TCP"= 58383:TCP:Pando Media Booster
"58383:UDP"= 58383:UDP:Pando Media Booster

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/23/2009 9:07 PM 210216]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/12/2009 11:18 AM 717296]
S0 st3shark;st3shark;c:\windows\system32\DRIVERS\st3shark.sys --> c:\windows\system32\DRIVERS\st3shark.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=20011&l=dis
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Search
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\documents and settings\Crazypete3\Application Data\Mozilla\Firefox\Profiles\tzakp163.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.http - 131.179.50.70
FF - prefs.js: network.proxy.http_port - 3124
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Crazypete3\Application Data\Mozilla\Firefox\Profiles\tzakp163.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-DAEMON Tools-1033 - c:\program files\D-Tools\daemon.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 21:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1757981266-879983540-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-01-17 21:34:00
ComboFix-quarantined-files.txt 2010-01-18 03:33

Pre-Run: 208,479,449,088 bytes free
Post-Run: 208,474,468,352 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F104E2559DE8642C2A60AF77DBF240E5

#15 Crazypete3

Crazypete3

    New Member

  • Members
  • Pip
  • 12 posts
  • Gender:Male
  • Location:Murfreesboro

Posted 18 January 2010 - 03:08 PM

Ah yes i see what you mean
There wasn't a Daemon Tools in my add/remove program list on the control panel or in my cc cleaner, so i looked in my all programs form the start and i noticed it earlier so i just now uninstalled it

if u want me to run another combofix scan then just say the word cause daemon tools is gone now

#16 sjpritch25

sjpritch25

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 1,611 posts
  • Gender:Male
  • Location:West Coast of Florida

Posted 20 January 2010 - 04:15 PM

how is everything running?
Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case

#17 Crazypete3

Crazypete3

    New Member

  • Members
  • Pip
  • 12 posts
  • Gender:Male
  • Location:Murfreesboro

Posted 20 January 2010 - 04:22 PM

Its still being crappy even without the daemon tools....

If you find that something that leads to the rootkit t, do you want me try the thing you were talking about after running
combo fix?

#18 sjpritch25

sjpritch25

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 1,611 posts
  • Gender:Male
  • Location:West Coast of Florida

Posted 20 January 2010 - 07:17 PM

well i don't see any rootkits on your system. What's your major complaint about the system.
Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case

#19 Crazypete3

Crazypete3

    New Member

  • Members
  • Pip
  • 12 posts
  • Gender:Male
  • Location:Murfreesboro

Posted 20 January 2010 - 08:11 PM

Just if my computer is on the internet anymore than a few hours it starts to get glitchy like those pictures, also i have been noticing a lot more pop ups on websites, but before i got very little to none.

#20 sjpritch25

sjpritch25

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 1,611 posts
  • Gender:Male
  • Location:West Coast of Florida

Posted 20 January 2010 - 09:10 PM

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Microsoft Valuable Professional---MVP Consumer Security 2007-2010
Windows 7 Ultimate 64bit
Gigabyte P55A-UD4P Motherboard Intel i5 750 G.SKILL Ripjaws Series 4GB DDR3 1333 1TB WD 32mb cache
60gb OCZ Vertex Turbo SSD (BOOT drive)Noctua NH-U12P SE2 HeatsinkAntec P183 Case




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users