anitvirus programs wont run!

**evilfantasy** · 02-02-2010 05:00 PM

Download OTL to your desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* When the window appears, underneath Output at the top change it to Minimal Output.
* Check the boxes beside LOP Check and Purity Check.
* Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy and pate the contents of these files, one at a time, into your next reply.

Note: You may need two or more posts to fit them all in.

**graf** · 02-02-2010 05:32 PM

OTL logfile created on: 2/2/2010 5:17:18 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Chris N\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 177.00 Mb Available Physical Memory | 40.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 39.90 Gb Free Space | 71.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIGPOPPA
Current User Name: Chris N
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Chris N\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avant Browser\avant.exe (Avant Force)
PRC - C:\Program Files\WinRAR\WinRAR.exe ()
PRC - C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
PRC - C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
PRC - C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe ()
PRC - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Chris N\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (stllssvr) -- File not found
SRV - (ose) -- File not found
SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (PCToolsFirewallPlus) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (McciCMService) -- C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
SRV - (spupdsvc) -- C:\WINDOWS\system32\spupdsvc.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (Nero BackItUp Scheduler 3) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SRV - (PLFlash DeviceIoControl Service) -- C:\WINDOWS\system32\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
DRV - (PCTAppEvent) -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (VX1000) -- C:\WINDOWS\system32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (aeaudio) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWALI) -- C:\WINDOWS\system32\drivers\HSFHWALI.sys (Conexant Systems, Inc.)
DRV - (StreamDispatcher) -- C:\WINDOWS\system32\drivers\strmdisp.sys (Conexant Systems, Inc.)
DRV - (uts_mdm) -- C:\WINDOWS\system32\drivers\uts_mdm.sys (MCCI)
DRV - (uts_serd) UTStarcom USB Diagnostic Serial Port (WDM) -- C:\WINDOWS\system32\drivers\uts_serd.sys (MCCI)
DRV - (uts_bus) UTStarcom USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\uts_bus.sys (MCCI)
DRV - (uts_mdfl) -- C:\WINDOWS\system32\drivers\uts_mdfl.sys (MCCI Corporation)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (PTDMWWAN) -- C:\WINDOWS\system32\drivers\PTDMWWAN.sys (DEVGURU Co,LTD.)
DRV - (PTDMVsp) -- C:\WINDOWS\system32\drivers\PTDMVsp.sys (DEVGURU Co,LTD.)
DRV - (PTDMMdm) -- C:\WINDOWS\system32\drivers\PTDMMdm.sys (DEVGURU Co,LTD.)
DRV - (PTDMBus) -- C:\WINDOWS\system32\drivers\PTDMBus.sys (DEVGURU Co,LTD.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (aliadwdm) -- C:\WINDOWS\system32\drivers\ac97ali.sys (Acer Laboratories Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (smwdm) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (caboagp) -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys (ATI Technologies Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[2008/12/05 21:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris N\Application Data\Mozilla\Firefox\extensions
[2009/01/21 22:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris N\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2010/02/02 00:04:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Free Radio TV Toolbar) - {9dbb9aeb-5a16-4989-a66f-c0f1c909d647} - C:\Program Files\Free_Radio_TV\tbFree.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Free Radio TV Toolbar) - {9dbb9aeb-5a16-4989-a66f-c0f1c909d647} - C:\Program Files\Free_Radio_TV\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe (Enigma Software Group, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/actives.../as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/27 14:11:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/02 17:15:34 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris N\Desktop\OTL.exe
[2010/02/02 16:45:28 | 000,176,392 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Chris N\Desktop\TDSSKiller.exe
[2010/02/02 12:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/02 12:04:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/02 12:03:46 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris N\Desktop\TFC.exe
[2010/02/02 12:00:03 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/02/02 00:29:34 | 000,472,064 | ---- | C] ( ) -- C:\RootRepeal.exe
[2010/02/02 00:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris N\Application Data\WinRAR
[2010/02/02 00:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/02/02 00:13:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/01 19:25:48 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrobj.dll
[2010/02/01 19:25:48 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrrun.dll
[2010/02/01 19:25:48 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshext.dll
[2010/02/01 19:25:47 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscript.exe
[2010/02/01 19:25:47 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cscript.exe
[2010/02/01 18:56:45 | 000,092,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksecdd.sys
[2010/02/01 18:56:43 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdigest.dll
[2010/02/01 18:56:36 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll
[2010/01/31 18:10:14 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localspl.dll
[2010/01/31 12:19:57 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msasn1.dll
[2010/01/31 12:19:51 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\secur32.dll
[2010/01/31 12:19:48 | 000,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2010/01/31 12:19:44 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\telnet.exe
[2010/01/31 12:19:39 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmfilt.dll
[2010/01/31 12:19:39 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpapi.dll
[2010/01/31 12:19:38 | 000,265,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys
[2010/01/31 12:19:23 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/01/31 12:18:43 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raschap.dll
[2010/01/31 12:18:42 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rastls.dll
[2010/01/31 12:18:18 | 008,461,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/01/31 12:18:08 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oakley.dll
[2010/01/31 12:17:57 | 001,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2010/01/31 12:17:36 | 000,585,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2010/01/31 12:17:29 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhttp.dll
[2010/01/31 12:17:21 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2010/01/31 12:17:14 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msv1_0.dll
[2010/01/31 12:16:47 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll
[2010/01/31 12:16:36 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2010/01/31 12:16:31 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2010/01/31 12:09:39 | 000,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/01/31 12:09:34 | 000,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/01/31 12:08:49 | 002,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/01/31 12:08:37 | 002,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/01/31 12:07:57 | 002,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/01/31 12:07:42 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/01/31 12:07:39 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll
[2010/01/31 00:56:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/01/31 00:56:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/01/30 23:20:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris N\Recent
[2010/01/30 18:32:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris N\Local Settings\Application Data\Threat Expert
[2010/01/30 17:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Firewall Plus
[2010/01/30 17:48:14 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/01/30 17:47:59 | 000,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/01/30 17:47:59 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/01/30 17:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/29 04:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/01/29 03:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris N\Local Settings\Application Data\Ashampoo
[2010/01/29 03:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2010/01/28 16:49:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/01/28 13:53:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/28 13:48:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/28 13:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/01/28 13:10:10 | 000,789,896 | ---- | C] (Simply Super Software) -- C:\WINDOWS\System32\trupd.trb
[2010/01/28 13:09:55 | 001,070,984 | ---- | C] (Simply Super Software) -- C:\WINDOWS\System32\trjscan.trb
[2010/01/28 13:09:52 | 001,303,416 | ---- | C] (Simply Super Software) -- C:\WINDOWS\System32\rmvtrjan.trb
[2010/01/28 05:30:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/01/28 05:29:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/01/28 04:51:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chris N\PrivacIE
[2010/01/28 04:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/28 04:47:19 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Chris N\Desktop\HijackThisInstaller.exe
[2010/01/28 03:57:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris N\Desktop\SmitfraudFix
[2010/01/27 23:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/01/27 23:52:07 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/01/27 20:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/01/27 18:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris N\Application Data\Malwarebytes
[2010/01/27 18:54:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/27 18:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/27 18:54:07 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/27 18:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/27 18:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\InCode Solutions
[2010/01/27 18:02:08 | 001,032,192 | ---- | C] (Max Secure Software) -- C:\WINDOWS\System32\VchReg.dll
[2010/01/27 18:01:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/01/27 17:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris N\Local Settings\Application Data\G DATA
[2010/01/27 16:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/27 16:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris N\Application Data\Simply Super Software
[2010/01/27 16:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\mrojan vemover
[2010/01/27 15:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2010/01/27 07:51:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chris N\IECompatCache
[2010/01/27 06:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris N\Application Data\MailFrontier
[2010/01/27 05:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/01/27 05:54:22 | 000,075,248 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\zllsputility.exe
[2010/01/27 05:54:21 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SpOrder.dll
[2010/01/27 05:54:07 | 000,127,768 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/01/27 05:53:59 | 000,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsregexp.dll
[2010/01/27 05:53:56 | 000,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcomm.dll
[2010/01/27 05:53:56 | 000,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcommdb.dll
[2010/01/27 05:53:50 | 001,086,952 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\zpeng24.dll
[2010/01/27 05:53:50 | 000,099,816 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsxml.dll
[2010/01/27 05:53:50 | 000,046,568 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vswmi.dll
[2010/01/27 05:53:49 | 000,275,944 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vspubapi.dll
[2010/01/27 05:53:49 | 000,103,912 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsmonapi.dll
[2010/01/27 05:53:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/01/27 05:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/01/27 05:53:47 | 000,394,952 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys
[2010/01/27 05:52:33 | 000,472,552 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsutil.dll
[2010/01/27 05:52:33 | 000,157,160 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsinit.dll
[2010/01/27 05:52:33 | 000,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdata.dll
[2010/01/27 05:52:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/01/27 01:35:31 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2010/01/27 01:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2010/01/27 01:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/01/27 00:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/26 20:46:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chris N\IETldCache
[2010/01/26 20:22:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/01/26 20:17:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/01/26 19:24:35 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/01/26 19:24:17 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/01/26 18:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris N\Application Data\Avant Profiles
[2010/01/26 18:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\Avant Browser
[2010/01/26 17:21:30 | 000,000,000 | ---D | C] -- C:\72fca1990561a29517c622
[2010/01/26 14:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris N\Local Settings\Application Data\Help
[2010/01/17 13:45:07 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/17 13:39:55 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/01/17 13:39:55 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2008/07/18 19:47:08 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2008/06/08 21:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2008/01/07 12:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2008/01/03 15:52:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/12/27 14:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/12/27 14:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/12/27 14:11:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/02/02 17:16:27 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris N\Desktop\OTL.exe
[2010/02/02 16:44:43 | 000,152,401 | ---- | M] () -- C:\Documents and Settings\Chris N\Desktop\tdsskiller.zip
[2010/02/02 16:09:12 | 000,355,092 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/02/02 16:08:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/02 15:49:20 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/02 14:11:42 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Chris N\Desktop\gmer.zip
[2010/02/02 13:09:34 | 002,791,968 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/02/02 12:03:51 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris N\Desktop\TFC.exe
[2010/02/02 07:28:06 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/02/02 00:30:41 | 000,000,000 | ---- | M] () -- C:\settings.dat
[2010/02/02 00:26:01 | 000,000,456 | ---- | M] () -- C:\WINDOWS\pkzipw.INI
[2010/02/02 00:23:48 | 000,464,491 | ---- | M] () -- C:\Documents and Settings\Chris N\Desktop\RootRepeal.zip
[2010/02/02 00:05:18 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/02 00:04:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/01 23:59:54 | 000,035,852 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/02/01 23:59:42 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\Chris N\ntuser.dat
[2010/02/01 23:59:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Chris N\ntuser.ini
[2010/02/01 19:40:16 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\Chris N\My Documents\RootkitRevealer.zip
[2010/01/31 21:41:04 | 000,000,567 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/31 21:41:04 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/31 21:40:00 | 000,991,870 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/31 21:39:59 | 000,377,008 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/31 21:39:58 | 000,072,646 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/31 17:31:07 | 000,003,586 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/01/31 17:17:57 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/31 03:06:35 | 007,520,288 | ---- | M] () -- C:\Documents and Settings\Chris N\My Documents\SUPERSpyware.exe
[2010/01/31 01:44:13 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\Chris N\Desktop\Spider Solitaire.lnk
[2010/01/31 01:23:10 | 000,002,638 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/31 00:30:18 | 000,250,048 | -HS- | M] () -- C:\ntldr
[2010/01/30 19:55:27 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Chris N\Desktop\HijackThis.lnk
[2010/01/30 17:55:16 | 004,839,010 | -H-- | M] () -- C:\Documents and Settings\Chris N\Local Settings\Application Data\IconCache.db
[2010/01/30 14:14:28 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk
[2010/01/30 13:48:28 | 000,003,187 | ---- | M] () -- C:\rollback.ini
[2010/01/29 04:31:31 | 000,000,346 | ---- | M] () -- C:\Documents and Settings\Chris N\Desktop\SpyHunter_V1.5.83.zip
[2010/01/28 16:43:09 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/28 13:23:17 | 007,520,288 | ---- | M] () -- C:\Documents and Settings\Chris N\Desktop\sus.exe
[2010/01/28 13:10:10 | 000,789,896 | ---- | M] (Simply Super Software) -- C:\WINDOWS\System32\trupd.trb
[2010/01/28 13:09:55 | 001,070,984 | ---- | M] (Simply Super Software) -- C:\WINDOWS\System32\trjscan.trb
[2010/01/28 04:47:32 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Chris N\Desktop\HijackThisInstaller.exe
[2010/01/28 03:49:37 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/01/28 01:15:58 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System\SysSD.dll
[2010/01/27 23:57:20 | 000,001,479 | ---- | M] () -- C:\Documents and Settings\Chris N\Desktop\Solitaire.lnk
[2010/01/27 23:52:19 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/27 23:52:18 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/01/27 23:52:18 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/01/27 23:52:07 | 000,000,441 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/01/27 20:05:29 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Chris N\Desktop\CCleaner.lnk
[2010/01/27 18:54:14 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/27 18:52:07 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\Chris N\Desktop\RemoveIT Pro v4 - SE.lnk
[2010/01/27 18:04:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SDRemoveDB.db
[2010/01/27 15:38:02 | 000,051,355 | ---- | M] () -- C:\WINDOWS\System32\muzika.xm
[2010/01/27 01:35:25 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2010/01/27 01:28:52 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Chris N\Desktop\Revo Uninstaller.lnk
[2010/01/26 18:13:46 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avant Browser.lnk
[2010/01/26 18:13:00 | 002,044,243 | ---- | M] () -- C:\Documents and Settings\Chris N\My Documents\absetup.exe
[2010/01/26 18:08:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/26 14:43:15 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2010/01/17 13:49:24 | 000,028,264 | ---- | M] () -- C:\Documents and Settings\Chris N\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/13 08:44:14 | 000,176,392 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Chris N\Desktop\TDSSKiller.exe
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/07 12:40:26 | 000,233,136 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/01/05 04:00:21 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll

========== Files Created - No Company Name ==========

[2010/02/02 16:44:41 | 000,152,401 | ---- | C] () -- C:\Documents and Settings\Chris N\Desktop\tdsskiller.zip
[2010/02/02 14:11:11 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Chris N\Desktop\gmer.zip
[2010/02/02 00:30:41 | 000,000,000 | ---- | C] () -- C:\settings.dat
[2010/02/02 00:23:47 | 000,464,491 | ---- | C] () -- C:\Documents and Settings\Chris N\Desktop\RootRepeal.zip
[2010/02/01 19:40:12 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\Chris N\My Documents\RootkitRevealer.zip
[2010/01/31 03:06:25 | 007,520,288 | ---- | C] () -- C:\Documents and Settings\Chris N\My Documents\SUPERSpyware.exe
[2010/01/31 00:26:20 | 000,002,638 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/01/30 17:48:14 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/01/30 17:47:59 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/01/30 17:47:59 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/01/30 14:14:28 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk
[2010/01/29 04:31:20 | 000,000,346 | ---- | C] () -- C:\Documents and Settings\Chris N\Desktop\SpyHunter_V1.5.83.zip
[2010/01/28 13:53:17 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/28 13:53:08 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/01/28 13:23:03 | 007,520,288 | ---- | C] () -- C:\Documents and Settings\Chris N\Desktop\sus.exe
[2010/01/28 04:47:38 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Chris N\Desktop\HijackThis.lnk
[2010/01/28 02:17:10 | 000,003,187 | ---- | C] () -- C:\rollback.ini
[2010/01/27 23:52:18 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/27 23:52:18 | 000,000,382 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/01/27 23:52:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/01/27 23:52:07 | 000,000,441 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/01/27 20:05:29 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Chris N\Desktop\CCleaner.lnk
[2010/01/27 18:54:14 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/27 18:52:07 | 000,001,735 | ---- | C] () -- C:\Documents and Settings\Chris N\Desktop\RemoveIT Pro v4 - SE.lnk
[2010/01/27 18:04:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SDRemoveDB.db
[2010/01/27 18:02:26 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System\SysSD.dll
[2010/01/27 05:59:42 | 002,791,968 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/01/27 05:59:42 | 000,035,852 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/01/27 05:54:30 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/01/27 05:53:59 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2010/01/27 05:53:47 | 000,355,092 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/01/27 01:35:25 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2010/01/27 01:34:46 | 000,051,355 | ---- | C] () -- C:\WINDOWS\System32\muzika.xm
[2010/01/27 01:28:52 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Chris N\Desktop\Revo Uninstaller.lnk
[2010/01/26 20:21:06 | 000,003,586 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/01/26 18:13:46 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avant Browser.lnk
[2010/01/26 18:12:48 | 002,044,243 | ---- | C] () -- C:\Documents and Settings\Chris N\My Documents\absetup.exe
[2009/06/26 17:21:02 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2009/01/26 17:15:08 | 000,010,448 | ---- | C] () -- C:\WINDOWS\System32\sbnetkey.sys
[2008/07/22 18:48:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/08 21:24:49 | 000,000,007 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
[2008/06/08 21:17:36 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/05/29 16:19:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/05/29 14:09:11 | 000,000,456 | ---- | C] () -- C:\WINDOWS\pkzipw.INI
[2008/05/24 00:52:28 | 000,000,073 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/04/29 18:47:08 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Chris N\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/10 02:02:08 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/12/27 17:33:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/12/27 15:32:35 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll

========== LOP Check ==========

[2008/11/26 21:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ascentive
[2010/01/27 06:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/01/27 23:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/01/28 13:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/01/31 12:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/19 11:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2010/01/19 17:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris N\Application Data\FrostWire
[2010/01/25 19:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris N\Application Data\Inbox Toolbar
[2008/12/29 20:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris N\Application Data\LimeWire
[2010/01/27 06:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris N\Application Data\MailFrontier
[2010/01/02 02:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris N\Application Data\RebateInformer
[2009/02/26 22:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris N\Application Data\Research In Motion
[2010/01/27 16:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris N\Application Data\Simply Super Software
[2008/11/21 21:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris N\Application Data\Smith Micro
[2009/03/04 11:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris N\Application Data\Snapfish
[2008/08/15 14:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris N\Application Data\W Photo Studio
[2008/08/15 14:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris N\Application Data\W Photo Studio Viewer
[2008/07/18 19:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris N\Application Data\WeatherBug
[2010/01/27 23:52:19 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2010/01/27 23:52:18 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job
[2010/01/27 23:52:18 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP

FC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
< End of report >

**graf** · 02-02-2010 05:33 PM

OTL Extras logfile created on: 2/2/2010 5:17:18 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Chris N\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 177.00 Mb Available Physical Memory | 40.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 39.90 Gb Free Space | 71.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIGPOPPA
Current User Name: Chris N
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet

isabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet

isabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet

isabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet

isabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe" = C:\Program Files\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe:*

isabled:NeroStartSmart.exe -- (Nero AG)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B29B0066-547B-402c-9C0D-090E2F928A01}" = PANTECH PC USB Modem Software
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE282C23-5484-47FF-B2C1-EBEA5C891033}" = Nero 8
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E31C348B-63A9-4CBF-8D7F-D932ABB63244}" = Ad-Aware 2007
"{EE7FAABD-4774-4BA4-B1C8-BF52D4F217DC}_is1" = Video Player 2008
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Ask Toolbar_is1" = Ask Toolbar
"ATI Display Driver" = ATI Display Driver
"ATT-PRT22" = ATT-PRT22
"AvantBrowser" = Avant Browser (remove only)
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_2027161F" = SoftK56 Data Fax CARP
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ESET Online Scanner" = ESET Online Scanner v3
"Free_Radio_TV Toolbar" = Free_Radio_TV Toolbar
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QuickLink Mobile" = QuickLink Mobile
"RealPlayer 6.0" = RealPlayer
"RegCure" = RegCure 1.6.0.0
"Registry Mechanic_is1" = Registry Mechanic 7.0
"RemoveIT Pro v4 - SE" = RemoveIT Pro v4 - SE
"Revo Uninstaller" = Revo Uninstaller 1.50
"SeekeenSrch" = Seekeen 1.0 build 155
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UTStarcom USB Modem" = UTStarcom USB Modem Software
"VZAccess Manager" = VZAccess Manager
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"ZoneAlarm Security Suite" = ZoneAlarm Security Suite

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/31/2010 9:28:38 PM | Computer Name = BIGPOPPA | Source = Application Hang | ID = 1002
Description = Hanging application Trjscan.exe, version 6.8.1.1306, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/31/2010 9:28:49 PM | Computer Name = BIGPOPPA | Source = Application Hang | ID = 1002
Description = Hanging application Trjscan.exe, version 6.8.1.1306, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/31/2010 11:02:10 PM | Computer Name = BIGPOPPA | Source = Application Hang | ID = 1002
Description = Hanging application Trjscan.exe, version 6.8.1.1306, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/31/2010 11:39:44 PM | Computer Name = BIGPOPPA | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 1/31/2010 11:39:44 PM | Computer Name = BIGPOPPA | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 2/1/2010 10:09:13 PM | Computer Name = BIGPOPPA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 2/2/2010 1:52:12 AM | Computer Name = BIGPOPPA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 2/2/2010 5:01:34 AM | Computer Name = BIGPOPPA | Source = Application Error | ID = 1000
Description = Faulting application removeit.exe, version 0.0.0.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 2/2/2010 2:12:42 PM | Computer Name = BIGPOPPA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.

Error - 2/2/2010 2:15:55 PM | Computer Name = BIGPOPPA | Source = Application Error | ID = 1000
Description = Faulting application spyhunter3.exe, version 1.0.13.0, faulting module
processguard.dll, version 1.0.31.0, fault address 0x00034ee6.

[ System Events ]
Error - 2/2/2010 6:09:42 PM | Computer Name = BIGPOPPA | Source = Service Control Manager | ID = 7001
Description = The Windows Service Pack Installer update service service depends
on the Security Accounts Manager service which failed to start because of the following
error: %%1058

Error - 2/2/2010 6:09:42 PM | Computer Name = BIGPOPPA | Source = Service Control Manager | ID = 7001
Description = The Universal Plug and Play Device Host service depends on the SSDP
Discovery Service service which failed to start because of the following error:
%%1058

Error - 2/2/2010 6:09:42 PM | Computer Name = BIGPOPPA | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%1068

Error - 2/2/2010 6:10:04 PM | Computer Name = BIGPOPPA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/2/2010 6:10:08 PM | Computer Name = BIGPOPPA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/2/2010 6:10:08 PM | Computer Name = BIGPOPPA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service netman with
arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error - 2/2/2010 6:45:09 PM | Computer Name = BIGPOPPA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/2/2010 6:45:19 PM | Computer Name = BIGPOPPA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/2/2010 6:53:07 PM | Computer Name = BIGPOPPA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/2/2010 6:53:20 PM | Computer Name = BIGPOPPA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

< End of report >

**evilfantasy** · 02-02-2010 05:43 PM

Go to Add or Remove Programs and uninstall:

- SpyHunter Security Suite
- SeekeenSrch

Now, go to Start > Run, and copy/paste the following into the Open box (one line at a time) then Click OK after each.

Code:

sc  config PCToolsFirewallPlus start= disabled

Code:

sc stop PCToolsFirewallPlus

Code:

sc delete PCToolsFirewallPlus

I don't see anything as far as malware is concerned.

Try turning off Zone Alarm and your antivirus before running the online scan.

**graf** · 02-02-2010 06:35 PM

I tried it and it crashed again, I don't know what the problem is, and when I try to install super antivirus, I get a windows install error. so i don't know what to do! I do thank you for all your help. you've been really helpful

**evilfantasy** · 02-02-2010 06:40 PM

Try creating a new user account and see if you can run the scans from it.

How to create and configure user accounts in Windows XP

**graf** · 02-02-2010 09:46 PM

new account didn't I give up, thanks for all your help.

**evilfantasy** · 02-02-2010 10:11 PM

Do you have an XP CD? (if not try this anyway)

If so, place it in your CD ROM drive and follow the instructions below:

Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
- Let this run undisturbed until the window with the blue progress bar goes away

SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

Thread: anitvirus programs wont run!

LinkBack

Thread Tools

Didn't work