What the Tech logo
Welcome! Register for a free account (or login) > How does it work?
  1. Quickly register. It will only take 60 seconds.
  2. Start a new topic. Ask your question. Wait for an email reply.
  3. Is your system infected? Begin reading the malware removal guide.
 register button
2 Pages V   1 2 >  
 Closed TopicStart new topic
> [Resolved] Avi and explorer.exe error
grave
post Jul 4 2009, 08:56 AM
Post #1


Authentic Member
**

Group: Authentic Member
Posts: 43
Joined: 21-August 07
Member No.: 72,314
Operating System: windows xp
Every time I open a folder with an avi file in it I get an explorer.exe error message that reads "windows explorer has encountered a problem and needs to close." Im running Windows xp w/ service pack 3. If anyone can help me I posted my Hijackthis log. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:04 AM, on 7/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\NMSAccess.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTju.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\YTSingleInstance.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: BTjunkie Toolbar - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTju.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1112078643\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] "C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe" /AUTORUN
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [CamserviceDP] C:\Program Files\Hercules\DualPix Exchange\Camservice.exe /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Hellhound\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; PeoplePal 3.0; .NET CLR 2.0.50727)" -"http://games.myspace.com/MySpace2.0/App/GameShell.aspx?cx=600000&cn=SD%3dLCD5GjzfiiTrsVRCuUKmsh1Vv%2bW0hw5Mu069MOHcPPAnAuG8U2A6NYnYL0f64xVu%26LT%3d0%26CL%3dC%26TO%3d1244385052%26A%3dkb9vBp3yfcpWN9aAWmk8ydrtIPE%3d%26SA%3dkb9vBp3yfcpWN9aAWmk8ydrtIPE%3d&rx=1200000&rn=SD%3dLCD5GjzfiiTrsVRCuUKmsh1Vv%2bW0hw5Mu069MOHcPPAnAuG8U2A6NYnYL0f64xVu%26LT%3d0%26CL%3dR%26TO%3d1244385652%26A%3d3Y%2fUq%2fnhOqrATUBFK%2fIYzbgJ028%3d%26SA%3d3Y%2fUq%2fnhOqrATUBFK%2fIYzbgJ028%3d&ui=33jt6ztoql0t%2fIzg7QXz0N3qwBk%3d&ux=86400000&un=DA%3d%26SD%3dLCD5GjzfiiTrsVRCuUKmsh1Vv%2bW0hw5Mu069MOHcPPAnAuG8U2A6NYnYL0f64xVu%26LT%3d0%26CL%3dU%26TO%3d1244470852%26A%3d98jOSZrl0EmgrOIDFwCPrzLKqyg%3d%26SA%3d98jOSZrl0EmgrOIDFwCPrzLKqyg%3d&room=0fcd4c29-7e98-44f9-af0c-c189860d6335&code=113398277&channel=110343720&lc=en&refid=&device=-1&carrier
O4 - HKUS\S-1-5-19\..\Run: [pofufemive] Rundll32.exe "C:\WINDOWS\system32\yajosofo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [pofufemive] Rundll32.exe "C:\WINDOWS\system32\yajosofo.dll",s (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://ea-src-cdn.systemrequirementslab.co...reqlab_srlx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1229297256000
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} (CPlayFirstSandScriptControl Object) - http://www.shockwave.com/content/sandscrip...pt.1.0.0.21.cab
O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopetslive.com/dev/gopets.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMSAccess - Unknown owner - C:\WINDOWS\system32\NMSAccess.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11812 bytes
Go to the top of the page
 
+Quote Post
CatByte
post Jul 4 2009, 07:19 PM
Post #2


Classroom Administrator
Group Icon

Group: Classroom Admin
Posts: 9,584
Joined: 18-November 04
From: Canada
Member No.: 18,614
Operating System: xp sp3
Hi and Welcome,

NOTE:
  • Malware removal is NOT instantaneous, most infections require more than one round to properly eradicate.
  • Absence of symptoms does not always mean the job is complete, you can be certain that I will advise you when the computer is clean.
  • Kindly follow my instructions in the order posted.
  • Please DO NOT run any scans or fix items without my direction.




Please do the following:

STEP #1

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.



STEP #2



Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in reply.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries



Go to the top of the page
 
+Quote Post
grave
post Jul 5 2009, 11:30 AM
Post #3


Authentic Member
**

Group: Authentic Member
Posts: 43
Joined: 21-August 07
Member No.: 72,314
Operating System: windows xp
DDS.txt Log:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Hellhound at 9:54:51.21 on Sun 07/05/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2549 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090704-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\NMSAccess.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Hellhound\Desktop\New Folder\dds.pif

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://srch-qus10.hpwis.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn6\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn6\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: BTjunkie Toolbar: {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - c:\program files\btjunkie\tbBTju.dll
BHO: BellSouth Toolbar: {4e7bd74f-2b8d-469e-8cbd-fd60bb9aae2e} - c:\progra~1\blstoo~1\BLSTOO~1.DLL
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Neopets: {cd292324-974f-4224-d074-caca427aa030} - c:\progra~1\neopets\toolbar\Toolbar.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn6\YTSingleInstance.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: BellSouth Toolbar: {4e7bd74f-2b8d-469e-8cbd-fd60bb9aae2e} - c:\progra~1\blstoo~1\BLSTOO~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn6\yt.dll
TB: Neopets: {cd292324-974f-4224-d074-caca427aa030} - c:\progra~1\neopets\toolbar\Toolbar.dll
TB: BTjunkie Toolbar: {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - c:\program files\btjunkie\tbBTju.dll
TB: {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [cdloader] "c:\documents and settings\hellhound\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; PeoplePal 3.0; .NET CLR 2.0.50727)" -"http://games.myspace.com/MySpace2.0/App/GameShell.aspx?cx=600000&cn=SD%3dLCD5GjzfiiTrsVRCuUKmsh1Vv%2bW0hw5Mu069MOHcPPAnAuG8U2A6NYnYL0f64xVu%26LT%3d0%26CL%3dC%26TO%3d1244385052%26A%3dkb9vBp3yfcpWN9aAWmk8ydrtIPE%3d%26SA%3dkb9vBp3yfcpWN9aAWmk8ydrtIPE%3d&rx=1200000&rn=SD%3dLCD5GjzfiiTrsVRCuUKmsh1Vv%2bW0hw5Mu069MOHcPPAnAuG8U2A6NYnYL0f64xVu%26LT%3d0%26CL%3dR%26TO%3d1244385652%26A%3d3Y%2fUq%2fnhOqrATUBFK%2fIYzbgJ028%3d%26SA%3d3Y%2fUq%2fnhOqrATUBFK%2fIYzbgJ028%3d&ui=33jt6ztoql0t%2fIzg7QXz0N3qwBk%3d&ux=86400000&un=DA%3d%26SD%3dLCD5GjzfiiTrsVRCuUKmsh1Vv%2bW0hw5Mu069MOHcPPAnAuG8U2A6NYnYL0f64xVu%26LT%3d0%26CL%3dU%26TO%3d1244470852%26A%3d98jOSZrl0EmgrOIDFwCPrzLKqyg%3d%26SA%3d98jOSZrl0EmgrOIDFwCPrzLKqyg%3d&room=0fcd4c29-7e98-44f9-af0c-c189860d6335&code=113398277&channel=110343720&lc=en&refid=&device=-1&carrier=-1&isOmitChat=0&isOmitAddToProfile=0"
mRun: [VTTimer] VTTimer.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_03\bin\jusched.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [OPSE reminder] "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.exe" -r "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.ini"
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HostManager] c:\program files\common files\aol\1112078643\ee\AOLHostManager.exe
mRun: [BellSouthAlertManager.exe] "c:\program files\bellsouth\am\BellSouthAlertManager.exe" /AUTORUN
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [CamserviceDP] c:\program files\hercules\dualpix exchange\Camservice.exe /startup
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: yourmusic.com\www
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229297256000
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} - hxxp://www.shockwave.com/content/sandscript/sis/SandScript.1.0.0.21.cab
DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} - hxxps://secure.gopetslive.com/dev/gopets.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2008-1-14 26112]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-25 114768]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2007-11-20 127768]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-8-21 395080]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-25 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2006-4-30 138680]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
S0 kl1;kl1;c:\windows\system32\drivers\kl1.sys --> c:\windows\system32\drivers\kl1.sys [?]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2006-4-30 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2006-4-30 352920]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [2009-7-3 94208]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\creative\creative centrale\CTUPnPSv.exe [2008-5-21 64000]
S3 pmxscan;Visioneer USB Kernel;c:\windows\system32\drivers\usbscan.sys [2004-6-29 15104]
S3 XIRLINK;Dsc Pro Digital Camera;c:\windows\system32\drivers\c-itnt.sys --> c:\windows\system32\drivers\C-itnt.sys [?]

=============== Created Last 30 ================

2009-07-04 09:35 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-04 09:35 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-07-04 09:35 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-07-04 09:35 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-07-04 09:23 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-07-04 09:23 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-07-04 09:23 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-07-04 09:22 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-07-04 09:21 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-07-04 09:21 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-07-04 09:21 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-07-04 09:21 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-07-04 09:17 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-07-03 14:01 9,602,944 a------- c:\windows\system32\drivers\snp2uvc.sys
2009-07-03 14:01 299,008 a------- c:\windows\system32\vsnp2uvc.dll
2009-07-03 14:01 167,936 a------- c:\windows\system32\rsnp2uvc.dll
2009-07-03 14:01 94,208 a------- c:\windows\system32\drivers\camfilt2.sys
2009-07-03 14:01 53,248 a------- c:\windows\system32\csnp2uvc.dll
2009-07-03 14:01 28,160 a------- c:\windows\system32\drivers\sncduvc.sys
2009-07-03 14:01 15,497 a------- c:\windows\snp2uvc.ini
2009-07-03 14:01 13,022 a------- c:\windows\snp2uvc.src
2009-07-03 14:00 3,600,384 a------- c:\windows\ffmpeg.exe
2009-07-03 14:00 <DIR> --d----- c:\windows\system32\HWC HD
2009-07-03 14:00 <DIR> --d----- c:\program files\Hercules
2009-06-30 00:36 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-06-30 00:36 21,504 a------- c:\windows\system32\hidserv.dll
2009-06-27 12:14 <DIR> --d----- c:\program files\Fast AVI MPEG Joiner
2009-06-27 10:36 <DIR> --d----- c:\program files\common files\Common Share
2009-06-27 10:35 <DIR> --d----- c:\program files\RER
2009-06-27 05:34 <DIR> --d----- c:\program files\Xvid
2009-06-27 05:34 <DIR> --d----- c:\program files\AviSynth 2.5
2009-06-21 23:46 <DIR> --d----- c:\docume~1\hellho~1\applic~1\rockbox.org
2009-06-12 23:32 <DIR> --d----- c:\docume~1\hellho~1\applic~1\.purple
2009-06-12 23:29 <DIR> --d----- c:\program files\Pidgin
2009-06-12 23:28 <DIR> --d----- c:\program files\common files\GTK
2009-06-09 03:36 <DIR> --d----- c:\program files\Microsoft WSE

==================== Find3M ====================

2009-07-05 09:52 665,413,664 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-07-05 07:08 7,800,884 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-08 12:12 45,056 a------- c:\windows\system32\sstunst2.exe
2009-04-08 12:12 475,136 a------- c:\windows\system32\Shadow Usul.scr
2009-04-08 12:12 499,200 a------- c:\windows\system32\Haunted House.scr
2009-04-08 12:04 1,048,171 a------- c:\windows\system32\Puririn_Valentine.scr
2009-04-08 12:02 520,192 a------- c:\windows\system32\Beautiful Katamari.scr
2009-04-08 11:56 499,200 a------- c:\windows\system32\Maraqua.scr
2009-04-08 11:55 499,200 a------- c:\windows\system32\Pirates.scr
2009-04-08 11:51 520,192 a------- c:\windows\system32\Neopets - Meepits.scr
2008-05-26 20:09 87,608 a------- c:\docume~1\hellho~1\applic~1\inst.exe
2008-05-26 20:09 47,360 a------- c:\docume~1\hellho~1\applic~1\pcouffin.sys
2008-05-26 18:56 81,920 a------- c:\docume~1\hellho~1\applic~1\ezpinst.exe
2007-06-15 12:00 66,269 a------- c:\program files\INSTALL.LOG
2005-02-01 02:39 0 ac-sh--- c:\windows\sminst\HPCD.sys
2008-12-14 20:11 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008121420081215\index.dat

============= FINISH: 9:55:43.54 ===============

Attach.txt Log:

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/11/2004 3:47:56 PM
System Uptime: 7/5/2009 9:47:07 AM (0 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | M57SLI-S4
Processor: AMD Athlon™ 64 X2 Dual Core Processor 5400+ | Socket M2 | 2814/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 145 GiB total, 35.944 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 0.614 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1051: 6/29/2009 11:45:18 PM - System Checkpoint
RP1052: 7/1/2009 4:05:57 AM - System Checkpoint
RP1053: 7/2/2009 12:37:13 PM - Installed Disable the DrWatson debugger
RP1054: 7/2/2009 12:41:29 PM - Installed Disable the DrWatson debugger
RP1055: 7/3/2009 2:00:49 PM - Installed Hercules DualPix Exchange Webcam
RP1056: 7/5/2009 5:07:37 AM - Software Distribution Service 3.0

==== Installed Programs ======================


µTorrent
A-Ray Scanner 2.0.2.3
Ad-Aware SE Personal
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop Album Starter Edition
Adobe Reader 8.1.2
Adobe Shockwave Player
Agere Systems PCI Soft Modem
American McGee's Alice™
Apple Software Update
ArcSoft PhotoStudio 5.5
Aspell English Dictionary-0.50-2
AutoUpdate
avast! Antivirus
Battle.net
Beautiful Katamari Screen Saver
BellSouth Application Management
BellSouth Internet Security - Alert Manager 1.5.11
BellSouth Toolbar 1.0
BTjunkie Toolbar
Bullseye
Caesar 3
Camtasia Studio 5
Canon MP Navigator 2.0
Canon MP150
CDisplay 1.8
CEP - Color Enable Package
Cheetah DVD Burner
clown_screen Screen Saver
Combined Community Codec Pack 2007-07-22
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
Compaq Connections
Compaq Instant Support
Coupon Printer for Windows
Creative Centrale
Creative Removable Disk Manager
Creative Software Update
Creative ZEN Mozaic User's Guide
darkarts2_screen Screen Saver
Dawn of the Dead - Screensaver 2
Diablo
Direct Show Ogg Vorbis Filter (remove only)
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Shrink 3.2
Easy-WebPrint
Easy Internet Sign-up
eBay Desktop
ERUNT 1.1j
EVEREST Home Edition v2.01
EZface ActiveX 203
Face_Wizard B06.1129.01
Fast AVI MPEG Joiner 1.1.2
FreeThrow
GNU Aspell 0.50-3
GoPets
GTK+ Runtime 2.14.7 rev a (remove only)
Haunted House Screen Saver
Hercules DualPix Exchange Webcam
High Definition Audio Driver Package - KB888111
Hijackthis 1.99.1
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB952287)
HP Deskjet Preloaded Printer Drivers
HP Software Update
HpSdpAppCoreApp
InterActual Player
InterVideo WinDVD 8
InterVideo WinDVD Creator 2
J2SE Runtime Environment 5.0 Update 3
Japanese Fonts Support For Adobe Reader 8
Java 2 Runtime Environment, SE v1.4.2_03
KBD
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Magic ISO Maker v5.4 (build 0247)
Magic ISO Maker v5.4 (build 0251)
MagicBall
Mah Jong Tiles Deluxe
Malwarebytes' Anti-Malware
Maraqua Screen Saver
MaxDrive PS2
MediaMonkey 3.0
Memorex exPressit Label Design Studio
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Learning and Research Plus Support Files
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Picture It! Express 7.0
Microsoft Picture It! Publishing Platinum 2001
Microsoft Plus! Digital Media Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
MSN Internet Software
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML4 Parser
Multimedia Card Reader
Neopets
Neopets - Meepits Screen Saver
NVIDIA Drivers
NVIDIA GART Driver
Paint Shop Pro 7 Anniversary Edition
PC-Doctor for Windows
Pidgin
Pirates Screen Saver
PrintMaster Gold 3.00
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
Realtek High Definition Audio Driver
RecordNow!
RER Video Converter
Rockstar Custom Tracks 1.0
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Semagic (remove only)
Shadow Usul Screen Saver
Shanghai
Shockwave
ShockWave V0.95
SimCity 4 Deluxe
SimPE 0.60b (alpha)
Sims2Pack Clean Installer
Sonic Update Manager
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
System Requirements Lab
The Battle for Middle-earth ™ II
The Lord of the Rings, The Rise of the Witch-king
The Rosetta Stone
The Simpsons Movie Screen Saver
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 HomeCrafter Plus
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims Complete Collection
The Sims File Cop
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 Celebration! Stuff
The Sims™ 2 FreeTime
The Sims™ 2 IKEA® Home Stuff
The Sims™ 2 Kitchen & Bath Interior Design Stuff
The Sims™ 2 Mansion and Garden Stuff
The Sims™ 2 Seasons
The Sims™ 2 Teen Style Stuff
The Sims™ 3
Themexp.org File
Ultra Tag Editor
UltraISO Premium V9.3
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Viewpoint Media Player
VobSub v2.23 (Remove Only)
WebFldrs XP
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live installer
Windows Media Format 11 runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.2.1
XviD MPEG4 Video Codec (remove only)
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Software Update
Yahoo! Toolbar
ZoneAlarm

==== Event Viewer Messages From Past Week ========

7/5/2009 5:24:09 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.
7/5/2009 5:24:09 AM, error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/3/2009 3:33:34 PM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
7/2/2009 12:30:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: kl1

==== End Of File ===========================




Attached File(s)
Attached File  gmer.txt ( 16.69K ) Number of downloads: 189
 
Go to the top of the page
 
+Quote Post
CatByte
post Jul 5 2009, 11:40 AM
Post #4


Classroom Administrator
Group Icon

Group: Classroom Admin
Posts: 9,584
Joined: 18-November 04
From: Canada
Member No.: 18,614
Operating System: xp sp3
Hi,

Please do the following:

Download ComboFix from one of these locations:
Link 1
Link 2
Link 3

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




  • Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Go to the top of the page
 
+Quote Post
grave
post Jul 5 2009, 01:01 PM
Post #5


Authentic Member
**

Group: Authentic Member
Posts: 43
Joined: 21-August 07
Member No.: 72,314
Operating System: windows xp
the computer is running much faster now, but i am still having the explorer.exe error when i open folders with .avi files. i've attached the combo fix log for you.

ComboFix 09-07-04.09 - Hellhound 07/05/2009 14:39.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2512 [GMT -4:00]
Running from: c:\documents and settings\Hellhound\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090704-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HELLHO~1\APPLIC~1\inst.exe
c:\documents and settings\Owner\Application Data\inst.exe
c:\program files\INSTALL.LOG
c:\windows\Installer\24368.msi
c:\windows\Installer\24376.msi
c:\windows\patch.exe
c:\windows\system32\qjsqxaoe.ini

.
((((((((((((((((((((((((( Files Created from 2009-06-05 to 2009-07-05 )))))))))))))))))))))))))))))))
.

2009-07-04 13:36 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-07-04 13:36 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-07-04 13:36 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-07-04 13:36 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-07-04 13:36 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-04 13:36 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-07-04 13:36 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-07-04 13:36 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-04 13:36 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-07-04 13:36 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-04 13:36 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-04 13:35 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-04 13:35 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-07-04 13:35 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-07-04 13:35 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-07-04 13:23 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-07-04 13:23 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-07-04 13:23 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-07-04 13:22 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-07-04 13:21 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-07-04 13:21 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-07-04 13:21 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-07-03 20:18 . 2009-07-03 20:18 -------- d-----w- c:\program files\Aspell
2009-07-03 18:24 . 2009-07-03 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-03 18:14 . 2009-05-26 23:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\yupdater.exe
2009-07-03 18:01 . 2007-05-29 16:23 94208 ----a-w- c:\windows\system32\drivers\camfilt2.sys
2009-07-03 18:01 . 2007-05-25 22:37 167936 ----a-w- c:\windows\system32\rsnp2uvc.dll
2009-07-03 18:01 . 2007-05-16 19:33 299008 ----a-w- c:\windows\system32\vsnp2uvc.dll
2009-07-03 18:01 . 2007-05-16 17:02 9602944 ----a-w- c:\windows\system32\drivers\snp2uvc.sys
2009-07-03 18:01 . 2007-05-09 19:16 28160 ----a-w- c:\windows\system32\drivers\sncduvc.sys
2009-07-03 18:01 . 2005-11-23 17:55 53248 ----a-w- c:\windows\system32\csnp2uvc.dll
2009-07-03 18:00 . 2006-08-01 16:31 3600384 ----a-w- c:\windows\ffmpeg.exe
2009-07-03 18:00 . 2009-07-03 18:01 -------- d-----w- c:\windows\system32\HWC HD
2009-07-03 18:00 . 2009-07-03 18:00 -------- d-----w- c:\program files\Hercules
2009-07-03 18:00 . 2009-07-03 18:00 -------- d-----w- c:\docume~1\HELLHO~1\APPLIC~1\InstallShield
2009-06-30 04:36 . 2008-04-13 23:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-06-30 04:36 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-06-27 16:14 . 2009-06-27 16:15 -------- d-----w- c:\program files\Fast AVI MPEG Joiner
2009-06-27 14:36 . 2009-06-27 14:36 -------- d-----w- c:\program files\Common Files\Common Share
2009-06-27 14:35 . 2009-06-27 14:35 -------- d-----w- c:\program files\RER
2009-06-27 09:34 . 2009-06-27 09:34 -------- d-----w- c:\program files\Gabest
2009-06-27 09:34 . 2009-06-27 12:12 -------- d-----w- c:\program files\Xvid
2009-06-27 09:34 . 2009-07-02 16:54 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-22 03:46 . 2009-06-22 03:46 -------- d-----w- c:\docume~1\HELLHO~1\APPLIC~1\rockbox.org
2009-06-13 04:46 . 2009-06-21 05:50 -------- d-----w- c:\docume~1\HELLHO~1\APPLIC~1\gtk-2.0
2009-06-13 03:32 . 2009-07-04 08:21 -------- d-----w- c:\docume~1\HELLHO~1\APPLIC~1\.purple
2009-06-13 03:29 . 2009-07-03 20:18 -------- d-----w- c:\program files\Pidgin
2009-06-13 03:28 . 2009-07-03 20:17 -------- d-----w- c:\program files\Common Files\GTK
2009-06-09 07:36 . 2009-06-09 07:36 10134 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-09 07:36 . 2009-06-09 07:36 -------- d-----w- c:\program files\Microsoft WSE
2009-06-09 06:30 . 2009-06-09 06:30 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\tjnet
2009-06-09 02:13 . 2009-06-09 02:13 47360 ----a-w- c:\documents and settings\Owner\Application Data\pcouffin.sys
2009-06-09 01:42 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\Owner\Application Data\mjusbsp\in00000\setup.exe
2009-06-09 01:42 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\Owner\Application Data\mjusbsp\Upgrade\setup1.exe
2009-06-09 01:42 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\Owner\Application Data\mjusbsp\Upgrade\install1.exe
2009-06-09 01:41 . 2009-06-09 01:42 7685232 ---h--w- c:\documents and settings\Owner\Application Data\mjusbsp\ar00000\upgrade.exe
2009-06-09 01:41 . 2008-02-29 12:42 386496 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\ar00000\magicJackSplash.exe
2009-06-09 01:41 . 2009-06-09 01:42 -------- d-----w- c:\documents and settings\Owner\Application Data\mjusbsp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 18:44 . 2007-08-21 14:51 665485344 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-05 11:08 . 2007-08-21 14:51 7800884 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-03 19:05 . 2008-09-02 01:12 -------- d-----w- c:\docume~1\HELLHO~1\APPLIC~1\mjusbsp
2009-07-03 18:15 . 2007-06-24 01:05 -------- d--h--r- c:\documents and settings\All Users\Application Data\yahoo!
2009-07-03 18:15 . 2004-06-11 19:47 -------- d-----w- c:\program files\Yahoo!
2009-07-03 18:15 . 2005-08-31 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-07-03 18:00 . 2004-01-26 12:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-03 11:57 . 2008-07-18 07:09 -------- d-----w- c:\docume~1\HELLHO~1\APPLIC~1\uTorrent
2009-07-02 16:29 . 2007-09-16 21:14 63047686 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-06-09 08:00 . 2004-06-29 03:46 110424 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-09 07:18 . 2008-01-18 22:48 -------- d-----w- c:\program files\Electronic Arts
2009-06-09 02:47 . 2004-01-26 12:29 -------- d-----w- c:\program files\Common Files\Real
2009-06-09 02:43 . 2004-01-26 11:11 -------- d-----w- c:\program files\HP
2009-06-09 02:42 . 2005-12-28 01:01 -------- d-----w- c:\program files\Max Media Creator
2009-06-09 02:19 . 2007-02-02 15:16 -------- d-----w- c:\program files\Google
2009-06-09 02:15 . 2006-12-15 23:46 -------- d-----w- c:\program files\DVDFab Decrypter
2009-06-09 02:13 . 2006-12-27 22:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso
2009-06-09 02:06 . 2006-04-01 22:34 -------- d-----w- c:\program files\Canon
2009-06-09 02:04 . 2004-08-11 05:24 -------- d-----w- c:\program files\AIM
2009-06-09 02:03 . 2005-06-28 02:57 -------- d-----w- c:\program files\A+ 2003
2009-06-08 12:08 . 2007-08-15 22:50 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2009-06-05 03:57 . 2009-06-05 03:57 -------- d-----w- c:\program files\BTjunkie
2009-06-05 03:57 . 2008-03-04 20:43 -------- d-----w- c:\program files\Conduit
2009-06-01 18:47 . 2009-06-01 18:39 -------- d-----w- c:\program files\Ultra Tag Editor
2009-04-29 04:56 . 2004-01-21 20:16 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-09-09 05:14 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-28 19:10 . 2004-09-09 11:35 110424 -c--a-w- c:\documents and settings\Hellhound\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-19 22:50 . 2007-08-26 16:37 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-17 12:26 . 2004-01-26 08:11 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-10 13:58 . 2009-04-10 13:58 86360 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\magicJack.dll
2009-04-10 13:58 . 2009-04-10 13:58 6327408 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\setup.exe
2009-04-10 13:58 . 2009-04-10 13:58 412784 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\magicJackLoader.exe
2009-04-10 13:58 . 2009-04-10 13:58 480608 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\octvqe1_apiw.dll
2009-04-10 13:58 . 2009-04-10 13:58 214360 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\TjVista.dll
2009-04-10 13:58 . 2009-04-10 13:58 325040 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\TjIpSys.dll
2009-04-10 13:57 . 2009-04-10 13:57 398696 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\SJHandsetTigerJet.dll
2009-04-10 13:57 . 2009-04-10 13:57 87384 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\st00000\mjsetup.exe
2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\st00000\magicJack.dll
2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\magicJack.dll
2009-04-10 13:56 . 2009-04-10 13:56 11871576 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\magicJack.exe
2009-04-10 13:55 . 2009-04-10 13:55 725296 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\install.exe
2009-04-10 13:55 . 2009-04-10 13:55 87384 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\in00000\mjsetup.exe
2009-04-10 13:55 . 2009-04-10 13:55 86360 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\in00000\magicJack.dll
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\st00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\in00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 50520 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe
2009-04-08 16:12 . 2009-04-08 15:55 45056 ----a-w- c:\windows\system32\sstunst2.exe
2009-04-08 16:12 . 2009-04-08 16:12 475136 ----a-w- c:\windows\system32\Shadow Usul.scr
2009-04-08 16:12 . 2009-04-08 16:12 499200 ----a-w- c:\windows\system32\Haunted House.scr
2009-04-08 16:04 . 2009-04-08 16:04 1048171 ----a-w- c:\windows\system32\Puririn_Valentine.scr
2009-04-08 16:02 . 2009-04-08 16:02 520192 ----a-w- c:\windows\system32\Beautiful Katamari.scr
2009-04-08 15:56 . 2009-04-08 15:56 499200 ----a-w- c:\windows\system32\Maraqua.scr
2009-04-08 15:55 . 2009-04-08 15:55 499200 ----a-w- c:\windows\system32\Pirates.scr
2009-04-08 15:51 . 2009-04-08 15:51 520192 ----a-w- c:\windows\system32\Neopets - Meepits.scr
2005-02-01 06:39 . 2005-02-01 06:39 0 -csha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1a71246c-3eb0-4d6c-af77-3ab756017c3a}]
2009-05-20 22:05 2085400 ----a-w- c:\program files\BTjunkie\tbBTju.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Hellhound\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 135168]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-04 221184]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"BellSouthAlertManager.exe"="c:\program files\BellSouth\AM\BellSouthAlertManager.exe" [2007-01-28 2061816]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 919016]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-13 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-13 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"CamserviceDP"="c:\program files\Hercules\DualPix Exchange\Camservice.exe" [2007-08-10 81920]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-08 53248]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-08-13 1626112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\Hellhound\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12479:TCP"= 12479:TCP:BitComet 12479 TCP
"12479:UDP"= 12479:UDP:BitComet 12479 UDP
"57867:TCP"= 57867:TCP:Pando P2P TCP Listening Port
"57867:UDP"= 57867:UDP:Pando P2P UDP Listening Port

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [1/14/2008 8:48 PM 26112]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/25/2008 1:47 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/25/2008 1:47 PM 20560]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [7/3/2009 2:01 PM 94208]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [5/21/2008 7:42 AM 64000]
S3 pmxscan;Visioneer USB Kernel;c:\windows\system32\drivers\usbscan.sys [6/29/2004 9:53 PM 15104]
S3 XIRLINK;Dsc Pro Digital Camera;c:\windows\system32\DRIVERS\C-itnt.sys --> c:\windows\system32\DRIVERS\C-itnt.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - QBLAUIKJ
*Deregistered* - qblauikj
.
Contents of the 'Scheduled Tasks' folder

2009-07-05 c:\windows\Tasks\User_Feed_Synchronization-{0DC9D31D-8840-4429-8815-B63903EC5A99}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 15:58]

2009-07-05 c:\windows\Tasks\User_Feed_Synchronization-{91EB3C36-B623-4EBA-8C23-125A130C723B}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 15:58]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; PeoplePal 3.0; .NET
HKLM-Run-OpwareSE2 - c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
HKLM-Run-OPSE reminder - c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe
HKLM-Run-HostManager - c:\program files\Common Files\AOL\1112078643\EE\AOLHostManager.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://srch-qus10.hpwis.com/
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
Trusted Zone: yourmusic.com\www
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab
DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} - hxxp://www.shockwave.com/content/sandscript/sis/SandScript.1.0.0.21.cab
DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} - hxxps://secure.gopetslive.com/dev/gopets.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-05 14:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-05 14:47
ComboFix-quarantined-files.txt 2009-07-05 18:46

Pre-Run: 38,504,370,176 bytes free
Post-Run: 38,964,047,872 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /usepmtimer

254 --- E O F --- 2009-07-05 09:18

Attached File(s)
Attached File  ComboFix.txt ( 19.84K ) Number of downloads: 90
 
Go to the top of the page
 
+Quote Post
CatByte
post Jul 5 2009, 01:23 PM
Post #6


Classroom Administrator
Group Icon

Group: Classroom Admin
Posts: 9,584
Joined: 18-November 04
From: Canada
Member No.: 18,614
Operating System: xp sp3
Hi,

Please do the following:

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean

It's normal after running TFC cleaner that the PC will be slower to boot the first time.


NEXT

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Go to the top of the page
 
+Quote Post
grave
post Jul 5 2009, 01:46 PM
Post #7


Authentic Member
**

Group: Authentic Member
Posts: 43
Joined: 21-August 07
Member No.: 72,314
Operating System: windows xp
OTL logfile created on: 7/5/2009 3:38:25 PM - Run 1
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Hellhound\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
3.50 Gb Paging File | 3.12 Gb Available in Paging File | 89.07% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.89 Gb Total Space | 36.28 Gb Free Space | 25.04% Space Free | Partition Type: NTFS
Drive D: | 4.14 Gb Total Space | 0.61 Gb Free Space | 14.84% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PUMPKIN
Current User Name: Hellhound
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\WINDOWS\System32\NMSAccess.exe ()
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\System32\tcpsvcs.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
PRC - C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
PRC - C:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe (BellSouth)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Documents and Settings\Hellhound\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTDevice_Srv [Auto | Running]) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
SRV - (CTUPnPSv [On_Demand | Stopped]) -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe (Creative Technology Ltd)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (IviRegMgr [Auto | Running]) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (NMSAccess [Auto | Running]) -- C:\WINDOWS\System32\NMSAccess.exe ()
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SimpTcp [Auto | Running]) -- C:\WINDOWS\System32\tcpsvcs.exe (Microsoft Corporation)
SRV - (vsmon [Auto | Running]) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (YahooAUService [Auto | Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (AgereSoftModem [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ALCXSENS [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (ALCXWDM [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (Aspi32 [System | Running]) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (ati2mtag [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (camfilt2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\camfilt2.sys (Guillemot Corporation)
DRV - (fasttx2k [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (FETND5BV [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys (VIA Technologies, Inc. )
DRV - (FETNDISB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. )
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (iteraid [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (KLIF [System | Running]) -- C:\WINDOWS\System32\DRIVERS\klif.sys (Kaspersky Lab)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvata [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (nv_agp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (pcouffin [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (prodrv06 [System | Running]) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (prohlp02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prosync1 [Boot | Running]) -- C:\WINDOWS\System32\drivers\prosync1.sys (Protection Technology)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\R8139n51.SYS (Realtek Semiconductor Corporation )
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sfhlp01 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - (SiS315 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SISAGP [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp [System | Running]) -- C:\WINDOWS\System32\DRIVERS\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SNP2UVC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\snp2uvc.sys ()
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (srescan [Boot | Running]) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC)
DRV - (SunkFilt [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\sunkfilt.sys (Alcor Micro Corp.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaagp1 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (viagfx [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)
DRV - (vsdatant [System | Running]) -- C:\WINDOWS\System32\vsdatant.sys (Zone Labs, LLC)
DRV - (wanatw [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ialmkchw.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



[2008/04/28 19:13:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\mozilla\Firefox\Profiles\eqlcpwmv.default\extensions

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BTjunkie Toolbar) - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTju.dll (Conduit Ltd.)
O2 - BHO: (BellSouth Toolbar) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\Program Files\blstoolbar\blstoolbar.dll ()
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\companion\Installs\cpn6\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (BTjunkie Toolbar) - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTju.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (BellSouth Toolbar) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\Program Files\blstoolbar\blstoolbar.dll ()
O3 - HKLM\..\Toolbar: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (BTjunkie Toolbar) - {1A71246C-3EB0-4D6C-AF77-3AB756017C3A} - C:\Program Files\BTjunkie\tbBTju.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BellSouth Toolbar) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\Program Files\blstoolbar\blstoolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe (BellSouth)
O4 - HKLM..\Run: [CamserviceDP] File not found
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PS2] C:\WINDOWS\System32\ps2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Hellhound\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/07/03 14:15:05 | 00,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/07/03 14:15:05 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/07/03 14:15:05 | 00,000,000 | ---D | M]
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: yourmusic.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://ea-src-cdn.systemrequirementslab.co...reqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1229297256000 (WUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} http://www.shockwave.com/content/sandscrip...pt.1.0.0.21.cab (CPlayFirstSandScriptControl Object)
O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} https://secure.gopetslive.com/dev/gopets.cab (GoPets Control)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/26 05:28:24 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/05 15:28:07 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/07/05 15:26:54 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hellhound\Desktop\OTL.exe
[2009/07/05 15:26:09 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hellhound\Desktop\TFC.exe
[2009/07/05 14:45:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/07/05 14:38:54 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/07/05 14:36:45 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/07/05 14:36:45 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/07/05 14:36:45 | 00,155,136 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/07/05 14:36:45 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/07/05 14:36:45 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/07/05 14:36:45 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/07/05 14:36:45 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/07/05 14:36:45 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/07/05 14:36:39 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/07/05 14:36:36 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/05 14:31:56 | 03,045,756 | R--- | C] () -- C:\Documents and Settings\Hellhound\Desktop\ComboFix.exe
[2009/07/04 23:00:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hellhound\Desktop\New Folder
[2009/07/04 11:30:21 | 02,032,936 | ---- | C] (Skype Technologies S.A.) -- C:\Documents and Settings\Hellhound\Desktop\SkypeSetup.exe
[2009/07/04 09:36:01 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/07/04 09:36:01 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/07/04 09:36:01 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/07/04 09:36:01 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/07/04 09:36:01 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/07/04 09:36:01 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/07/04 09:36:01 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/07/04 09:36:01 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/07/04 09:36:00 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/07/04 09:36:00 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/07/04 09:36:00 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/07/04 09:35:59 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/07/04 09:35:33 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/07/04 09:35:32 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/07/04 09:35:30 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/07/04 09:23:21 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/07/04 09:23:19 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009/07/04 09:23:09 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/07/04 09:22:01 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/07/04 09:21:59 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/07/04 09:21:11 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/07/04 09:21:10 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/07/04 09:21:09 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/07/04 09:17:09 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/07/03 16:18:41 | 00,000,000 | ---D | C] -- C:\Program Files\Aspell
[2009/07/03 14:24:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/07/03 14:07:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hellhound\My Documents\Hercules webcam
[2009/07/03 14:01:28 | 09,602,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/07/03 14:01:28 | 00,299,008 | ---- | C] (Sonix) -- C:\WINDOWS\System32\vsnp2uvc.dll
[2009/07/03 14:01:28 | 00,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009/07/03 14:01:28 | 00,094,208 | ---- | C] (Guillemot Corporation) -- C:\WINDOWS\System32\drivers\camfilt2.sys
[2009/07/03 14:01:28 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/07/03 14:01:28 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/07/03 14:01:28 | 00,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2009/07/03 14:01:28 | 00,013,022 | ---- | C] () -- C:\WINDOWS\snp2uvc.src
[2009/07/03 14:00:57 | 03,600,384 | ---- | C] () -- C:\WINDOWS\ffmpeg.exe
[2009/07/03 14:00:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\HWC HD
[2009/07/03 14:00:51 | 00,000,000 | ---D | C] -- C:\Program Files\Hercules
[2009/07/03 14:00:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hellhound\Application Data\InstallShield
[2009/06/30 00:36:28 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2009/06/30 00:36:28 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2009/06/27 12:14:59 | 00,000,758 | ---- | C] () -- C:\Documents and Settings\Hellhound\Desktop\Fast AVI MPEG Joiner.lnk
[2009/06/27 12:14:58 | 00,000,000 | ---D | C] -- C:\Program Files\Fast AVI MPEG Joiner
[2009/06/27 10:38:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hellhound\My Documents\RER Soft, Inc
[2009/06/27 10:36:06 | 00,000,783 | ---- | C] () -- C:\Documents and Settings\Hellhound\Desktop\RER Video Converter.lnk
[2009/06/27 10:36:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Common Share
[2009/06/27 10:35:59 | 00,000,000 | ---D | C] -- C:\Program Files\RER
[2009/06/27 08:33:39 | 00,000,613 | ---- | C] () -- C:\Documents and Settings\Hellhound\Application Data\AutoGK.ini
[2009/06/27 05:34:50 | 00,000,000 | ---D | C] -- C:\Program Files\Gabest
[2009/06/27 05:34:43 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid
[2009/06/27 05:34:28 | 00,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2009/06/21 23:46:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hellhound\Application Data\rockbox.org
[2009/06/13 00:46:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hellhound\Application Data\gtk-2.0
[2009/06/12 23:32:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hellhound\Application Data\.purple
[2009/06/12 23:29:15 | 00,000,000 | ---D | C] -- C:\Program Files\Pidgin
[2009/06/12 23:28:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\GTK
[2009/06/09 03:36:38 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2009/06/05 22:40:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hellhound\My Documents\Oberon Media
[2009/02/17 04:51:25 | 00,000,057 | ---- | C] () -- C:\WINDOWS\_delis43.ini
[2009/01/28 14:50:44 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/28 14:50:44 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/05/04 02:05:30 | 00,000,067 | ---- | C] () -- C:\WINDOWS\#1 DVD Audio Ripper.INI
[2008/01/28 09:58:06 | 00,086,304 | ---- | C] () -- C:\WINDOWS\RHVIDEO.DLL
[2007/11/29 18:30:28 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/11/29 18:28:24 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/11/29 18:28:24 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/11/28 17:52:32 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/09/30 00:11:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\RingtoneMaker.INI
[2007/09/30 00:06:24 | 00,002,770 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2007/09/14 13:27:15 | 00,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2007/09/14 09:37:20 | 00,000,067 | ---- | C] () -- C:\WINDOWS\Easy Video to DVD.INI
[2007/08/26 12:37:16 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/08/21 10:51:13 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007/08/13 17:14:16 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/08/13 17:14:16 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/08/13 17:14:13 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/08/13 17:14:12 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/08/13 17:14:11 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/07/31 16:15:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2007/07/20 11:36:32 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/06/15 11:47:36 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2007/06/15 11:47:31 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2007/01/28 15:43:47 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2006/12/15 20:18:18 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/15 19:46:19 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/06/14 13:06:43 | 00,000,217 | ---- | C] () -- C:\WINDOWS\MPPAGER.INI
[2006/05/09 09:00:26 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/04/01 18:44:25 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7K.DLL
[2005/08/06 14:22:02 | 00,000,026 | ---- | C] () -- C:\WINDOWS\WAR2R.INI
[2005/07/09 17:49:15 | 00,000,717 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2005/06/09 00:46:20 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2005/06/09 00:46:19 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005/03/29 02:54:07 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/03/07 03:55:46 | 00,000,020 | ---- | C] () -- C:\WINDOWS\calera.ini
[2005/03/07 03:55:41 | 00,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2005/03/07 03:55:41 | 00,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2005/03/07 03:55:41 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2005/03/07 03:55:32 | 00,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2004/09/17 17:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/08/30 03:50:29 | 00,000,040 | ---- | C] () -- C:\WINDOWS\TSC.INI
[2004/08/30 03:46:34 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/07/10 02:02:17 | 00,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/06/29 00:54:53 | 00,000,896 | ---- | C] () -- C:\WINDOWS\System32\hpsj16.dll
[2004/06/29 00:54:53 | 00,000,687 | ---- | C] () -- C:\WINDOWS\System32\drivers\hpscan16.sys
[2004/06/29 00:54:52 | 00,000,057 | ---- | C] () -- C:\WINDOWS\HPDS23.INI
[2004/06/28 23:43:16 | 00,000,039 | ---- | C] () -- C:\WINDOWS\VTWAIN.INI
[2004/06/28 23:43:16 | 00,000,022 | ---- | C] () -- C:\WINDOWS\ppdrv.ini
[2004/06/28 23:41:35 | 00,000,860 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/06/28 23:40:11 | 00,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2004/06/28 23:40:11 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2004/06/28 23:40:10 | 00,148,512 | ---- | C] () -- C:\WINDOWS\hpud32.dll
[2004/06/28 23:40:10 | 00,123,424 | ---- | C] () -- C:\WINDOWS\p1220_32.dll
[2004/06/28 23:40:10 | 00,000,038 | ---- | C] () -- C:\WINDOWS\hpudrv.ini
[2004/06/28 19:35:18 | 00,156,157 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/06/18 18:04:17 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2004/06/13 22:56:05 | 00,000,061 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2004/06/13 20:53:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/06/12 17:00:37 | 00,001,113 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/06/11 15:46:47 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/06/11 15:46:47 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/06/11 15:46:47 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/06/11 15:46:47 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/06/11 15:46:47 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/06/11 15:46:47 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/01/28 22:21:05 | 00,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/01/28 22:21:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/01/27 06:47:39 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/27 06:26:18 | 00,002,150 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2004/01/26 09:32:19 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/01/26 09:31:25 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/01/26 09:31:25 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/01/26 09:23:22 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/01/26 09:17:11 | 00,029,216 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/01/26 09:16:36 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2004/01/26 09:16:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/01/26 09:00:28 | 00,000,479 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/26 08:46:03 | 00,000,897 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/01/26 06:56:30 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/26 06:14:16 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/26 06:02:59 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/01/26 06:02:59 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/01/26 06:02:33 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/01/26 05:33:52 | 00,000,810 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/26 04:11:44 | 00,000,553 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/26 04:11:01 | 00,000,715 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/01/26 04:10:51 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/12/09 14:16:52 | 00,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\comintfs.dll
[2003/09/23 04:19:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/08 02:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/15 18:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/10/06 14:42:57 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 19:04:25 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 19:04:24 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 19:04:17 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/01/25 09:04:50 | 00,005,440 | ---- | C] () -- C:\WINDOWS\System32\mciwa16.dll
[2002/01/25 09:04:50 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspsbext.ini
[2002/01/25 09:04:50 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfidrv.ini
[2002/01/25 09:04:50 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfbase.ini
[2002/01/25 09:04:50 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspaudrv.ini
[2002/01/25 09:04:50 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspapdrv.ini
[2002/01/25 09:04:50 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\mciwaw95.ini
[2002/01/25 09:04:50 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspwa.ini
[2002/01/25 09:04:50 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspct.ini
[2002/01/25 09:04:50 | 00,000,220 | ---- | C] () -- C:\WINDOWS\System32\pspwave.ini
[2002/01/25 09:04:50 | 00,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspdss.ini
[2002/01/25 09:04:50 | 00,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspddi.ini
[2001/07/13 07:04:00 | 00,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI

========== Files - Modified Within 30 Days ==========

[2009/07/05 15:40:00 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{91EB3C36-B623-4EBA-8C23-125A130C723B}.job
[2009/07/05 15:38:11 | 00,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0DC9D31D-8840-4429-8815-B63903EC5A99}.job
[2009/07/05 15:35:12 | 66,551,4016 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/07/05 15:31:35 | 00,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/07/05 15:30:46 | 00,000,336 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/07/05 15:30:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/05 15:30:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/05 15:30:00 | 32,207,54432 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/05 15:28:44 | 07,802,036 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/07/05 15:26:55 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hellhound\Desktop\OTL.exe
[2009/07/05 15:26:09 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hellhound\Desktop\TFC.exe
[2009/07/05 14:44:43 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/05 14:38:58 | 00,000,277 | RHS- | M] () -- C:\boot.ini
[2009/07/05 14:32:00 | 03,045,756 | R--- | M] () -- C:\Documents and Settings\Hellhound\Desktop\ComboFix.exe
[2009/07/05 05:28:47 | 00,414,116 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/05 05:28:47 | 00,066,208 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/05 05:28:44 | 00,488,184 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/05 05:23:17 | 00,351,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/05 05:18:33 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/05 05:16:31 | 00,000,715 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/04 11:30:24 | 02,032,936 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\Hellhound\Desktop\SkypeSetup.exe
[2009/07/04 09:58:12 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/03 16:55:56 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Hellhound\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/27 12:14:59 | 00,000,758 | ---- | M] () -- C:\Documents and Settings\Hellhound\Desktop\Fast AVI MPEG Joiner.lnk
[2009/06/27 10:36:06 | 00,000,783 | ---- | M] () -- C:\Documents and Settings\Hellhound\Desktop\RER Video Converter.lnk
[2009/06/27 09:44:03 | 00,000,613 | ---- | M] () -- C:\Documents and Settings\Hellhound\Application Data\AutoGK.ini
[2009/06/08 08:10:10 | 00,155,136 | ---- | M] () -- C:\WINDOWS\PEV.exe

========== LOP Check ==========

[2009/07/03 14:24:46 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/09/08 16:55:05 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{1DC446AE-02CE-4ED1-9CCE-6CED69BDEEFC}
[2008/09/08 16:55:39 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{F80BA25A-BEA5-42AE-89A4-E9FC6C7E53FB}
[2006/12/15 19:49:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2007/08/18 19:55:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2007/09/29 11:07:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2007/06/15 12:00:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BellSouth
[2006/04/01 18:44:26 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/04/19 18:55:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/04/11 01:43:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008/01/26 09:21:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/02/09 21:17:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2007/08/21 10:52:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2004/01/26 09:27:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2004/08/04 01:41:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2008/08/28 22:21:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/06/20 17:28:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/09/25 20:02:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2005/03/29 02:44:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2009/04/26 07:58:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G4
[2009/04/26 07:58:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2004/01/26 05:35:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2007/04/17 15:51:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2007/07/12 10:08:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SonyPicturesGames
[2008/07/08 17:27:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2006/05/27 04:59:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2004/06/11 15:27:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/05/26 21:03:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2008/02/06 12:30:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/07/05 14:43:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data
[2009/07/04 04:21:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\.purple
[2006/12/15 20:24:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\Ahead
[2005/05/16 04:17:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\Aim
[2007/09/30 02:29:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\AVS Video Converter
[2007/09/29 11:07:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\AVS4YOU
[2007/06/15 12:35:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\BellSouth
[2009/04/22 01:04:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\Canon
[2008/09/02 14:33:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1
[2009/04/10 04:03:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\dvdcss
[2005/03/23 09:50:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\FileOpen
[2009/06/21 01:50:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\gtk-2.0
[2004/01/27 06:26:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\interMute
[2004/08/06 23:20:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\InterVideo
[2008/07/02 00:11:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\iriver
[2005/05/30 06:21:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\Jasc
[2008/07/16 04:26:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\LEGO Company
[2008/10/18 18:19:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\LimeWire
[2007/11/06 20:07:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\LucasArts
[2009/07/03 15:05:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\mjusbsp
[2004/08/07 01:30:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\Motive
[2008/01/18 19:22:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\My Battle for Middle-earth™ II Files
[2008/01/29 09:28:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files
[2008/08/28 22:26:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\NCH Swift Sound
[2008/04/20 08:15:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\Neopets Toolbar
[2007/09/01 13:16:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\Obsidium
[2008/11/03 20:44:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\River Past G4
[2008/11/03 20:07:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\River Past G5
[2009/06/21 23:46:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\rockbox.org
[2004/01/26 09:49:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\SampleView
[2007/05/19 22:34:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\Template
[2009/07/03 07:57:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\uTorrent
[2009/05/04 15:07:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\Vso
[2008/11/02 03:47:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Hellhound\Application Data\Xilisoft Corporation
[2003/08/16 12:14:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/05 15:30:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/07/05 15:38:11 | 00,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0DC9D31D-8840-4429-8815-B63903EC5A99}.job
[2009/07/05 15:40:00 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{91EB3C36-B623-4EBA-8C23-125A130C723B}.job

========== Purity Check ==========


< End of report >
Go to the top of the page
 
+Quote Post
grave
post Jul 5 2009, 01:47 PM
Post #8


Authentic Member
**

Group: Authentic Member
Posts: 43
Joined: 21-August 07
Member No.: 72,314
Operating System: windows xp
OTL Extras logfile created on: 7/5/2009 3:38:25 PM - Run 1
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Hellhound\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
3.50 Gb Paging File | 3.12 Gb Available in Paging File | 89.07% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.89 Gb Total Space | 36.28 Gb Free Space | 25.04% Space Free | Partition Type: NTFS
Drive D: | 4.14 Gb Total Space | 0.61 Gb Free Space | 14.84% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PUMPKIN
Current User Name: Hellhound
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"12479:TCP" = 12479:TCP:*:Enabled:BitComet 12479 TCP
"12479:UDP" = 12479:UDP:*:Enabled:BitComet 12479 UDP
"57867:TCP" = 57867:TCP:*:Enabled:Pando P2P TCP Listening Port
"57867:UDP" = 57867:UDP:*:Enabled:Pando P2P UDP Listening Port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack (magicJack L.P.)
C:\Documents and Settings\Hellhound\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack (magicJack L.P.)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-3976-4267-9F39-1DC4745090B7}" = Microsoft Learning and Research Plus Support Files
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{04BEFF7A-DF5D-4E49-AB46-BA3D3BE49FCB}" = Hercules DualPix Exchange Webcam
"{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = Easy Internet Sign-up
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = The Sims™ 2 Mansion and Garden Stuff
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth ™ II
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369B36BE-3D64-4641-9AEA-808D436FE130}" = Microsoft Picture It! Express 7.0
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{483616D1-867E-46F8-BEC7-3C6475933908}" = Adobe Photoshop Album Starter Edition
"{501FC6C0-7F99-4937-99F6-9A65A964B710}" = Microsoft Picture It! Publishing Platinum 2001
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kitchen & Bath Interior Design Stuff
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72A819E7-4146-B9EA-1292-C4A77F657B4E}" = eBay Desktop
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{77B5AD60-8F14-11D4-9BC9-0050041A1090}" = American McGee's Alice™
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}" = Camtasia Studio 5
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" =
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1899CD8-9584-4DC5-00AE-48F47CF81183}" = The Sims 2 HomeCrafter Plus
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = The Lord of the Rings, The Rise of the Witch-king
"{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}" = Cheetah DVD Burner
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CA9A3609-3ECC-4574-8824-A8161A71A603}" = Canon MP150
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D6D4828F-A5B2-11D4-8F73-0050DA0F6297}" = The Sims File Cop
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B06.1129.01
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = The Sims™ 2 Celebration! Stuff
"{EF9967D8-1999-4260-ACC2-86901AA36650}" = Multimedia Card Reader
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}" = The Sims Complete Collection
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"A-Ray Scanner" = A-Ray Scanner 2.0.2.3
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"avast!" = avast! Antivirus
"BackWeb-1940576 Uninstaller" = Compaq Connections
"Battle.net" = Battle.net
"Beautiful Katamari" = Beautiful Katamari Screen Saver
"BellSouth Application Management" = BellSouth Application Management
"blstoolbar" = BellSouth Toolbar 1.0
"BTjunkie Toolbar" = BTjunkie Toolbar
"Bullseye" = Bullseye
"Caesar 3" = Caesar 3
"CDisplay_is1" = CDisplay 1.8
"CEP - Colour Enable Packages_is1" = CEP - Color Enable Package
"clown_screen" = clown_screen Screen Saver
"com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1" = eBay Desktop
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2007-07-22
"Compaq Instant Support" = Compaq Instant Support
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Creative Centrale" = Creative Centrale
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"darkarts2_screen" = darkarts2_screen Screen Saver
"Dawn of the Dead - Screensaver 2" = Dawn of the Dead - Screensaver 2
"Diablo" = Diablo
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-WebPrint" = Easy-WebPrint
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.01
"EZface ActiveX" = EZface ActiveX 203
"Fast AVI MPEG Joiner_is1" = Fast AVI MPEG Joiner 1.1.2
"FreeThrow" = FreeThrow
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GoPets" = GoPets
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"Haunted House" = Haunted House Screen Saver
"HijackThis" = HijackThis 2.0.2
"Hijackthis_is1" = Hijackthis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = Easy Internet Sign-up
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{EF9967D8-1999-4260-ACC2-86901AA36650}" = Multimedia Card Reader
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"InterActual Player" = InterActual Player
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Magic ISO Maker v5.4 (build 0247)" = Magic ISO Maker v5.4 (build 0247)
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"MagicBall" = MagicBall
"Mah Jong Tiles Deluxe" = Mah Jong Tiles Deluxe
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maraqua" = Maraqua Screen Saver
"MaxDrive PS2" = MaxDrive PS2
"MediaMonkey_is1" = MediaMonkey 3.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MP Navigator 2.0" = Canon MP Navigator 2.0
"MSNMS" = MSN Internet Software
"MVApplication1" = Memorex exPressit Label Design Studio
"Neopets" = Neopets
"Neopets - Meepits" = Neopets - Meepits Screen Saver
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA GART Driver" = NVIDIA GART Driver
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"Pidgin" = Pidgin
"Pirates" = Pirates Screen Saver
"PrintMaster Gold 3.00" = PrintMaster Gold 3.00
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RadialpointClientGateway_is1" = BellSouth Internet Security - Alert Manager 1.5.11
"RER Video Converter_is1" = RER Video Converter
"Rockstar Custom Tracks" = Rockstar Custom Tracks 1.0
"S3" = VIA/S3G Display Driver
"Semagic" = Semagic (remove only)
"Shadow Usul" = Shadow Usul Screen Saver
"Shanghai" = Shanghai
"Shockwave" = Shockwave
"SimPE_is1" = SimPE 0.60b (alpha)
"Sims2Pack Clean Installer " = Sims2Pack Clean Installer
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SpywareBlaster_is1" = SpywareBlaster v3.5.1
"SystemRequirementsLab" = System Requirements Lab
"The Rosetta Stone" = The Rosetta Stone
"The Simpsons Movie" = The Simpsons Movie Screen Saver
"Themexp.org File" = Themexp.org File
"UltraISO_is1" = UltraISO Premium V9.3
"ViewpointMediaPlayer" = Viewpoint Media Player
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VobSub" = VobSub v2.23 (Remove Only)
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.2.1
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Messenger Explorer Bar" = Yahoo! Messenger Explorer Bar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"ZENMozaicUG" = Creative ZEN Mozaic User's Guide
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ShockWave V0.95" = ShockWave V0.95
"Ultra Tag Editor" = Ultra Tag Editor
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 6/21/2005 11:53:12 PM | Computer Name = PUMPKIN | Source = avast! | ID = 33554522
Description = AAVM - initialization error: Standard Shield provider: cannot start
because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000.

Error - 9/4/2007 2:11:15 PM | Computer Name = PUMPKIN | Source = avast! | ID = 33554522
Description = AAVM - initialization error: Unhandled exception in AavmProviderStop
[Inner], MAIL.

Error - 3/5/2008 7:15:03 PM | Computer Name = PUMPKIN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
H:\My Picture\x\Funny stuff\Thumbs.db failed, 00000005.

Error - 6/23/2008 1:29:30 PM | Computer Name = PUMPKIN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\MEMORY.DMP failed, 00000005.

Error - 6/23/2008 1:29:30 PM | Computer Name = PUMPKIN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\MEMORY.DMP failed, 00000005.

Error - 6/25/2008 12:14:15 PM | Computer Name = PUMPKIN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://static2.livenation.com/akamai/V0094...=/media/browse/
failed, 0000A413.

Error - 11/11/2008 4:18:24 AM | Computer Name = PUMPKIN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\Internet Logs\tvDebug.log failed, 0000A413.

Error - 12/5/2008 2:28:07 AM | Computer Name = PUMPKIN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
H:\My Picture\HOP AND SWING\PICS OF MONKEY\Thumbs.db failed, 00000005.

Error - 12/13/2008 8:47:54 PM | Computer Name = PUMPKIN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\Internet Logs\tvDebug.log failed, 0000A413.

Error - 2/11/2009 2:57:52 AM | Computer Name = PUMPKIN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
H:\Downloads\The Definitive Friday the 13th Collection\Friday the 13th Part II.avi
failed, 0000001E.

[ Application Events ]
Error - 6/2/2009 3:41:18 PM | Computer Name = PUMPKIN | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 0.9.2.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/2/2009 3:53:42 PM | Computer Name = PUMPKIN | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/2/2009 3:53:42 PM | Computer Name = PUMPKIN | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/4/2009 10:01:19 PM | Computer Name = PUMPKIN | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/4/2009 11:07:11 PM | Computer Name = PUMPKIN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16640, faulting
module ieframe.dll, version 7.0.6000.16640, fault address 0x0006d336.

Error - 6/5/2009 8:28:44 PM | Computer Name = PUMPKIN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16640, faulting
module ytbm.dll, version 2007.11.12.1, fault address 0x00034b8f.

Error - 6/6/2009 12:34:25 AM | Computer Name = PUMPKIN | Source = nview_info | ID = 11141121
Description =

Error - 6/8/2009 1:46:12 PM | Computer Name = PUMPKIN | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 0.9.2.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/8/2009 1:54:37 PM | Computer Name = PUMPKIN | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 0.9.2.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/8/2009 10:22:09 PM | Computer Name = PUMPKIN | Source = MsiInstaller | ID = 11905
Description = Product: PhotoGallery -- Error 1905.Module c:\Program Files\Common
Files\HP\Memories Disc\2.0\LeadTools\LTStlImgRd.dll failed to unregister. HRESULT
. Contact your support personnel.

[ System Events ]
Error - 7/4/2009 10:26:38 PM | Computer Name = PUMPKIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
kl1

Error - 7/5/2009 5:03:05 AM | Computer Name = PUMPKIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
kl1

Error - 7/5/2009 5:24:09 AM | Computer Name = PUMPKIN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor
service to connect.

Error - 7/5/2009 5:24:09 AM | Computer Name = PUMPKIN | Source = Service Control Manager | ID = 7000
Description = The TrueVector Internet Monitor service failed to start due to the
following error: %%1053

Error - 7/5/2009 5:24:09 AM | Computer Name = PUMPKIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
kl1

Error - 7/5/2009 9:48:19 AM | Computer Name = PUMPKIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
kl1

Error - 7/5/2009 2:39:38 PM | Computer Name = PUMPKIN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 7/5/2009 2:44:38 PM | Computer Name = PUMPKIN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 7/5/2009 2:44:39 PM | Computer Name = PUMPKIN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 7/5/2009 3:30:44 PM | Computer Name = PUMPKIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
kl1


< End of report >
Go to the top of the page
 
+Quote Post
CatByte
post Jul 5 2009, 02:04 PM
Post #9


Classroom Administrator
Group Icon

Group: Classroom Admin
Posts: 9,584
Joined: 18-November 04
From: Canada
Member No.: 18,614
Operating System: xp sp3
Hi

please do the following:

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.


  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply



NEXT


Let's have a look at the file association for your .avi files:

Please do this

Go to My Computer > Tools > Folder Options
then click on File Types.
There you will see all the registered file types in Windows, choose the .avi file type and click on the Change button.
Pick the program you want to open the .avi files with, click on Ok, then on Close.
You may want to restart your PC to be sure.
Let me know if that resolves the issue.
Go to the top of the page
 
+Quote Post
grave
post Jul 6 2009, 04:05 PM
Post #10


Authentic Member
**

Group: Authentic Member
Posts: 43
Joined: 21-August 07
Member No.: 72,314
Operating System: windows xp
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, July 6, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, July 06, 2009 19:17:15
Records in database: 2433243
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 195942
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 03:04:35

No malware has been detected. The scan area is clean.

The selected area was scanned.
Go to the top of the page
 
+Quote Post
grave
post Jul 6 2009, 04:12 PM
Post #11


Authentic Member
**

Group: Authentic Member
Posts: 43
Joined: 21-August 07
Member No.: 72,314
Operating System: windows xp
I still get the error message. I attached screen shots of the message and also added the windows error report. I appreciate all your help with this problem, I hope we can figure out this problem.






<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="SYSTEM INFO" FILTER="GRABMI_FILTER_SYSTEM">
<MATCHING_FILE NAME="advapi32.dll" SIZE="617472" CHECKSUM="0xA0887D0D" BIN_FILE_VERSION="5.1.2600.5755" BIN_PRODUCT_VERSION="5.1.2600.5755" PRODUCT_VERSION="5.1.2600.5755" FILE_DESCRIPTION="Advanced Windows 32 Base API" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)" ORIGINAL_FILENAME="advapi32.dll" INTERNAL_NAME="advapi32.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xA5BB8" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5755" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5755" LINK_DATE="02/09/2009 12:10:48" UPTO_LINK_DATE="02/09/2009 12:10:48" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="gdi32.dll" SIZE="286720" CHECKSUM="0x98314A3F" BIN_FILE_VERSION="5.1.2600.5698" BIN_PRODUCT_VERSION="5.1.2600.5698" PRODUCT_VERSION="5.1.2600.5698" FILE_DESCRIPTION="GDI Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5698 (xpsp_sp3_gdr.081022-1932)" ORIGINAL_FILENAME="gdi32" INTERNAL_NAME="gdi32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x4CE95" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5698" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5698" LINK_DATE="10/23/2008 12:36:14" UPTO_LINK_DATE="10/23/2008 12:36:14" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="kernel32.dll" SIZE="989696" CHECKSUM="0x2D998938" BIN_FILE_VERSION="5.1.2600.5781" BIN_PRODUCT_VERSION="5.1.2600.5781" PRODUCT_VERSION="5.1.2600.5781" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xFE572" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5781" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5781" LINK_DATE="03/21/2009 14:06:58" UPTO_LINK_DATE="03/21/2009 14:06:58" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="ntdll.dll" SIZE="714752" CHECKSUM="0xC695BA95" BIN_FILE_VERSION="5.1.2600.5755" BIN_PRODUCT_VERSION="5.1.2600.5755" PRODUCT_VERSION="5.1.2600.5755" FILE_DESCRIPTION="NT Layer DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)" ORIGINAL_FILENAME="ntdll.dll" INTERNAL_NAME="ntdll.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xBC674" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5755" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5755" LINK_DATE="02/09/2009 12:10:48" UPTO_LINK_DATE="02/09/2009 12:10:48" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="ole32.dll" SIZE="1287168" CHECKSUM="0xB764FEEA" BIN_FILE_VERSION="5.1.2600.5512" BIN_PRODUCT_VERSION="5.1.2600.5512" PRODUCT_VERSION="5.1.2600.5512" FILE_DESCRIPTION="Microsoft OLE for Windows" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5512 (xpsp.080413-2108)" ORIGINAL_FILENAME="OLE32.DLL" INTERNAL_NAME="OLE32.DLL" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x14744B" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5512" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5512" LINK_DATE="04/14/2008 00:10:57" UPTO_LINK_DATE="04/14/2008 00:10:57" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="oleaut32.dll" SIZE="551936" CHECKSUM="0xE8E0E87" BIN_FILE_VERSION="5.1.2600.5512" BIN_PRODUCT_VERSION="5.1.2600.5512" PRODUCT_VERSION="5.1.2600.5512" COMPANY_NAME="Microsoft Corporation" FILE_VERSION="5.1.2600.5512" INTERNAL_NAME="OLEAUT32.DLL" LEGAL_COPYRIGHT="Copyright © Microsoft Corp. 1993-2001." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x8D4E3" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5512" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5512" LINK_DATE="04/14/2008 00:10:58" UPTO_LINK_DATE="04/14/2008 00:10:58" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="shell32.dll" SIZE="8461312" CHECKSUM="0x229B7DE8" BIN_FILE_VERSION="6.0.2900.5622" BIN_PRODUCT_VERSION="6.0.2900.5622" PRODUCT_VERSION="6.00.2900.5622" FILE_DESCRIPTION="Windows Shell Common Dll" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.5622 (xpsp_sp3_gdr.080617-1319)" ORIGINAL_FILENAME="SHELL32.DLL" INTERNAL_NAME="SHELL32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x812125" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.5622" UPTO_BIN_PRODUCT_VERSION="6.0.2900.5622" LINK_DATE="06/17/2008 19:02:17" UPTO_LINK_DATE="06/17/2008 19:02:17" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="user32.dll" SIZE="578560" CHECKSUM="0x6280E825" BIN_FILE_VERSION="5.1.2600.5512" BIN_PRODUCT_VERSION="5.1.2600.5512" PRODUCT_VERSION="5.1.2600.5512" FILE_DESCRIPTION="Windows XP USER API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5512 (xpsp.080413-2105)" ORIGINAL_FILENAME="user32" INTERNAL_NAME="user32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x8FC76" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5512" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5512" LINK_DATE="04/14/2008 00:11:07" UPTO_LINK_DATE="04/14/2008 00:11:07" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="wininet.dll" SIZE="827392" CHECKSUM="0x9DF68945" BIN_FILE_VERSION="7.0.6000.16850" BIN_PRODUCT_VERSION="7.0.6000.16850" PRODUCT_VERSION="7.00.6000.16850" FILE_DESCRIPTION="Internet Extensions for Win32" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Windows® Internet Explorer" FILE_VERSION="7.00.6000.16850 (vista_gdr.090423-0018)" ORIGINAL_FILENAME="wininet.dll" INTERNAL_NAME="wininet.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xD3257" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="7.0.6000.16850" UPTO_BIN_PRODUCT_VERSION="7.0.6000.16850" LINK_DATE="04/29/2009 04:56:01" UPTO_LINK_DATE="04/29/2009 04:56:01" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="winsock.dll" SIZE="2864" CHECKSUM="0x73AE8088" BIN_FILE_VERSION="3.10.0.103" BIN_PRODUCT_VERSION="3.10.0.103" PRODUCT_VERSION="3.10" FILE_DESCRIPTION="Windows Socket 16-Bit DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows™ Operating System" FILE_VERSION="3.10" ORIGINAL_FILENAME="WINSOCK.DLL" INTERNAL_NAME="WINSOCK" LEGAL_COPYRIGHT="Copyright © Microsoft Corp. 1981-1996" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x10001" VERFILETYPE="0x2" MODULE_TYPE="WIN16" S16BIT_DESCRIPTION="BSD Socket API for Windows" S16BIT_MODULE_NAME="WINSOCK" UPTO_BIN_FILE_VERSION="3.10.0.103" UPTO_BIN_PRODUCT_VERSION="3.10.0.103" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
<EXE NAME="msvcrt.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="msvcrt.dll" SIZE="343040" CHECKSUM="0x62160733" BIN_FILE_VERSION="7.0.2600.5512" BIN_PRODUCT_VERSION="6.1.8638.5512" PRODUCT_VERSION="7.0.2600.5512" FILE_DESCRIPTION="Windows NT CRT DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="7.0.2600.5512 (xpsp.080413-2111)" ORIGINAL_FILENAME="msvcrt.dll" INTERNAL_NAME="msvcrt.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x57341" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="7.0.2600.5512" UPTO_BIN_PRODUCT_VERSION="6.1.8638.5512" LINK_DATE="04/14/2008 00:12:56" UPTO_LINK_DATE="04/14/2008 00:12:56" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
</DATABASE>

Attached thumbnail(s)
Attached Image
Attached Image
 
Go to the top of the page
 
+Quote Post
CatByte
post Jul 6 2009, 04:29 PM
Post #12


Classroom Administrator
Group Icon

Group: Classroom Admin
Posts: 9,584
Joined: 18-November 04
From: Canada
Member No.: 18,614
Operating System: xp sp3
Hi,

what was the file association set to when you checked?

I will need to consult with my colleagues on this one, so please be patient with me and I will get back to you - hopefully with a solution, as soon as possible

~CB
Go to the top of the page
 
+Quote Post
grave
post Jul 6 2009, 05:15 PM
Post #13


Authentic Member
**

Group: Authentic Member
Posts: 43
Joined: 21-August 07
Member No.: 72,314
Operating System: windows xp
I use VLC Media Player for avi's. The problem occurred when I removed some video editing programs. I can't remember the names.
Go to the top of the page
 
+Quote Post
LDTate
post Jul 6 2009, 05:37 PM
Post #14


Forum God
Group Icon

Group: Root Admin
Posts: 48,364
Joined: 23-September 04
From: Missouri, USA
Member No.: 15,276
MVP


Right Click on any AVI and select open with Windows Media Player, does that work?
Go to the top of the page
 
+Quote Post
grave
post Jul 6 2009, 06:05 PM
Post #15


Authentic Member
**

Group: Authentic Member
Posts: 43
Joined: 21-August 07
Member No.: 72,314
Operating System: windows xp
the problem isn't in opening the files, i am able to play the avi's with media programs. the error occurs when a windows folder containing the avi files is opened and viewed. i think it may have something to do with the loading of the thumbnails.


QUOTE (LDTate @ Jul 6 2009, 07:37 PM) *
Right Click on any AVI and select open with Windows Media Player, does that work?
Go to the top of the page
 
+Quote Post
« Next Oldest · Infections Removal · Next Newest »
 

2 Pages V   1 2 >
Closed TopicStart new topic

 
RSS Time is now: 17th March 2010 - 06:14 PM
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
Powered By IP.Board © 2010  IPS, Inc.