Antivirus Soft and bankerfoxa are in cahoots!! Do Not download their software!!

View previous topic View next topic Go down

Antivirus Soft and bankerfoxa are in cahoots!! Do Not download their software!!

Post by izabellephoenix on 17th February 2010, 5:20 pm

I have avast!antivirus as well as windows defender. i was infected by bankerfoxa, i get this from myspace i believe, the last time and this time i was on myspace when i started getting all of the pop ups(porn, and other X-rated stuff soon followed). used Malwarebytes' Anti-Malware last time and it got rid of it. this time it scanned my computer for almost an hour found 5 infected files, i removed them, but upon restarting my computer, it was still infected. i restarted in safe mode yet again, downloaded hijackthis and this was what it says:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:58 PM, on 2/17/2010
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Safe mode with network support

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\bailey\My Documents\Downloads\winlogon.scr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - D:\Program Files\iWin Games\iWinGamesHookIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Monitor] "D:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [yivwyqdu] D:\Documents and Settings\bailey\Local Settings\Application Data\qxtowj\jaacsftav.exe
O4 - HKCU\..\Run: [swg] "D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [yivwyqdu] D:\Documents and Settings\bailey\Local Settings\Application Data\qxtowj\jaacsftav.exe
O4 - Startup: OpenOffice.org 2.1.lnk = D:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Startup: PMB Media Check Tool.lnk = D:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [You must be registered and logged in to see this link.]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - [You must be registered and logged in to see this link.]
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: Google Update Service (gupdate1c9e08fde581c12) (gupdate1c9e08fde581c12) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iWinTrusted - iWin Inc. - D:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - D:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: TomTomHOMEService - TomTom - D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - D:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 6648 bytes



Please Help ASAP!! Sad tearing

izabellephoenix
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-02-01
Gender Gender : Female
OS OS : windows xp
Points Points : 25098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft and bankerfoxa are in cahoots!! Do Not download their software!!

Post by Belahzur on 17th February 2010, 9:01 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [yivwyqdu] D:\Documents and Settings\bailey\Local Settings\Application Data\qxtowj\jaacsftav.exe
    O4 - HKCU\..\Run: [yivwyqdu] D:\Documents and Settings\bailey\Local Settings\Application Data\qxtowj\jaacsftav.exe



  • Press "Fix Checked"
  • Close Hijack This.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Soft and bankerfoxa are in cahoots!! Do Not download their software!!

Post by izabellephoenix on 17th February 2010, 10:41 pm

did the hijackthis and did the MBAM scan as told, scan said no infection...gonna restart in regular mode now, will update asap. thank you for your help. cross your fingers..


Malwarebytes' Anti-Malware 1.44
Database version: 3753
Windows 5.1.2600 Service Pack 3, v.3264 (Safe Mode)
Internet Explorer 7.0.5730.13

2/17/2010 5:39:02 PM
mbam-log-2010-02-17 (17-39-02).txt

Scan type: Quick Scan
Objects scanned: 112921
Time elapsed: 3 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

izabellephoenix
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-02-01
Gender Gender : Female
OS OS : windows xp
Points Points : 25098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft and bankerfoxa are in cahoots!! Do Not download their software!!

Post by Belahzur on 17th February 2010, 10:53 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Soft and bankerfoxa are in cahoots!! Do Not download their software!!

Post by izabellephoenix on 18th February 2010, 4:17 pm

seems to be running fine, here are the OTL logs. thanks for your help page 1 of 2


OTL logfile created on: 2/18/2010 11:07:37 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = D:\Documents and Settings\bailey\My Documents\Downloads
Windows XP Home Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 19.53 Gb Total Space | 17.06 Gb Free Space | 87.34% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 8.82 Gb Free Space | 23.66% Space Free | Partition Type: NTFS
Drive E: | 19.53 Gb Total Space | 19.43 Gb Free Space | 99.48% Space Free | Partition Type: NTFS
Drive F: | 19.53 Gb Total Space | 19.18 Gb Free Space | 98.16% Space Free | Partition Type: NTFS
Drive G: | 19.53 Gb Total Space | 18.33 Gb Free Space | 93.81% Space Free | Partition Type: NTFS
Drive H: | 33.61 Gb Total Space | 26.59 Gb Free Space | 79.11% Space Free | Partition Type: NTFS
Drive I: | 318.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 244.14 Gb Total Space | 243.74 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
Drive K: | 244.14 Gb Total Space | 234.76 Gb Free Space | 96.16% Space Free | Partition Type: NTFS
Drive L: | 210.35 Gb Total Space | 210.01 Gb Free Space | 99.84% Space Free | Partition Type: NTFS

Computer Name: JEANNE
Current User Name: bailey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - File not found -- D:\Documents and Settings\bailey\My Documents\Downloads\OTL.exe
PRC - [2010/01/21 14:12:42 | 000,078,104 | ---- | M] (iWin Inc.) -- D:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2009/11/13 06:31:14 | 000,092,008 | ---- | M] (TomTom) -- D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/11/13 06:31:12 | 000,247,144 | ---- | M] (TomTom) -- D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/11/10 10:14:38 | 000,443,728 | ---- | M] (LeapFrog Enterprises, Inc.) -- D:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2009/11/10 09:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- D:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/05/05 15:54:31 | 000,039,408 | ---- | M] (Google Inc.) -- D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/10/10 16:00:24 | 000,317,728 | ---- | M] (Sony Corporation) -- D:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008/05/02 01:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- D:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 01:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- D:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2007/12/01 02:26:26 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2007/04/30 12:04:37 | 000,243,328 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2007/04/30 11:42:48 | 000,075,392 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2007/04/30 11:42:40 | 000,132,736 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2007/04/30 11:41:27 | 000,345,728 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2007/04/30 11:29:55 | 000,016,512 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2007/03/15 19:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2007/03/09 20:29:40 | 000,507,904 | ---- | M] (Lavasoft AB) -- D:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe
PRC - [2006/11/30 17:54:50 | 002,486,272 | ---- | M] (OpenOffice.org) -- D:\Program Files\OpenOffice.org 2.1\program\soffice.bin
PRC - [2006/11/30 17:54:34 | 002,334,720 | ---- | M] (OpenOffice.org) -- D:\Program Files\OpenOffice.org 2.1\program\soffice.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/08/28 11:23:44 | 005,527,040 | ---- | M] (Linksys) -- D:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
PRC - [2005/07/04 18:46:04 | 000,053,307 | ---- | M] (GEMTEKS) -- D:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
PRC - [2002/05/20 21:36:10 | 000,090,112 | ---- | M] (MUSICMATCH, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
PRC - [1999/12/13 03:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\system32\Ctsvccda.exe


========== Modules (SafeList) ==========

MOD - [2008/05/02 01:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- D:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2007/12/01 02:27:12 | 001,054,208 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3264_x-ww_d751ffbf\comctl32.dll
MOD - [2006/12/01 21:54:32 | 000,626,688 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WUSB54GCSVC)
SRV - [2010/01/21 14:12:42 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- D:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2009/11/13 06:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/11/10 09:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- D:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/05/29 14:01:03 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- D:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9e08fde581c12) Google Update Service (gupdate1c9e08fde581c12)
SRV - [2009/05/05 15:54:29 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/05/02 01:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/04/30 12:04:37 | 000,243,328 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2007/04/30 11:42:40 | 000,132,736 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2007/04/30 11:41:27 | 000,345,728 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2007/04/30 11:29:55 | 000,016,512 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007/03/09 20:29:40 | 000,507,904 | ---- | M] (Lavasoft AB) [Auto | Running] -- D:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe -- (aawservice)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [1999/12/13 03:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- D:\WINDOWS\system32\Ctsvccda.exe -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV - [2009/11/10 09:27:06 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2008/07/04 10:22:36 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- D:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/01 20:11:35 | 000,020,747 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2008/02/29 02:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/29 02:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/11/30 19:31:16 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/11/30 17:21:50 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/11/30 16:30:58 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/06/29 02:09:10 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2007/06/29 02:08:48 | 000,015,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2007/06/29 02:08:30 | 000,074,280 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\SI3112.sys -- (SI3112)
DRV - [2007/04/30 11:41:42 | 000,094,552 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2007/04/30 11:39:41 | 000,023,416 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2007/04/30 11:38:51 | 000,043,176 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2007/04/30 11:37:23 | 000,026,888 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2007/03/22 14:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 14:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006/02/28 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2005/11/24 21:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/06/13 14:58:04 | 000,162,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2004/08/03 17:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/03/06 00:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 00:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 00:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 00:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/09/26 00:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2002/07/02 11:20:51 | 000,070,382 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)
DRV - [2002/07/02 11:20:51 | 000,040,508 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\LHidUsb.Sys -- (LHidUsb)
DRV - [2002/07/02 11:20:51 | 000,023,854 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\LHidFlt2.sys -- (LHidFlt2)
DRV - [2002/07/02 11:20:51 | 000,006,030 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)
DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 14:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [1999/12/17 03:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- D:\WINDOWS\system32\PfModNT.sys -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0848}:1.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: D:\Program Files\iWin Games\firefox\ [2010/02/04 07:30:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010/01/30 09:15:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010/01/17 10:21:32 | 000,000,000 | ---D | M]

[2009/05/14 09:14:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\bailey\Application Data\Mozilla\Extensions
[2009/05/14 09:14:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\bailey\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/07/07 18:05:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\bailey\Application Data\Mozilla\Firefox\Profiles\8v7cdiz9.default\extensions
[2010/02/17 12:18:37 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions
[2009/07/16 23:13:11 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions\npmozax@real.com
[2009/03/30 16:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- D:\Program Files\Mozilla Firefox\plugins\npraclient.dll
[2009/03/03 09:51:42 | 000,098,304 | ---- | M] (Zylom) -- D:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2009/07/07 18:03:53 | 000,003,700 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/07/07 18:03:54 | 000,001,963 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\fast.xml

O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,734 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - D:\Program Files\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [avast!] D:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [EM_EXEC] D:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] D:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (MUSICMATCH, Inc.)
O4 - HKLM..\Run: [Monitor] D:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [Windows Defender] D:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EasyLinkAdvisor] D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: D:\Documents and Settings\bailey\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk = D:\Program Files\OpenOffice.org 2.1\program\quickstart.exe ()
O4 - Startup: D:\Documents and Settings\bailey\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = D:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 6 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} [You must be registered and logged in to see this link.] (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} [You must be registered and logged in to see this link.] (mhLabel Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.158.96.130 24.158.96.131
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - d:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: D:\Documents and Settings\bailey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\bailey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - D:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/01 19:09:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999/09/02 13:48:08 | 000,000,914 | R--- | M] () - I:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2007/12/29 00:42:04 | 000,540,213 | ---- | M] () - K:\Autoruns 90 12-29-2007.zip -- [ NTFS ]
O33 - MountPoints2\{2b37af1c-4333-11de-b9cb-000cf1e655c8}\Shell\AutoRun\command - "" = O:\PMB_P.exe -- File not found
O33 - MountPoints2\{632e3ae8-dc7f-11de-bb66-001ee59eddab}\Shell\AutoRun\command - "" = M:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{f16b560c-004a-11dd-b97c-911b9a80ec4d}\Shell\AutoRun\command - "" = M:\setupSNK.exe -- File not found
O33 - MountPoints2\{fa1cc10c-407f-11de-b9c7-000cf1e655c8}\Shell\AutoRun\command - "" = M:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
O36 - AppCertDlls: chknexec - (D:\WINDOWS\system32\pentdsvc.dll) - D:\WINDOWS\System32\pentdsvc.dll File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/02/18 11:06:05 | 000,549,376 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\bailey\Desktop\OTL.exe
[2010/02/17 17:33:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/17 17:33:54 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2010/02/17 17:26:07 | 000,000,000 | ---D | C] -- D:\Program Files\Trend Micro
[2010/02/17 12:27:06 | 000,000,000 | --SD | M] -- D:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/17 10:27:17 | 000,000,000 | ---D | C] -- D:\Documents and Settings\bailey\Local Settings\Application Data\qxtowj
[2010/02/16 12:12:51 | 000,181,120 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\MpSigStub.exe
[2010/02/16 12:08:57 | 000,000,000 | ---D | C] -- D:\Program Files\Windows Defender
[2010/02/13 16:07:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\bailey\Application Data\GameMill
[2010/02/13 16:07:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\GameMill
[2010/02/12 18:54:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\bailey\Maximize Games
[2010/02/10 15:10:02 | 000,000,000 | ---D | C] -- D:\Documents and Settings\bailey\Freeze Tag
[2010/02/10 15:04:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\bailey\Application Data\Trick or Travel
[2010/02/10 14:03:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\SugarGames
[2010/02/08 13:02:08 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Fenomen Games
[2010/02/08 10:30:55 | 000,000,000 | ---D | C] -- D:\Documents and Settings\bailey\Application Data\Yahoov1002
[2010/02/07 16:29:35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\bailey\Local Settings\Application Data\LostKing
[2010/02/07 16:04:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\bailey\Application Data\TitanicMystery
[2010/02/07 14:44:41 | 000,000,000 | ---D | C] -- D:\Documents and Settings\bailey\Application Data\Enlightenus_Real
[2010/02/07 13:42:02 | 000,000,000 | ---D | C] -- D:\Documents and Settings\bailey\Application Data\casanova
[2010/02/07 12:24:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Documents\BlitPop
[2010/02/07 10:43:19 | 000,000,000 | ---D | C] -- D:\Documents and Settings\bailey\Application Data\Try2
[2010/02/07 10:43:19 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Try2
[2010/02/05 14:48:15 | 000,000,000 | ---D | C] -- D:\Documents and Settings\bailey\Application Data\1morebee
[2010/02/05 09:04:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\bailey\Application Data\Absolutist
[2010/02/05 09:04:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Absolutist
[2010/02/04 07:30:49 | 000,000,000 | ---D | C] -- D:\Program Files\iWin Games
[2010/02/03 17:04:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\bailey\Application Data\OtherSide Realm of Eons
[2010/02/03 16:03:45 | 000,000,000 | ---D | C] -- D:\Documents and Settings\bailey\Application Data\BanzaiInteractive
[2010/02/03 16:03:45 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\BanzaiInteractive
[2010/02/03 15:46:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\bailey\My Documents\Dotar Games
[2010/02/02 20:40:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Million
[2010/02/02 19:36:54 | 000,000,000 | ---D | C] -- D:\Documents and Settings\bailey\Local Settings\Application Data\Menge
[2010/02/02 18:36:35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\The Mirror Mysteries
[2010/02/02 16:31:30 | 000,000,000 | ---D | C] -- D:\Documents and Settings\bailey\Application Data\World-Loom
[2010/02/02 15:30:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Rumbic Studio
[2010/02/02 15:30:09 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Intenium
[2010/02/01 19:35:55 | 000,023,416 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/01 19:35:54 | 000,043,176 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/01 19:35:53 | 000,026,888 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/01 19:35:51 | 000,095,872 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\AvastSS.scr
[2010/02/01 19:35:50 | 000,094,552 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/01 19:35:50 | 000,085,952 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/01 19:35:44 | 000,745,600 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\aswBoot.exe
[2010/02/01 19:09:50 | 000,000,000 | ---D | C] -- D:\Documents and Settings\bailey\Application Data\Malwarebytes
[2010/02/01 18:56:11 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2010/02/01 18:56:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/01 16:20:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/01/29 19:26:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\bailey\Local Settings\Application Data\npjamu
[2009/05/30 06:53:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/05/29 14:01:31 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/04/01 20:39:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/04/01 19:12:46 | 000,000,000 | --SD | M] -- D:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/04/01 19:12:38 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[6 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/18 11:06:04 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\bailey\Desktop\OTL.exe
[2010/02/18 10:16:01 | 000,000,886 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/18 10:16:01 | 000,000,882 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/18 10:08:30 | 000,000,330 | -H-- | M] () -- D:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/02/18 10:05:11 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2010/02/18 10:04:59 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010/02/17 18:57:31 | 005,767,168 | -H-- | M] () -- D:\Documents and Settings\bailey\NTUSER.DAT
[2010/02/17 18:57:31 | 000,000,178 | -HS- | M] () -- D:\Documents and Settings\bailey\ntuser.ini
[2010/02/17 17:33:58 | 000,000,703 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/17 17:26:07 | 000,001,741 | ---- | M] () -- D:\Documents and Settings\bailey\Desktop\HijackThis.lnk
[2010/02/17 16:15:40 | 000,013,646 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010/02/17 15:56:36 | 000,020,520 | ---- | M] () -- D:\Documents and Settings\bailey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/17 15:55:39 | 000,116,560 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/16 17:35:29 | 001,574,884 | -H-- | M] () -- D:\Documents and Settings\bailey\Local Settings\Application Data\IconCache.db
[2010/02/16 12:22:26 | 000,001,826 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\The Mysterious Past of Gregory Phoenix.lnk
[2010/02/01 19:35:53 | 000,002,626 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT
[2010/02/01 17:37:13 | 000,188,416 | ---- | M] () -- D:\Documents and Settings\bailey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[6 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/17 17:33:58 | 000,000,703 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/17 17:26:07 | 000,001,741 | ---- | C] () -- D:\Documents and Settings\bailey\Desktop\HijackThis.lnk
[2010/02/16 12:22:26 | 000,001,826 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\The Mysterious Past of Gregory Phoenix.lnk
[2010/02/16 12:12:08 | 000,000,330 | -H-- | C] () -- D:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/08 15:04:18 | 000,001,449 | ---- | C] () -- D:\Documents and Settings\bailey\Application Data\seed.log
[2009/12/24 12:42:30 | 000,000,327 | ---- | C] () -- D:\WINDOWS\3DHOME.INI
[2009/12/22 14:39:56 | 000,000,110 | ---- | C] () -- D:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/09/25 20:07:56 | 000,000,760 | ---- | C] () -- D:\Documents and Settings\bailey\Application Data\setup_ldm.iss
[2009/07/09 09:04:23 | 000,000,000 | ---- | C] () -- D:\WINDOWS\Curses.INI
[2009/06/23 08:53:20 | 000,000,000 | ---- | C] () -- D:\WINDOWS\Ransom.INI
[2009/04/03 15:25:09 | 000,000,031 | ---- | C] () -- D:\WINDOWS\sonic.ini
[2009/04/01 16:27:49 | 000,001,702 | ---- | C] () -- D:\WINDOWS\VIP.INI
[2009/04/01 16:27:49 | 000,000,059 | ---- | C] () -- D:\WINDOWS\LNAME.INI
[2009/03/31 14:51:23 | 000,000,244 | ---- | C] () -- D:\WINDOWS\msdanger.ini
[2009/03/31 14:40:48 | 000,000,080 | ---- | C] () -- D:\WINDOWS\drp.ini
[2009/03/31 14:19:46 | 000,000,039 | ---- | C] () -- D:\WINDOWS\Winhelp.INI
[2009/03/31 14:19:45 | 000,000,515 | ---- | C] () -- D:\WINDOWS\TrpMaker.INI
[2009/03/31 14:19:40 | 000,038,688 | ---- | C] () -- D:\WINDOWS\System32\LEADDIB.DRV
[2009/03/31 14:19:36 | 000,011,136 | ---- | C] () -- D:\WINDOWS\System32\FPRUN300.DLL
[2009/03/31 09:39:42 | 000,000,264 | ---- | C] () -- D:\WINDOWS\_delis32.ini
[2009/03/31 09:39:08 | 000,096,768 | ---- | C] () -- D:\WINDOWS\System32\LGUICOM.DLL
[2008/04/01 23:04:13 | 000,000,071 | ---- | C] () -- D:\WINDOWS\SBWIN.INI
[2008/04/01 21:34:27 | 000,188,416 | ---- | C] () -- D:\Documents and Settings\bailey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/01 20:11:34 | 000,094,208 | ---- | C] () -- D:\WINDOWS\System32\GTW32N50.dll
[2008/04/01 20:11:17 | 000,001,361 | ---- | C] () -- D:\WINDOWS\System32\WLAN.INI
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- D:\WINDOWS\System32\iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 180 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:21F99D47
@Alternate Data Stream - 164 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:350C5B9E
@Alternate Data Stream - 154 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:18BFD8F8
@Alternate Data Stream - 147 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:F073D52C
@Alternate Data Stream - 147 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:DCFC1661
@Alternate Data Stream - 147 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:05487299
@Alternate Data Stream - 147 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:007DF10C
@Alternate Data Stream - 145 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:BA37E1F6
@Alternate Data Stream - 145 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:1807741D
@Alternate Data Stream - 144 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:EB9EF516
@Alternate Data Stream - 144 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:7867C00C
@Alternate Data Stream - 144 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:302CDEC6
@Alternate Data Stream - 144 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:2AF40C07
@Alternate Data Stream - 143 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:0479E312
@Alternate Data Stream - 142 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:EB277F6C
@Alternate Data Stream - 142 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:BDBE6E37
@Alternate Data Stream - 142 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:59B23671
@Alternate Data Stream - 142 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:2343643D
@Alternate Data Stream - 141 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:98E800E7
@Alternate Data Stream - 141 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:1898E06D
@Alternate Data Stream - 140 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:D55BAAC3
@Alternate Data Stream - 140 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:B9A9FF9B
@Alternate Data Stream - 140 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:B7E2DE81
@Alternate Data Stream - 140 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:602146E4
@Alternate Data Stream - 140 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:42F5BBCE
@Alternate Data Stream - 140 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:1FEDA220
@Alternate Data Stream - 139 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:D1E22E44
@Alternate Data Stream - 139 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:C04C48D4
@Alternate Data Stream - 139 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:65B8650D
@Alternate Data Stream - 138 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:DA3E37DC
@Alternate Data Stream - 138 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:CDC1B76E
@Alternate Data Stream - 138 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:B9B2111D
@Alternate Data Stream - 138 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:AF9BF410
@Alternate Data Stream - 138 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:7318DDBB
@Alternate Data Stream - 138 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:50E7393E
@Alternate Data Stream - 137 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:7CAB0377
@Alternate Data Stream - 137 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:3EAC9BB2
@Alternate Data Stream - 136 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A752D3DB
@Alternate Data Stream - 136 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:4001342B
@Alternate Data Stream - 135 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:EE05CC7F
@Alternate Data Stream - 135 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:B7C6AAAB
@Alternate Data Stream - 135 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:3EA715B9
@Alternate Data Stream - 133 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:D53344E0
@Alternate Data Stream - 133 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:AFCB76C3
@Alternate Data Stream - 133 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:6ECD2470
@Alternate Data Stream - 133 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:5AC1E7BD
@Alternate Data Stream - 133 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:3854F394
@Alternate Data Stream - 133 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:29058F8B
@Alternate Data Stream - 132 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:C3E7C8C5
@Alternate Data Stream - 132 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:115FA012
@Alternate Data Stream - 131 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:41DAF48E
@Alternate Data Stream - 130 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:D88F83CD
@Alternate Data Stream - 130 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:D7D4A779
@Alternate Data Stream - 130 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:B25687C0
@Alternate Data Stream - 130 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A477045F
@Alternate Data Stream - 130 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:9B9085E9
@Alternate Data Stream - 130 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:8101D728
@Alternate Data Stream - 130 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:64D6413B
@Alternate Data Stream - 130 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:4CC33C80
@Alternate Data Stream - 130 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:31A7D544
@Alternate Data Stream - 129 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:3B4F28B0
@Alternate Data Stream - 127 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:94260FE6
@Alternate Data Stream - 127 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:931BB48A
@Alternate Data Stream - 127 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:737EACFF
@Alternate Data Stream - 127 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:60F6915A
@Alternate Data Stream - 127 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:1E73B7C5
@Alternate Data Stream - 126 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:E010A554
@Alternate Data Stream - 126 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:BA21F28A
@Alternate Data Stream - 126 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:B9195993
@Alternate Data Stream - 126 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:9F2B366E
@Alternate Data Stream - 126 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:7AD3CA0E
@Alternate Data Stream - 126 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:7134B5AD
@Alternate Data Stream - 126 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:287E7337
@Alternate Data Stream - 125 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:DB258930
@Alternate Data Stream - 125 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:57777E90
@Alternate Data Stream - 125 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:19823AC6
@Alternate Data Stream - 124 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:EDF6588A
@Alternate Data Stream - 124 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:D9DBEF7D
@Alternate Data Stream - 124 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:D3BEF2E1
@Alternate Data Stream - 124 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:2B4FA895
@Alternate Data Stream - 124 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:1477B2F8
@Alternate Data Stream - 124 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:0DE730E4
@Alternate Data Stream - 123 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:980AF986
@Alternate Data Stream - 123 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:7BB82651
@Alternate Data Stream - 122 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:91FDFB7B
@Alternate Data Stream - 122 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:55A84CE5
@Alternate Data Stream - 122 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:2C27D9EC
@Alternate Data Stream - 121 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:DC85983B
@Alternate Data Stream - 121 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:41E59231
@Alternate Data Stream - 121 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:15812AD1
@Alternate Data Stream - 120 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:8ACA54F1
@Alternate Data Stream - 120 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:1C90EF4F
@Alternate Data Stream - 119 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:81BA5807
@Alternate Data Stream - 118 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:E7071A3A
@Alternate Data Stream - 118 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:D0B05FE5
@Alternate Data Stream - 118 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:7F74B4CE
@Alternate Data Stream - 118 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:37A056B2
@Alternate Data Stream - 118 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:18EE7F24
@Alternate Data Stream - 118 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:078AAF2B
@Alternate Data Stream - 117 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:9C31E38F
@Alternate Data Stream - 117 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:2A2E8EF2
@Alternate Data Stream - 116 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:BBE07C18
@Alternate Data Stream - 116 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:88F28B2C
@Alternate Data Stream - 116 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:261FEAF9
< End of report >

izabellephoenix
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-02-01
Gender Gender : Female
OS OS : windows xp
Points Points : 25098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft and bankerfoxa are in cahoots!! Do Not download their software!!

Post by izabellephoenix on 18th February 2010, 4:18 pm

page 2 of 2



OTL Extras logfile created on: 2/18/2010 11:07:37 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = D:\Documents and Settings\bailey\My Documents\Downloads
Windows XP Home Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 19.53 Gb Total Space | 17.06 Gb Free Space | 87.34% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 8.82 Gb Free Space | 23.66% Space Free | Partition Type: NTFS
Drive E: | 19.53 Gb Total Space | 19.43 Gb Free Space | 99.48% Space Free | Partition Type: NTFS
Drive F: | 19.53 Gb Total Space | 19.18 Gb Free Space | 98.16% Space Free | Partition Type: NTFS
Drive G: | 19.53 Gb Total Space | 18.33 Gb Free Space | 93.81% Space Free | Partition Type: NTFS
Drive H: | 33.61 Gb Total Space | 26.59 Gb Free Space | 79.11% Space Free | Partition Type: NTFS
Drive I: | 318.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 244.14 Gb Total Space | 243.74 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
Drive K: | 244.14 Gb Total Space | 234.76 Gb Free Space | 96.16% Space Free | Partition Type: NTFS
Drive L: | 210.35 Gb Total Space | 210.01 Gb Free Space | 99.84% Space Free | Partition Type: NTFS

Computer Name: JEANNE
Current User Name: bailey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "D:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "D:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "D:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "D:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "D:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "D:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\Yahoo! Games\BeTrapped!\BeTrapped.exe" = D:\Program Files\Yahoo! Games\BeTrapped!\BeTrapped.exe:*:Enabled:BeTrapped Game Executable -- File not found
"D:\Program Files\Microsoft Games\Age of Empires\EMPIRES.EXE" = D:\Program Files\Microsoft Games\Age of Empires\EMPIRES.EXE:*:Disabled:Age of Empires -- (Microsoft Corporation)
"D:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD" = D:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Disabled:Age of Empires II -- (Microsoft Corporation)
"D:\Program Files\iWin Games\iWinGames.exe" = D:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"D:\Program Files\iWin Games\WebUpdater.exe" = D:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = The Sims Deluxe Edition
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1639269F-FE6D-184C-1667-CF60D929A147}" = The Apprentice 2 - Los Angeles
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25081482-E242-4FE3-B552-FDC8BA88C90E}" = Ad-Aware 2007 Beta
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{43983EB4-43DC-4C3D-9712-1EF592A31CA8}" = OpenOffice.org 2.1
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.70
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}" = LeapFrog Connect
"{81BD0427-6B0A-5725-8944-6A428CE8B642}" = Nanny Mania
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A8964DB2-33FA-093F-D3EE-C6B7C1C00C3A}" = Chocolatier
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD900CD-C20C-4D94-32D3-6E79423A8C77}" = Mystery of Shark Island
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D9DE9E03-71CA-423B-B101-57F13A751003}" = LeapFrog Tag Junior Plugin
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Compact Wireless-G USB Adapter
"3D Home Architect Deluxe" = 3D Home Architect Deluxe
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"am-1912titanicmystery" = 1912 Titanic Mystery
"Amazing Adventures the Caribbean Secret" = Amazing Adventures the Caribbean Secret (remove only)
"am-enlightenus" = Enlightenus
"am-gardenscapestm" = Gardenscapes(TM)
"am-geminilosttm" = Gemini Lost(TM)
"am-habitatrescuetmlionspride" = Habitat Rescue(TM) - Lion's Pride
"am-insidertalesthesecretofcasanova" = Insider Tales - The Secret of Casanova
"am-luxoradventures" = LUXOR Adventures
"am-marykayandrewsthefixerupper" = Mary Kay Andrews - The Fixer Upper
"am-mortimerbeckettandthelostkingpremiumedition" = Mortimer Beckett and the Lost King Premium Edition
"am-trapped" = Trapped
"am-unorundercovertm" = UNO(R) - Undercover(TM)
"am-valerieporterandthescarletscandaltm" = Valerie Porter and the Scarlet Scandal(TM)
"am-virtualfarm" = Virtual Farm
"Ancient Mysteries" = Ancient Mysteries (remove only)
"Artist Colony" = Artist Colony (remove only)
"avast!" = avast! Antivirus
"Beach Party Craze" = Beach Party Craze (remove only)
"Big City Adventure: Vancouver" = Big City Adventure: Vancouver (remove only)
"Chocolatier" = Chocolatier (remove only)
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0044)
"Encarta96" = Microsoft Encarta 96 Encyclopedia
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.01
"Fantastic Farm" = Fantastic Farm (remove only)
"Farm Frenzy 3" = Farm Frenzy 3 (remove only)
"Farm Mania 2" = Farm Mania 2 (remove only)
"Fiona Finch and the Finest Flowers" = Fiona Finch and the Finest Flowers (remove only)
"GameHouse" = GameHouse
"Gemini Lost" = Gemini Lost (remove only)
"Google Chrome" = Google Chrome
"grannyinparadise" = Granny in Paradise
"HijackThis" = HijackThis 2.0.2
"Home Sweet Home" = Home Sweet Home (remove only)
"Home Sweet Home 2: Kitchens and Baths" = Home Sweet Home 2: Kitchens and Baths (remove only)
"Home Sweet Home Christmas Edition" = Home Sweet Home Christmas Edition (remove only)
"horatiostravels" = Horatio's Travels
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Insider Tales Vanished in Rome" = Insider Tales Vanished in Rome (remove only)
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"iWinArcade" = iWin Games (remove only)
"Little Folk of Faery" = Little Folk of Faery (remove only)
"Logitech Resource Center" = Logitech Resource Center
"LUXOR Adventures Bundle" = LUXOR Adventures Bundle (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Midnight Mysteries - Edgar Allan Poe Conspiracy" = Midnight Mysteries - Edgar Allan Poe Conspiracy (remove only)
"mirielsenchantedmystery" = Miriel's Enchanted Mystery
"monstermash" = Monster Mash
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSNINST" = MSN
"MUSICMATCH Jukebox" = MUSICMATCH Jukebox
"Mystery Masterpiece: The Moonstone" = Mystery Masterpiece: The Moonstone (remove only)
"Mystery of Shark Island" = Mystery of Shark Island (remove only)
"Nancy Drew Dossier - Resorting to Danger" = Nancy Drew Dossier - Resorting to Danger (remove only)
"Nanny Mania" = Nanny Mania (remove only)
"Nat Geo Adventure: Ghost Fleet" = Nat Geo Adventure: Ghost Fleet (remove only)
"Nero - Burning Rom!UninstallKey" = Ahead Nero - Burning Rom
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Passport to Paradise" = Passport to Paradise (remove only)
"Princess Isabella - A Witchs Curse" = Princess Isabella - A Witchs Curse (remove only)
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealArcade" = RealArcade
"Righteous Kill Revenge of the Poet Killer" = Righteous Kill Revenge of the Poet Killer (remove only)
"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Shutter Island" = Shutter Island (remove only)
"Sony MHS Camera Driver" = Sony MHS Camera Driver
"Sound Blaster PCI128" = Sound Blaster PCI128
"supergranny4" = Super Granny 4
"TagJuniorPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
"The Apprentice 2 - Los Angeles" = The Apprentice 2 - Los Angeles (remove only)
"The Clumsys" = The Clumsys (remove only)
"The Mysterious Past of Gregory Phoenix" = The Mysterious Past of Gregory Phoenix (remove only)
"The Otherside Realm of Eons" = The Otherside Realm of Eons (remove only)
"The Tudors" = The Tudors (remove only)
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Trick or Travel" = Trick or Travel (remove only)
"TripMaker" = Rand McNally TripMaker
"Tropical Farm" = Tropical Farm (remove only)
"UPCShell" = LeapFrog Connect
"Vacation Mogul" = Vacation Mogul (remove only)
"Valerie Porter and the Scarlet Scandal" = Valerie Porter and the Scarlet Scandal (remove only)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Web Games Player Plugin" = Web Games Player Plugin
"Westward" = Westward (remove only)
"Westward 4" = Westward 4 (remove only)
"Westward II: Heroes of the Frontier" = Westward II: Heroes of the Frontier (remove only)
"Westward III: Gold Rush" = Westward III: Gold Rush (remove only)
"Windows XP Service Pack" = Windows XP Service Pack 3
"Youda Marina" = Youda Marina (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 5/5/2009 4:15:48 PM | Computer Name = JEANNE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
I:\vince 1.jpg failed, 0000A420.

Error - 5/5/2009 4:17:17 PM | Computer Name = JEANNE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
I:\vince 2.jpg failed, 0000A420.

Error - 5/5/2009 4:19:46 PM | Computer Name = JEANNE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
I:\vince 3.jpg failed, 0000A420.

Error - 5/5/2009 4:24:06 PM | Computer Name = JEANNE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
I:\vince 4.jpg failed, 0000A420.

Error - 5/5/2009 4:28:53 PM | Computer Name = JEANNE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
I:\vince 5.jpg failed, 0000A420.

Error - 5/11/2009 12:31:51 PM | Computer Name = JEANNE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
I:\Vince's Pictures 051.jpg failed, 0000A420.

Error - 5/19/2009 2:43:55 PM | Computer Name = JEANNE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
I:\Vince's Pictures 011.jpg failed, 0000001E.

Error - 2/17/2010 4:31:34 PM | Computer Name = JEANNE | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 2/17/2010 4:31:34 PM | Computer Name = JEANNE | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 2/17/2010 4:31:40 PM | Computer Name = JEANNE | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

[ Application Events ]
Error - 10/4/2009 10:35:00 AM | Computer Name = JEANNE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The specified server cannot perform the requested operation.

Error - 10/17/2009 3:53:38 PM | Computer Name = JEANNE | Source = Application Error | ID = 1000
Description = Faulting application PMB_P.exe, version 0.0.0.0, faulting module PMB_P.exe,
version 0.0.0.0, fault address 0x00001345.

Error - 11/1/2009 12:57:08 PM | Computer Name = JEANNE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 11/1/2009 12:57:09 PM | Computer Name = JEANNE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The specified server cannot perform the requested operation.

Error - 11/20/2009 11:37:12 AM | Computer Name = JEANNE | Source = TomTomHOMEService | ID = 10000
Description =

Error - 11/23/2009 11:11:33 AM | Computer Name = JEANNE | Source = crypt32 | ID = 131075
Description = Failed auto update retrieval of third-party root list cab from:
with error: This operation returned because the timeout period expired.

Error - 11/23/2009 11:11:41 AM | Computer Name = JEANNE | Source = crypt32 | ID = 131075
Description = Failed auto update retrieval of third-party root list cab from:
with error: The specified server cannot perform the requested operation.

Error - 12/6/2009 11:28:46 AM | Computer Name = JEANNE | Source = Application Error | ID = 1000
Description = Faulting application buildalot4.ifn, version 1.0.0.1, faulting module
buildalot4.ifn, version 1.0.0.1, fault address 0x001506d2.

Error - 12/7/2009 7:29:39 PM | Computer Name = JEANNE | Source = Application Error | ID = 1000
Description = Faulting application frankenstein.ifn, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 1/1/2010 11:49:53 AM | Computer Name = JEANNE | Source = Application Error | ID = 1000
Description = Faulting application nemo.ifn, version 0.0.0.0, faulting module nemo.ifn,
version 0.0.0.0, fault address 0x00059abe.

[ System Events ]
Error - 2/17/2010 6:31:51 PM | Computer Name = JEANNE | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 2/17/2010 6:32:24 PM | Computer Name = JEANNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/17/2010 6:33:26 PM | Computer Name = JEANNE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 Fips intelppm

Error - 2/17/2010 6:41:44 PM | Computer Name = JEANNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/17/2010 6:42:49 PM | Computer Name = JEANNE | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 2/17/2010 6:42:56 PM | Computer Name = JEANNE | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 2/17/2010 6:44:15 PM | Computer Name = JEANNE | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 2/18/2010 11:05:01 AM | Computer Name = JEANNE | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 2/18/2010 11:05:07 AM | Computer Name = JEANNE | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 2/18/2010 11:05:40 AM | Computer Name = JEANNE | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.


< End of report >

izabellephoenix
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-02-01
Gender Gender : Female
OS OS : windows xp
Points Points : 25098
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft and bankerfoxa are in cahoots!! Do Not download their software!!

Post by Belahzur on 18th February 2010, 7:45 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) SE Runtime Environment 6
    Java(TM) 6 Update 5

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O36 - AppCertDlls: chknexec - (D:\WINDOWS\system32\pentdsvc.dll) - D:\WINDOWS\System32\pentdsvc.dll File not found
    [2010/02/17 10:27:17 | 000,000,000 | ---D | C] -- D:\Documents and Settings\bailey\Local Settings\Application Data\qxtowj
    [2010/01/29 19:26:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\bailey\Local Settings\Application Data\npjamu



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum