antivirus soft/avcommand.net, ran Malwarebytes said removed, but still here

View previous topic View next topic Go down

antivirus soft/avcommand.net, ran Malwarebytes said removed, but still here

Post by scubadeaux on Tue Mar 02, 2010 7:51 pm

Was unfortunate enough to get this AntiviruSoft/avcommand.net monster. I downloaded Malwaerbytes, ran in safe mode, it caught it, restarted computer in normal mode, it is still here in a vicious way. Ran Malwarebytes again, comes up clean, even with deep scan. All while I am bombarded with a lot of porn.

Did I miss a step or do something out of sync. Any help. Please.

scubadeaux
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 24778
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirus soft/avcommand.net, ran Malwarebytes said removed, but still here

Post by Belahzur on Tue Mar 02, 2010 10:40 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: antivirus soft/avcommand.net, ran Malwarebytes said removed, but still here

Post by scubadeaux on Wed Mar 03, 2010 5:02 am

OTL logfile created on: 3/2/2010 10:48:10 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Users\Elizabeth\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.65 Gb Total Space | 308.97 Gb Free Space | 67.96% Space Free | Partition Type: NTFS
Drive D: | 11.11 Gb Total Space | 1.49 Gb Free Space | 13.38% Space Free | Partition Type: NTFS
Drive E: | 679.93 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ELIZABETH-PC
Current User Name: Elizabeth
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - File not found -- C:\Windows\SysWow64\spool\drivers\x64\3\WrtProc.exe
PRC - File not found -- C:\Windows\SysWow64\spool\drivers\x64\3\WrtMon.exe
PRC - [2010/03/02 22:44:27 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\Elizabeth\Desktop\OTL.exe
PRC - [2010/02/28 23:56:43 | 000,279,296 | ---- | M] () -- C:\Users\Elizabeth\AppData\Local\togvsh\hwgcsftav.exe
PRC - [2009/10/05 13:27:02 | 001,779,712 | ---- | M] (NetZero, Inc.) -- C:\Program Files (x86)\NetZero\exec.exe
PRC - [2009/07/09 15:54:44 | 001,296,344 | ---- | M] (NetZero, Inc.) -- C:\Program Files (x86)\NetZero\qsacc\X1Exec.exe
PRC - [2009/04/11 00:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009/03/28 15:11:38 | 003,325,952 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Electronic Arts\EADM\Core.exe
PRC - [2008/03/30 11:36:40 | 000,712,704 | ---- | M] () -- C:\Program Files (x86)\Proxyconn\PxClient.exe
PRC - [2008/03/30 11:35:08 | 001,798,144 | ---- | M] () -- C:\Program Files (x86)\Proxyconn\PxUi.exe
PRC - [2008/01/12 00:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007/04/18 09:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/04/07 03:56:47 | 000,132,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe


========== Modules (SafeList) ==========

MOD - [2010/03/02 22:44:27 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\Elizabeth\Desktop\OTL.exe
MOD - [2009/04/11 00:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/18 09:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2009/03/29 22:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2007/12/04 18:41:34 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2006/11/02 07:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 00:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 00:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2008/05/08 05:27:00 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2008/05/08 05:25:12 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/05/08 05:24:08 | 001,487,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys -- (HSF_DP)
DRV:64bit: - [2007/10/18 09:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2006/06/19 08:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006/09/18 15:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 15:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2006/06/19 08:26:50 | 000,094,208 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\mdmxsdk.dll -- (mdmxsdk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files (x86)\NetZero\SearchEnh1.dll (NetZero, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: {8585C31E-1E94-4498-ACEC-CB913A05FC52}:3.5.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1.5
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.3
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 7900
FF - prefs.js..network.proxy.no_proxies_on: "64.136.44.66,64.136.52.66,64.136.52.70,searchap.untd.com,127.0.0.1,localhost,*microsoft.com,*windowsupdate.com,*wustat.windows.com,*.pogo.com,*test-speed.com,liveupdate.symantecliveupdate.com,*symantec.com,*.nai.com,*.networkassociates.com,*.dir.untd.com,cf.netzero.net,qs.netzero.net,*.aolcdn.com,localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/02/25 13:41:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/02/25 13:41:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.14\Extensions\\Components: C:\Program Files (x86)\mozilla.org\SeaMonkey\Components [2009/02/14 23:46:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.14\Extensions\\Plugins: C:\Program Files (x86)\mozilla.org\SeaMonkey\Plugins [2009/02/14 23:46:34 | 000,000,000 | ---D | M]

[2008/12/09 00:05:37 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\Mozilla\Extensions
[2010/03/02 09:28:41 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\ob8a298a.default\extensions
[2009/08/19 10:31:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\ob8a298a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/25 13:53:16 | 000,000,000 | ---D | M] (eQuake Alert) -- C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\ob8a298a.default\extensions\{8585C31E-1E94-4498-ACEC-CB913A05FC52}
[2010/01/24 13:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\ob8a298a.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/01/26 09:59:39 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\ob8a298a.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/12/26 17:51:27 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\ob8a298a.default\extensions\amznUWL@amazon.com
[2010/01/24 13:51:34 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\ob8a298a.default\extensions\firefox1@myibay.com
[2010/01/26 09:59:38 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\ob8a298a.default\extensions\mozilla@pixelpipe.com
[2010/01/24 13:51:34 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\ob8a298a.default\extensions\personas@christopher.beard
[2008/12/09 00:05:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Pop-up Blocker) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files (x86)\NetZero\qsacc\X1IEBHO.dll (NetZero, Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (PrxcnBHO Class) - {7D9E713D-0388-4384-BDD8-2A42EB1C4F04} - C:\Program Files (x86)\Proxyconn\PrxcnBrsrCtrl.dll ()
O2 - BHO: (NetZero Toolbar Helper) - {FE3098B0-04A3-41fd-8CA9-BEA39CB14C87} - C:\Program Files (x86)\NetZero\UCReg.dll (NetZero, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files (x86)\NetZero\Toolbar.dll (NetZero, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files (x86)\NetZero\Toolbar.dll (NetZero, Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvSvc] C:\Windows\SysNative\nvsvc64.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [PxClient.exe] C:\Program Files (x86)\Proxyconn\PxUi.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [napmcobi] C:\Users\Elizabeth\AppData\Local\togvsh\hwgcsftav.exe ()
O4 - HKCU..\Run: [NetZero_uoltray] C:\Program Files (x86)\NetZero\exec.exe (NetZero, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: Show with Full Quality - C:\Program Files (x86)\Proxyconn\PrxcnBrsrCtrl.dll ()
O8 - Extra context menu item: Show with Full Quality - C:\Program Files (x86)\Proxyconn\PrxcnBrsrCtrl.dll ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Proxyconn\Pxlsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Proxyconn\Pxlsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Proxyconn\Pxlsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Proxyconn\Pxlsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Proxyconn\Pxlsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Proxyconn\Pxlsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Proxyconn\Pxlsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Proxyconn\Pxlsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Proxyconn\Pxlsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Proxyconn\Pxlsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\Proxyconn\Pxlsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Proxyconn\Pxlsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Proxyconn\Pxlsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Proxyconn\Pxlsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Proxyconn\Pxlsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Proxyconn\Pxlsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Proxyconn\Pxlsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Proxyconn\Pxlsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Proxyconn\Pxlsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Proxyconn\Pxlsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Proxyconn\Pxlsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\Proxyconn\Pxlsp.dll ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: netzero.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: netzero.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/28 10:25:22 | 000,000,099 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{6ccdd6ad-c18f-11dd-9e49-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2007/07/24 09:20:32 | 000,352,256 | R--- | M] (Computer Associates International, Inc.)
O33 - MountPoints2\{6ccdd6ad-c18f-11dd-9e49-806e6f6e6963}\Shell\Install\Command - "" = E:\SETUP.EXE -- [2007/07/24 09:20:32 | 000,352,256 | R--- | M] (Computer Associates International, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/02 22:40:57 | 000,551,424 | ---- | C] (OldTimer Tools) -- C:\Users\Elizabeth\Desktop\OTL.exe
[2010/03/02 15:37:05 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Elizabeth\Desktop\mbam-setup(2).exe
[2010/03/02 12:35:39 | 012,680,385 | ---- | C] (Lavasoft ) -- C:\Users\Elizabeth\Desktop\Ad-AwareInstaller(2).exe
[2010/03/01 23:20:25 | 056,606,134 | ---- | C] (Lavasoft ) -- C:\Users\Elizabeth\Desktop\Ad-AwareInstaller.exe
[2010/03/01 21:36:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/01 21:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/03/01 12:08:15 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Roaming\Malwarebytes
[2010/03/01 12:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/01 12:08:09 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/01 11:28:50 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Elizabeth\Desktop\mbam-setup.exe
[2010/02/28 23:57:00 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Local\togvsh
[2010/02/27 08:41:08 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\Desktop\funny images
[2010/02/26 08:42:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GSI
[2010/02/20 18:51:17 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/02/05 20:07:48 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Local\Ibibi_HB
[2010/02/05 20:07:45 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Roaming\TSRWorkshop
[2010/02/05 20:07:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Sims Resource
[2010/02/05 20:06:29 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2010/02/05 20:06:29 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2010/02/05 20:06:28 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2010/02/05 20:06:28 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2010/02/05 20:06:28 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2010/02/05 20:06:28 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2010/02/05 20:06:26 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2010/02/05 20:06:26 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2010/02/05 20:06:26 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010/02/05 20:06:26 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/02/05 20:06:26 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2010/02/05 20:06:26 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2010/02/05 13:52:38 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\Documents\The Sims 3 swatches
[2009/09/06 17:00:35 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\Implode.dll

========== Files - Modified Within 30 Days ==========

[2010/03/02 22:50:09 | 003,407,872 | -HS- | M] () -- C:\Users\Elizabeth\ntuser.dat
[2010/03/02 22:47:35 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/02 22:47:35 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/02 22:47:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/02 22:47:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/02 22:46:27 | 000,524,288 | -HS- | M] () -- C:\Users\Elizabeth\ntuser.dat{5e996320-e8bb-11de-a20d-001fc6ec32a6}.TMContainer00000000000000000001.regtrans-ms
[2010/03/02 22:46:27 | 000,065,536 | -HS- | M] () -- C:\Users\Elizabeth\ntuser.dat{5e996320-e8bb-11de-a20d-001fc6ec32a6}.TM.blf
[2010/03/02 22:46:25 | 002,272,844 | -H-- | M] () -- C:\Users\Elizabeth\AppData\Local\IconCache.db
[2010/03/02 22:44:27 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\Elizabeth\Desktop\OTL.exe
[2010/03/02 22:41:15 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/02 22:41:15 | 000,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/02 22:41:15 | 000,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/02 16:08:00 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Elizabeth\Desktop\mbam-setup(2).exe
[2010/03/02 14:09:25 | 000,095,232 | ---- | M] () -- C:\Windows\SysNative\umstartup.etl
[2010/03/02 14:07:55 | 012,680,385 | ---- | M] (Lavasoft ) -- C:\Users\Elizabeth\Desktop\Ad-AwareInstaller(2).exe
[2010/03/02 06:48:39 | 056,606,134 | ---- | M] (Lavasoft ) -- C:\Users\Elizabeth\Desktop\Ad-AwareInstaller.exe
[2010/03/01 21:36:45 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/01 12:01:00 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Elizabeth\Desktop\mbam-setup.exe
[2010/02/28 00:07:03 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForElizabeth.job
[2010/02/27 08:38:17 | 000,002,671 | ---- | M] () -- C:\Users\Public\Desktop\Jasc Paint Shop Pro 9.lnk
[2010/02/26 08:45:54 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\F-16 Aggressor.lnk
[2010/02/25 13:41:49 | 000,001,780 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/02/20 19:01:11 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Canon MX310 series User Registration.LNK
[2010/02/20 18:55:27 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Presto! PageManager 7.15.lnk
[2010/02/20 18:55:15 | 000,000,264 | ---- | M] () -- C:\Windows\setup.iss
[2010/02/20 18:51:18 | 000,001,742 | ---- | M] () -- C:\Users\Public\Desktop\My Printer.lnk
[2010/02/20 18:51:08 | 000,001,876 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2010/02/20 18:50:59 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\Easy-PhotoPrint EX.lnk
[2010/02/20 18:50:27 | 000,001,932 | ---- | M] () -- C:\Users\Public\Desktop\MP Navigator EX 1.0.lnk
[2010/02/20 18:50:01 | 000,002,158 | ---- | M] () -- C:\Users\Public\Desktop\MX310 series On-screen Manual.lnk
[2010/02/20 08:46:43 | 000,376,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/02/19 16:02:14 | 000,101,688 | ---- | M] () -- C:\Users\Elizabeth\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/19 13:34:37 | 000,014,848 | ---- | M] () -- C:\Users\Elizabeth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/18 18:26:10 | 000,019,672 | ---- | M] () -- C:\Users\Elizabeth\Documents\the stack rant.rtf
[2010/02/05 20:07:29 | 000,001,916 | ---- | M] () -- C:\Users\Public\Desktop\TSR Workshop.lnk

========== Files Created - No Company Name ==========

[2010/03/01 21:36:45 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/26 08:45:54 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\F-16 Aggressor.lnk
[2010/02/20 18:50:59 | 000,001,930 | ---- | C] () -- C:\Users\Public\Desktop\Easy-PhotoPrint EX.lnk
[2010/02/18 18:26:10 | 000,019,672 | ---- | C] () -- C:\Users\Elizabeth\Documents\the stack rant.rtf
[2010/02/05 20:07:29 | 000,001,916 | ---- | C] () -- C:\Users\Public\Desktop\TSR Workshop.lnk
[2009/12/22 00:41:10 | 000,000,016 | RH-- | C] () -- C:\ProgramData\60020242.ini
[2009/12/22 00:34:02 | 000,000,016 | RH-- | C] () -- C:\Users\Elizabeth\AppData\Local\30010121.ini
[2009/09/06 17:00:36 | 000,116,224 | ---- | C] () -- C:\Windows\SysWow64\utility3.dll
[2009/09/06 17:00:36 | 000,116,224 | ---- | C] () -- C:\Windows\SysWow64\Execute.dll
[2009/09/06 17:00:35 | 000,748,160 | ---- | C] () -- C:\Windows\SysWow64\Co2c40en.dll
[2009/09/06 17:00:35 | 000,054,272 | ---- | C] () -- C:\Windows\SysWow64\P2irdao.dll
[2009/09/06 17:00:35 | 000,050,176 | ---- | C] () -- C:\Windows\SysWow64\P2ctdao.dll
[2009/08/15 08:39:50 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/15 08:38:55 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/31 00:38:44 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2009/01/09 12:43:37 | 000,001,658 | ---- | C] () -- C:\Users\Elizabeth\AppData\Roaming\wklnhst.dat
[2009/01/06 23:50:34 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009/01/06 23:49:19 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/01/06 17:20:25 | 000,000,680 | ---- | C] () -- C:\Users\Elizabeth\AppData\Local\d3d9caps.dat
[2008/12/21 12:54:12 | 000,014,848 | ---- | C] () -- C:\Users\Elizabeth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/31 10:12:30 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/07/31 10:12:30 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[1997/06/13 19:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
< End of report >

--------------------------------------------------------------------------------------------------

And extras file


OTL Extras logfile created on: 3/2/2010 10:48:10 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Users\Elizabeth\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.65 Gb Total Space | 308.97 Gb Free Space | 67.96% Space Free | Partition Type: NTFS
Drive D: | 11.11 Gb Total Space | 1.49 Gb Free Space | 13.38% Space Free | Partition Type: NTFS
Drive E: | 679.93 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ELIZABETH-PC
Current User Name: Elizabeth
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = MozillaHTML] -- C:\Program Files (x86)\mozilla.org\SeaMonkey\seamonkey.exe (mozilla.org)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = MozillaHTML] -- C:\Program Files (x86)\mozilla.org\SeaMonkey\seamonkey.exe (mozilla.org)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~2\MOZILLA.ORG\SEAMON~1\SEAMON~1.EXE -osint -url "%1" (mozilla.org)
https [open] -- C:\PROGRA~2\MOZILLA.ORG\SEAMON~1\SEAMON~1.EXE -osint -url "%1" (mozilla.org)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~2\MOZILLA.ORG\SEAMON~1\SEAMON~1.EXE -osint -url "%1" (mozilla.org)
https [open] -- C:\PROGRA~2\MOZILLA.ORG\SEAMON~1\SEAMON~1.EXE -osint -url "%1" (mozilla.org)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 8C 6F 2F 6A FF 20 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C132841-667F-4CE9-8A61-4AFE09079528}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{4A2F530C-9327-4760-BFE5-E4E817480A41}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization iv colonization\colonization.exe |
"{4B568A33-BEB8-4D8E-BA62-8188E9FB89CB}" = protocol=17 | dir=in | app=c:\program files (x86)\netzero\exec.exe |
"{80783434-25E5-46A9-AD03-5779A109C32A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{BDB11955-CC11-4B23-97D1-13AD9E0C0FFA}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{D8B6FC50-A2E6-4F88-9892-BB7416C67080}" = protocol=6 | dir=in | app=c:\program files (x86)\netzero\exec.exe |
"{E4134299-246D-4763-BED6-C586EA6A16B0}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization iv colonization\colonization.exe |
"TCP Query User{D539670C-6D81-4D50-9DB5-20D9FD94A8AA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{DBBB797A-B840-40B8-BF9A-3970F1643C8F}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{254D3F75-E74A-4769-B338-9AD5C940BF54}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{FED85E80-2020-4665-B878-FF3EC64B9AB1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"CanonMyPrinter" = Canon My Printer
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{186A63A2-4256-43C6-8061-95EF77A5CDB6}" = Sid Meier's Civilization 4
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4465870C-491A-4A86-A0F4-1A93CD2A8BDD}" = TSR Workshop
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{64963F0E-03F2-4B59-8D1B-1806545E7092}" = NVIDIA DDS Utilities
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kitchen & Bath Interior Design Stuff
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6c651250-2eb2-11d5-8e33-0050dad72ac2}" = NetZero Internet
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B1899CD8-9584-4DC5-00AE-48F47CF81183}" = The Sims 2 HomeCrafter Plus
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CF6AE90D-05E8-4D0B-AF79-94F9E1CA5601}" = Microsoft Flight Simulator X Demo
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D5395E5F-4D45-4665-8F00-234FA33678AF}" = SlimDX Redistributable (March 2009)
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}" = muvee autoProducer 6.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"All To PDF" = All To PDF
"Canon MX310 series User Registration" = Canon MX310 series User Registration
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CEP - Colour Enable Packages_is1" = CEP (Color Enable Package) v.9.2 (beta)
"Dogz" = Dogz (remove only)
"EADM" = EA Download Manager
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"F-16: Aggressor" = F-16: Aggressor
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{CF6AE90D-05E8-4D0B-AF79-94F9E1CA5601}" = Microsoft Flight Simulator X Demo
"Little Ink Pot's Xpose Plugin_is1" = Xpose Plugin v 1.0
"Lucas Online Modular Stair Installer_is1" = Lucas Online Modular Stair Installer v1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MilkShape 3D 1.8.5" = MilkShape 3D 1.8.5
"Mozilla Firefox (3.0.4)" = Mozilla Firefox (3.0.4)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NetZero HiSpeed" = NetZero HiSpeed (remove only)
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Pixillion" = Pixillion Image Converter
"Proxyconn Accelerator" = Proxyconn Accelerator (Uninstall)
"SeaMonkey (1.1.14)" = SeaMonkey (1.1.14)
"SimPE_is1" = SimPE 0.72 (alpha)
"Sims2Pack Clean Installer " = Sims2Pack Clean Installer
"Switch" = Switch Sound File Converter
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/2/2010 1:14:03 AM | Computer Name = Elizabeth-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6002.18005, time stamp
0x49e01e78, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03824,
exception code 0xc0000374, fault offset 0x000ab0bf, process id 0x13d8, application
start time 0x01cab9c722406857.

Error - 3/2/2010 10:41:45 AM | Computer Name = Elizabeth-PC | Source = EventSystem | ID = 4609
Description =

Error - 3/2/2010 10:42:39 AM | Computer Name = Elizabeth-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/2/2010 12:00:52 PM | Computer Name = Elizabeth-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/2/2010 12:52:58 PM | Computer Name = Elizabeth-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/2/2010 12:57:42 PM | Computer Name = Elizabeth-PC | Source = EventSystem | ID = 4609
Description =

Error - 3/2/2010 12:58:36 PM | Computer Name = Elizabeth-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/2/2010 1:32:44 PM | Computer Name = Elizabeth-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/2/2010 1:57:25 PM | Computer Name = Elizabeth-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6002.18005, time stamp
0x49e01e78, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03824,
exception code 0xc0000374, fault offset 0x000ab0bf, process id 0x830, application
start time 0x01caba31ccba0f70.

Error - 3/2/2010 2:18:23 PM | Computer Name = Elizabeth-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6002.18005, time stamp
0x49e01e78, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03824,
exception code 0xc0000374, fault offset 0x000ab0bf, process id 0x1360, application
start time 0x01caba34be753ae0.

[ Media Center Events ]
Error - 3/8/2009 3:35:27 PM | Computer Name = Elizabeth-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/19/2009 11:34:47 PM | Computer Name = Elizabeth-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/17/2009 1:26:58 PM | Computer Name = Elizabeth-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/9/2009 11:42:16 PM | Computer Name = Elizabeth-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 3/2/2010 4:10:57 PM | Computer Name = Elizabeth-PC | Source = DCOM | ID = 10005
Description =

Error - 3/2/2010 4:11:04 PM | Computer Name = Elizabeth-PC | Source = DCOM | ID = 10005
Description =

Error - 3/2/2010 4:11:10 PM | Computer Name = Elizabeth-PC | Source = DCOM | ID = 10005
Description =

Error - 3/2/2010 4:11:15 PM | Computer Name = Elizabeth-PC | Source = DCOM | ID = 10005
Description =

Error - 3/2/2010 4:12:03 PM | Computer Name = Elizabeth-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/2/2010 4:12:03 PM | Computer Name = Elizabeth-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/2/2010 4:19:39 PM | Computer Name = Elizabeth-PC | Source = DCOM | ID = 10010
Description =

Error - 3/2/2010 5:26:30 PM | Computer Name = Elizabeth-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{33B3C047-4A52-4049-B81D-73CD1068EB12}
because another computer on the network has the same name. The server could not
start.

Error - 3/3/2010 12:36:41 AM | Computer Name = Elizabeth-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{33B3C047-4A52-4049-B81D-73CD1068EB12}
because another computer on the network has the same name. The server could not
start.

Error - 3/3/2010 12:37:20 AM | Computer Name = Elizabeth-PC | Source = DCOM | ID = 10010
Description =


< End of report >



I have no idea what I am looking at, thank you so much for any help!!!

scubadeaux
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 24778
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirus soft/avcommand.net, ran Malwarebytes said removed, but still here

Post by Belahzur on Wed Mar 03, 2010 3:05 pm

Hello.

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    PRC - [2010/02/28 23:56:43 | 000,279,296 | ---- | M] () -- C:\Users\Elizabeth\AppData\Local\togvsh\hwgcsftav.exe
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [napmcobi] C:\Users\Elizabeth\AppData\Local\togvsh\hwgcsftav.exe ()
    [2010/02/28 23:57:00 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Local\togvsh



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: antivirus soft/avcommand.net, ran Malwarebytes said removed, but still here

Post by scubadeaux on Wed Mar 03, 2010 5:34 pm

========== OTL ==========
Process hwgcsftav.exe killed successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\napmcobi deleted successfully.
C:\Users\Elizabeth\AppData\Local\togvsh\hwgcsftav.exe moved successfully.
C:\Users\Elizabeth\AppData\Local\togvsh folder moved successfully.

OTL by OldTimer - Version 3.1.32.0 log created on 03032010_113408

scubadeaux
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 24778
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirus soft/avcommand.net, ran Malwarebytes said removed, but still here

Post by scubadeaux on Wed Mar 03, 2010 6:04 pm

I don't know what just happened, but it "looks" like things are better, I am not getting attacked! Please let me now if my last log post means I am in the clear.

scubadeaux
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 24778
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirus soft/avcommand.net, ran Malwarebytes said removed, but still here

Post by Belahzur on Wed Mar 03, 2010 6:26 pm

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Next,

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Adobe Reader 8.1.2
    Java(TM) SE Runtime Environment 6 Update 1

  • Click on the Uninstall/Change button at the top.

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe that you downloaded to install the newest version.

Then download and install [You must be registered and logged in to see this link.]

Please download [You must be registered and logged in to see this link.] and install it. It will install over version 3.0 you currently have installed, so you won't lose any bookmarked websites.



To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: antivirus soft/avcommand.net, ran Malwarebytes said removed, but still here

Post by scubadeaux on Wed Mar 03, 2010 7:34 pm

I am currently going through all the steps above, with dial-up updates can take forever. So far system working good...will report back after OTL clean up.


Thank you again for your help, almost back to normal.....

scubadeaux
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 24778
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirus soft/avcommand.net, ran Malwarebytes said removed, but still here

Post by scubadeaux on Tue Mar 09, 2010 1:46 am

I cannot thank you enough! Back to normal now!

This was the quite a vicious and literally nasty virus/hijack. I just find it pathetic that someone actually created that on purpose...to know that much about computers and programming and that is what they chose to do with it.
Sorry for the rant...

Again thank you so very much...amazing
donation on the way... Thank You!

scubadeaux
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 24778
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum