# Solved: Possible security threats?



## luvmycubbies (Aug 18, 2006)

About a month ago TSG guided me to fixing a mess my FORMER repair person had created and all has been good since. Today I went to "LocalDisk(C)" to clean the temp files and the screen that came up did NOT look like what I rembered seeing before the local bozo did his thing. There are 19 "names" listed; 12 file folders, a couple of text documents, a "MS-DOS appli" and 4 system files (one called "pagefilesys" which contains 1,560,576KB! ) One of the file folders is "Documents and Settings" which takes me to "Tim" which is the one I want to clean. I click that and get to a screen that lists "local settings" (among 27 other items and I don't recall ALL THAT being there), I click on "local settings" and takes me to the screen which should hae the temp files I want to delete. I see them and delete them BUT there are also strange names I've never seen, like CR_4F5.tmp, AUCHECK_CORE.txt and [email protected]. WHUT??!! So I google those names and the websites that come up contain alarming words like trojan, malware, virus. Makes me very nervous.
Is my computer in danger? Is some action required on my part? Advice appreciated.
Thanks,
Judy


----------



## Ent (Apr 11, 2009)

As to the strange files you're seeing in the C drive, they are critical system files, always there but are typically hidden from view. This library article explains how to show those files, if you don't want to see them simply reverse which boxes are checked--both "Hide Protected Operating System Files" and "Do not show Hidden Files and Folders" should be checked.

With regard the possible infection, I'm not allowed to assist with malware removal. If you believe that you're infected, follow the instructions in this link and click the orange *Report* button in the bottom right corner of any response.


----------



## luvmycubbies (Aug 18, 2006)

Thank you for your reply. I will peruse the info you suggested and proceed to get these "strange" files out of my sight.


----------



## Cookiegal (Aug 27, 2003)

*Don't* go deleting the pagefile.sys file or any of those folders "Documents and Settings" or "Local Settings"!

Do you have Google Chrome? I believe that's what creates the CR_*.tmp files (with various numbers).

I'm not sure off-hand about the [[email protected]] but you can delete any .tmp files.

Right click the AUCHECK_CORE.txt and select "Open With" and "Notepad" and post the contents here please. It's likely a report or log of some kind.

As Ent mentioned, you are seeing things you couldn't before because files/folders are unhidden.


----------



## luvmycubbies (Aug 18, 2006)

Thanks for your response. I'll get into action ASAP but I'm tied up until maybe tomorrow AM.


----------



## Cookiegal (Aug 27, 2003)

luvmycubbies said:


> Thanks for your response. I'll get into action ASAP but I'm tied up until maybe tomorrow AM.


That's fine.


----------



## luvmycubbies (Aug 18, 2006)

[Thu Sep 02 21:15:20 2010] debug : AUCHECK STARTED
[Thu Sep 02 21:15:20 2010] debug : No Override, downloading from http://javadl-esd.sun.com/update/AU/map-2.0.2.4.xml
[Thu Sep 02 21:15:25 2010] debug : Parsing XML file
[Thu Sep 02 21:15:25 2010] debug : XmlParser Constructor failed: Exit now
[Thu Sep 09 21:15:07 2010] debug : AUCHECK STARTED
[Thu Sep 09 21:15:07 2010] debug : No Override, downloading from http://javadl-esd.sun.com/update/AU/map-2.0.2.4.xml
[Thu Sep 09 21:15:13 2010] debug : Parsing XML file
[Thu Sep 09 21:15:13 2010] debug : XmlParser Constructor failed: Exit now
[Thu Sep 16 21:15:16 2010] debug : AUCHECK STARTED
[Thu Sep 16 21:15:16 2010] debug : No Override, downloading from http://javadl-esd.sun.com/update/AU/map-2.0.2.4.xml
[Thu Sep 16 21:15:24 2010] debug : Parsing XML file
[Thu Sep 16 21:15:24 2010] debug : XmlParser Constructor failed: Exit now


----------



## Cookiegal (Aug 27, 2003)

That looks like a report from a parser for AUCheck. Did you download a utility called AUCheck because you had a problem with Automatic Updates?


----------



## luvmycubbies (Aug 18, 2006)

No, I didn't download that. Probably another one of my former repair tech's bright ideas! (What is a parser?) Pursuant to your first response of yesterday; I didn't delete any folders. Without asking, the above-mentioned repair guy downloaded Google Chrome. I didn't want it and uninstalled it but perhaps there are remnants because yesterday evening a pop-up from Google told me there's an updated version of Chrome and did I want it and if not, why not - blah, blah, blah. I answered "no thanks". What's your opinion of Chrome?


----------



## Cookiegal (Aug 27, 2003)

luvmycubbies said:


> No, I didn't download that. Probably another one of my former repair tech's bright ideas! (What is a parser?) Pursuant to your first response of yesterday; I didn't delete any folders. Without asking, the above-mentioned repair guy downloaded Google Chrome. I didn't want it and uninstalled it but perhaps there are remnants because yesterday evening a pop-up from Google told me there's an updated version of Chrome and did I want it and if not, why not - blah, blah, blah. I answered "no thanks". What's your opinion of Chrome?


The tech likely used that utility. A parser is something that allows you to read certain kinds of files that you wouldn't be able to normally.

I have no first-hand experience with Chrome but have heard good things about it. Personally, I prefer to use Firefox.

I would like to check a few things to be sure tha Z file is nothing to be concerned about.

Please go * here* to download *HijackThis*.

To the right of the green arrow under *HijackThis downloads* click on the *Executable *button and download the *HijackThis.exe* file to your desktop.
Double-click the * HijackThis.exe* file on your desktop to launch the program. If you get a security warning asking if you want to run this software because the publisher couldn't be verified click on Run to allow it.
Click on the *Scan* button. The scan will not take long and when it's finished the resulting log will open automatically in Notepad.
Click on the *Save log* button and save the log file to your desktop. Copy and paste the contents of the log in your post.
*Please do not fix anything with HijackThis unless you are instructed to do so. Most of what appears in the log will be harmless and/or necessary.*.

Also, please do this:

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## luvmycubbies (Aug 18, 2006)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:35:48 PM, on 9/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\windows\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\windows\system32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.direcwaysupport.com;www.systemcontrolcenter.com;192.168.0.1;;127.0.0.1;<local>
R3 - URLSearchHook: agihelper.AGUtils - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - mscoree.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: agihelper.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HughesNetTools_McciTrayApp] C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON WorkForce 500 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE /FU "C:\DOCUME~1\Tim\LOCALS~1\Temp\E_S547.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\3.1.5.7617\Launcher.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132440494406
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

--
End of file - 7049 bytes


----------



## luvmycubbies (Aug 18, 2006)

ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.4
ArcSoft Print Creations
ArcSoft Print Creations - Brochure
ArcSoft Print Creations - Photo Calendar
EPSON Scan
EPSON WorkForce 500 Series Printer Uninstall
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
HughesNet Tools
HughesNetTools
Intel(R) Graphics Media Accelerator Driver
Intel(R) Pro Alerting Agent
Intel(R) PRO Network Connections Software v10.0.26.0
Intel(R) PROSafe for Wired Connections
Intel(R) PROSafe for Wired Connections
iTunes
Java(TM) 6 Update 21
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Office 2000 Professional
Microsoft Picture It! Photo Premium 2002
Microsoft Security Essentials
Microsoft Security Essentials
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTI Backup NOW! 3
NTI CD-Maker Gold
NTI DriveBackup! 3
PowerDVD
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB982802)
SUPERAntiSpyware
U.S. Robotics ControlCenter
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
W Photo Studio
Webshots Desktop
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11


----------



## Cookiegal (Aug 27, 2003)

Those look fine but lets check a bit further.

Please download Malwarebytes' Anti-Malware from *Here*.

Double Click *mbam-setup.exe* to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.
Extra Note:

*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.*


----------



## luvmycubbies (Aug 18, 2006)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4678

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/23/2010 6:54:41 PM
mbam-log-2010-09-23 (18-54-41).txt

Scan type: Quick scan
Objects scanned: 137220
Time elapsed: 6 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

All went according to your instructions except after the scan was complete, there was no "OK" to click, no "Show Results", no "Remove Selected". The log went right straight to Notepad. There was no Prompt to Restart.


----------



## Cookiegal (Aug 27, 2003)

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
In *Additional Scans *section put a check in Disabled MS Config Items and EventViewer logs
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## luvmycubbies (Aug 18, 2006)

my wife,luvmycubbies, workd 7AM to 7PM today, just called to tell me she got held over for another 4 hrs. wanted to let u know and she'll get back on this tomoro. about all I know about this computer is how to look up scores on ESPN. Thnx for your help so far.


----------



## Cookiegal (Aug 27, 2003)

Thanks.


----------



## luvmycubbies (Aug 18, 2006)

```
OTS logfile created on: 9/25/2010 5:57:22 PM - Run 1
OTS by OldTimer - Version 3.1.38.1     Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,015.00 Mb Total Physical Memory | 502.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 27.61 Gb Free Space | 74.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 37.26 Gb Total Space | 37.19 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TIMP432
Current User Name: Tim
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Tim\Desktop\OTS.exe -> [2010/09/25 17:55:33 | 000,641,536 | ---- | M] (OldTimer Tools)
superantispyware.exe -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -> [2010/09/23 11:18:00 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com)
msseces.exe -> C:\Program Files\Microsoft Security Essentials\msseces.exe -> [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation)
msmpeng.exe -> c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -> [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation)
agcoreservice.exe -> C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe -> [2010/03/18 10:57:48 | 000,020,480 | ---- | M] (AG Interactive)
acservice.exe -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2009/02/06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.)
webshots.scr -> C:\PROGRA~1\Webshots\Webshots.scr -> [2008/11/29 15:23:49 | 003,446,088 | ---- | M] (Webshots.com)
msimn.exe -> C:\Program Files\Outlook Express\msimn.exe -> [2008/04/13 19:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\windows\Explorer.EXE -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
mccitrayapp_ssr.exe -> C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe -> [2007/11/20 16:36:25 | 001,454,592 | ---- | M] (Motive Communications, Inc.)
point32.exe -> C:\Program Files\Microsoft IntelliPoint\point32.exe -> [2005/03/23 18:26:09 | 000,217,088 | ---- | M] (Microsoft Corporation)
usrmlnka.exe -> C:\windows\System32\USRmlnkA.exe -> [2004/08/04 07:00:00 | 000,077,891 | ---- | M] (U.S. Robotics Corporation)
usrshuta.exe -> C:\windows\System32\USRshutA.exe -> [2004/08/04 07:00:00 | 000,069,700 | ---- | M] ( U.S. Robotics Corporation)
type32.exe -> C:\Program Files\Microsoft IntelliType Pro\type32.exe -> [2004/06/03 03:51:27 | 000,172,032 | ---- | M] (Microsoft Corporation)
asfagent.exe -> C:\Program Files\Intel\ASF Agent\ASFAgent.exe -> [2004/05/30 06:25:18 | 000,122,880 | ---- | M] (Intel Corporation)
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Tim\Desktop\OTS.exe -> [2010/09/25 17:55:33 | 000,641,536 | ---- | M] (OldTimer Tools)
vdmdbg.dll -> C:\WINDOWS\system32\vdmdbg.dll -> [2008/04/13 19:12:08 | 000,026,112 | ---- | M] (Microsoft Corporation)
msscript.ocx -> C:\WINDOWS\system32\msscript.ocx -> [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation)
mccicontexthook_6-1-0_dsr.dll -> C:\Program Files\Common Files\Motive\McciContextHook_6-1-0_DSR.dll -> [2007/10/15 16:28:59 | 000,454,144 | ---- | M] (Motive Communications, Inc.)
 
[Win32 Services - Safe List]
(MSDTC) Distributed Transaction Coordinator [On_Demand | Stopped] ->  -> File not found
(AppMgmt) Application Management [On_Demand | Stopped] -> C:\windows\System32\appmgmts.dll -> File not found
(MsMpSvc) Microsoft Antimalware Service [Auto | Running] -> c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -> [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation)
(AGCoreService) AG Core Services [Auto | Running] -> C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe -> [2010/03/18 10:57:48 | 000,020,480 | ---- | M] (AG Interactive)
(ACDaemon) ArcSoft Connect Daemon [Auto | Running] -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2009/02/06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.)
(ASFAgent) ASF Agent [Auto | Running] -> C:\Program Files\Intel\ASF Agent\ASFAgent.exe -> [2004/05/30 06:25:18 | 000,122,880 | ---- | M] (Intel Corporation)
 
[Driver Services - Safe List]
(TfSysMon) TfSysMon [Kernel | Boot | Stopped] -> C:\windows\System32\drivers\TfSysMon.sys -> File not found
(TfNetMon) TfNetMon [Kernel | On_Demand | Stopped] -> C:\windows\System32\drivers\TfNetMon.sys -> File not found
(TfFsMon) TfFsMon [Kernel | Boot | Stopped] -> C:\windows\System32\drivers\TfFsMon.sys -> File not found
(SBRE) SBRE [Kernel | System | Stopped] -> C:\windows\System32\drivers\SBREdrv.sys -> File not found
(pctplsg) pctplsg [Kernel | On_Demand | Stopped] -> C:\windows\System32\drivers\pctplsg.sys -> File not found
(MRESP50a64) MRESP50a64 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -> File not found
(MREMP50a64) MREMP50a64 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -> File not found
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(MpFilter) Microsoft Malware Protection Driver [File_System | System | Running] -> C:\windows\System32\DRIVERS\MpFilter.sys -> [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation)
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -> [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\windows\System32\DRIVERS\HDAudBus.sys -> [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(MREMP50) MREMP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -> [2007/10/15 16:36:07 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(MRESP50) MRESP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -> [2007/10/15 16:36:07 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(vsdatant) vsdatant [Kernel | On_Demand | Stopped] -> C:\windows\System32\vsdatant.sys -> [2005/11/15 01:50:34 | 000,372,816 | ---- | M] (Zone Labs, LLC)
(NTIDrvr) Upper Class Filter Driver [Kernel | On_Demand | Running] -> C:\windows\System32\DRIVERS\NTIDrvr.sys -> [2005/06/27 18:08:35 | 000,006,912 | ---- | M] (NewTech Infosystems, Inc.)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\windows\System32\drivers\RtkHDAud.sys -> [2005/05/04 04:18:26 | 002,951,680 | ---- | M] (Realtek Semiconductor Corp.)
(iteraid) ITERAID_Service_Install [Kernel | Boot | Running] -> C:\windows\system32\DRIVERS\iteraid.sys -> [2005/04/16 14:01:44 | 000,024,960 | ---- | M] (Integrated Technology Express, Inc.)
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> C:\windows\System32\DRIVERS\e1e5132.sys -> [2005/03/31 04:04:52 | 000,180,736 | R--- | M] (Intel Corporation)
(iteatapi) ITEATAPI_Service_Install [Kernel | Boot | Running] -> C:\windows\system32\DRIVERS\iteatapi.sys -> [2005/03/04 00:34:40 | 000,025,424 | R--- | M] (Integrated Technology Express, Inc.)
(MRENDIS5) MRENDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -> [2004/11/22 11:36:40 | 000,018,003 | ---- | M] (Motive, Inc.)
(AsfAlrt) AsfAlrt Service [Kernel | On_Demand | Stopped] -> C:\windows\System32\Drivers\AsfAlrt.sys -> [2004/09/19 04:27:42 | 000,036,064 | ---- | M] (Intel Corporation)
(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> C:\windows\System32\DRIVERS\ASACPI.sys -> [2004/08/12 21:56:20 | 000,005,810 | R--- | M] ()
(USRpdA) U.S. Robotics 56K PCI Faxmodem Driver [Kernel | On_Demand | Running] -> C:\windows\System32\DRIVERS\USRpdA.sys -> [2001/08/17 08:28:26 | 000,113,762 | ---- | M] (U.S. Robotics Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://google.com/ -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> www.direcwaysupport.com;www.systemcontrolcenter.com;192.168.0.1;;127.0.0.1;<local> -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Tim\Application Data\Mozilla\FireFox\Profiles\ofsq8jv6.default\prefs.js -> 
browser.search.selectedEngine -> "Google" ->
browser.startup.homepage -> "http://www.msn.com/" ->
extensions.enabledItems -> [email protected]:1.0 ->
extensions.enabledItems -> {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.1 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  -> 
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Tim\Application Data\Mozilla\Extensions -> [2010/08/18 11:18:10 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\ofsq8jv6.default\extensions -> [2010/08/19 09:52:55 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant   -> C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\ofsq8jv6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/08/18 11:26:16 | 000,000,000 | ---D | M]
NoScript   -> C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\ofsq8jv6.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} -> [2010/08/19 09:01:07 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/08/17 21:39:28 | 000,417,864 | R--- | M] - 14469 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
First 25 entries...
Reset Hosts
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.123topsearch.com
127.0.0.1	123topsearch.com
127.0.0.1	www.132.com
127.0.0.1	132.com
127.0.0.1	www.136136.net
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2010/06/19 14:29:40 | 000,061,888 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG9\avgssie.dll [AVG Safe Search] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/07/14 09:00:57 | 000,278,192 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [Google Toolbar Notifier BHO] -> [2010/06/02 00:24:53 | 000,814,648 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/07/14 09:00:57 | 000,278,192 | ---- | M] (Google Inc.)
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/07/14 09:00:57 | 000,278,192 | ---- | M] (Google Inc.)
WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{F2E259E8-0FC8-438C-A6E0-342DD80FA53E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"HughesNetTools_McciTrayApp" -> C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe [C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe] -> [2007/11/20 16:36:25 | 001,454,592 | ---- | M] (Motive Communications, Inc.)
"IntelliPoint" -> C:\Program Files\Microsoft IntelliPoint\point32.exe ["C:\Program Files\Microsoft IntelliPoint\point32.exe"] -> [2005/03/23 18:26:09 | 000,217,088 | ---- | M] (Microsoft Corporation)
"MSSE" -> c:\Program Files\Microsoft Security Essentials\msseces.exe ["c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey] -> [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation)
"type32" -> C:\Program Files\Microsoft IntelliType Pro\type32.exe ["C:\Program Files\Microsoft IntelliType Pro\type32.exe"] -> [2004/06/03 03:51:27 | 000,172,032 | ---- | M] (Microsoft Corporation)
"USRpdA" ->  [C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA] -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"EPSON WorkForce 500 Series" -> C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE [C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE /FU "C:\DOCUME~1\Tim\LOCALS~1\Temp\E_S547.tmp" /EF "HKCU"] -> [2008/02/22 00:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION)
"SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2010/09/23 11:18:00 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Tim Startup Folder > -> C:\Documents and Settings\Tim\Start Menu\Programs\Startup -> 
C:\Documents and Settings\Tim\Start Menu\Programs\Startup\Webshots.lnk -> C:\Program Files\Webshots\3.1.5.7617\Launcher.exe -> [2009/12/08 13:38:14 | 000,157,088 | ---- | M] (Webshots.com)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
\Infodelivery\Restrictions\\"NoUpdateCheck" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"LinkResolveIgnoreLinkInfo" ->  [0] -> File not found
\\"NoResolveSearch" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
\\"LinkResolveIgnoreLinkInfo" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Google Sidewiki... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html] -> [2010/06/23 10:10:12 | 001,697,456 | ---- | M] (Google Inc.)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{193B17B0-7C9F-4D5B-AEAB-8D3605EFC084}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{688DC797-DC11-46A7-9F1B-445F4F58CE6E}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7413 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4818 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 49 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] -> 
{31E68DE2-5548-4B23-88F0-C51E6A0F695E} [HKLM] -> https://support.microsoft.com/OAS/ActiveX/odc.cab [Microsoft PID Sniffer] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132440494406 [MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> 
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
Microsoft XML Parser for Java [HKLM] -> file:///C:/WINDOWS/Java/classes/xmldso.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 66.82.4.8 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{EBB0C26D-589C-4CA8-8959-A96C737421EA}\\DhcpNameServer -> 66.82.4.8   (Intel(R) PRO/1000 PM Network Connection) -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"Use My Stylesheet" -> Reg Error: Invalid data type.
"User Stylesheet" -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\windows\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -> [2009/09/03 17:21:41 | 000,548,352 | ---- | M] (SUPERAntiSpyware.com)
igfxcui -> C:\windows\System32\igfxdev.dll -> [2005/04/05 01:18:22 | 000,131,072 | R--- | M] (Intel Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 12:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" -> C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe [C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player] -> File not found
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2005/05/14 12:49:52 | 009,034,240 | ---- | M] (Apple Computer, Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> Reg Error: Value error. -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Instant Update Reminder.lnk -> C:\Program Files\U.S. Robotics\ControlCenter\Reminder -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9 -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk -> C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe -> [2000/06/29 18:15:10 | 000,024,633 | ---- | M] (Microsoft® Corporation)
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe -> [2010/06/19 21:04:47 | 000,035,760 | ---- | M] (Adobe Systems Incorporated)
Alcmtr hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\windows\ALCMTR.EXE -> [2005/05/03 05:43:28 | 000,069,632 | ---- | M] (Realtek Semiconductor Corp.)
ArcSoft Connection Service hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe -> [2009/07/10 13:59:22 | 000,195,072 | ---- | M] (ArcSoft Inc.)
HotKeysCmds hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
IgfxTray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\iTunes\iTunesHelper.exe -> [2005/05/14 00:20:50 | 000,278,528 | ---- | M] (Apple Computer, Inc.)
Microsoft Works Update Detection hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
MSMSGS hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Messenger\msmsgs.exe -> [2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
Persistence hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\QuickTime\qttask.exe -> [2005/06/27 19:21:20 | 000,098,304 | ---- | M] (Apple Computer, Inc.)
RTHDCPL hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\windows\RTHDCPL.EXE -> [2005/05/04 04:28:46 | 014,396,416 | ---- | M] (Realtek Semiconductor Corp.)
SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Java\jre6\bin\jusched.exe -> File not found
swg hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2007/08/05 00:55:20 | 000,068,856 | ---- | M] (Google Inc.)
USRpdA hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Reg Error: Value error. -> File not found
WMPNSCFG hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Windows Media Player\WMPNSCFG.exe -> [2006/10/18 21:05:26 | 000,204,288 | ---- | M] (Microsoft Corporation)
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 2 -> 
"services" -> 0 -> 
"startup" -> 2 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 7/17/2010 3:36:44 PM Computer Name = TIMP432 | Source = Application Hang | ID = 1001 -> Description = Fault bucket 1180947459.
Application [ Error ] 7/19/2010 2:14:02 PM Computer Name = TIMP432 | Source = Application Error | ID = 1000 -> Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module oecom.dll, version 3.2.1.0, fault address 0x0000dab2.
Application [ Error ] 7/19/2010 2:14:10 PM Computer Name = TIMP432 | Source = Application Error | ID = 1001 -> Description = Fault bucket 863892766.
Application [ Error ] 7/29/2010 3:00:37 PM Computer Name = TIMP432 | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 8/17/2010 10:00:05 PM Computer Name = TIMP432 | Source = Google Update | ID = 20 -> Description = 
Application [ Error ] 8/18/2010 9:00:06 AM Computer Name = TIMP432 | Source = Google Update | ID = 20 -> Description = 
Application [ Error ] 8/18/2010 9:36:01 AM Computer Name = TIMP432 | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.  
Application [ Error ] 8/18/2010 9:36:01 AM Computer Name = TIMP432 | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.  
Application [ Error ] 8/18/2010 2:15:57 PM Computer Name = TIMP432 | Source = MPSampleSubmission | ID = 5000 -> Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P2 2.1.6805.0, P3 timeout, P4 1.1.6004.0, P5 local, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
Application [ Error ] 9/25/2010 6:34:04 PM Computer Name = TIMP432 | Source = MSSecurityEssentials | ID = 5000 -> Description = 
System [ Error ] 9/19/2010 8:38:35 AM Computer Name = TIMP432 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   SBRE  TfFsMon  TfSysMon
System [ Error ] 9/20/2010 9:37:42 AM Computer Name = TIMP432 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   SBRE  TfFsMon  TfSysMon
System [ Error ] 9/21/2010 8:43:23 AM Computer Name = TIMP432 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   SBRE  TfFsMon  TfSysMon
System [ Error ] 9/22/2010 8:46:16 AM Computer Name = TIMP432 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   SBRE  TfFsMon  TfSysMon
System [ Error ] 9/23/2010 9:36:38 AM Computer Name = TIMP432 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   SBRE  TfFsMon  TfSysMon
System [ Error ] 9/23/2010 12:16:29 PM Computer Name = TIMP432 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   SBRE  TfFsMon  TfSysMon
System [ Error ] 9/23/2010 12:18:05 PM Computer Name = TIMP432 | Source = Service Control Manager | ID = 7000 -> Description = The SASDIFSV service failed to start due to the following error:   %%183
System [ Error ] 9/24/2010 8:40:51 AM Computer Name = TIMP432 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   SBRE  TfFsMon  TfSysMon
System [ Error ] 9/24/2010 4:32:51 PM Computer Name = TIMP432 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   SBRE  TfFsMon  TfSysMon
System [ Error ] 9/25/2010 9:12:16 AM Computer Name = TIMP432 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   SBRE  TfFsMon  TfSysMon
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Documents and Settings\Tim\Desktop\OTS.exe -> [2010/09/25 17:55:12 | 000,641,536 | ---- | C] (OldTimer Tools)
 mbamswissarmy.sys -> C:\windows\System32\drivers\mbamswissarmy.sys -> [2010/09/23 18:20:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
 mbam.sys -> C:\windows\System32\drivers\mbam.sys -> [2010/09/23 18:20:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/09/23 18:20:30 | 000,000,000 | ---D | C]
 $hf_mig$ -> C:\windows\$hf_mig$ -> [2010/09/15 02:46:46 | 000,000,000 | -H-D | C]
 Config.Msi -> C:\Config.Msi -> [2010/08/30 23:01:26 | 000,000,000 | -HSD | C]
 6 C:\windows\*.tmp files -> C:\windows\*.tmp -> 
 1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 GoogleUpdateTaskMachineUA.job -> C:\windows\tasks\GoogleUpdateTaskMachineUA.job -> [2010/09/25 18:00:00 | 000,000,886 | ---- | M] ()
 OTS.exe -> C:\Documents and Settings\Tim\Desktop\OTS.exe -> [2010/09/25 17:55:33 | 000,641,536 | ---- | M] (OldTimer Tools)
 MP Scheduled Scan.job -> C:\windows\tasks\MP Scheduled Scan.job -> [2010/09/25 08:17:13 | 000,000,408 | -H-- | M] ()
 wpa.dbl -> C:\windows\System32\wpa.dbl -> [2010/09/25 08:12:59 | 000,013,646 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\windows\tasks\GoogleUpdateTaskMachineCore.job -> [2010/09/25 08:11:48 | 000,000,882 | ---- | M] ()
 SA.DAT -> C:\windows\tasks\SA.DAT -> [2010/09/25 08:11:46 | 000,000,006 | -H-- | M] ()
 bootstat.dat -> C:\windows\bootstat.dat -> [2010/09/25 08:11:43 | 000,002,048 | --S- | M] ()
 NTUSER.DAT -> C:\Documents and Settings\Tim\NTUSER.DAT -> [2010/09/25 02:09:48 | 007,864,320 | ---- | M] ()
 ntuser.ini -> C:\Documents and Settings\Tim\ntuser.ini -> [2010/09/25 02:09:48 | 000,000,178 | -HS- | M] ()
 IconCache.db -> C:\Documents and Settings\Tim\Local Settings\Application Data\IconCache.db -> [2010/09/25 02:09:39 | 011,218,436 | -H-- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/09/23 18:20:37 | 000,000,696 | ---- | M] ()
 imsins.BAK -> C:\windows\imsins.BAK -> [2010/09/15 03:09:40 | 000,001,374 | ---- | M] ()
 Microsoft Word.lnk -> C:\Documents and Settings\Tim\Desktop\Microsoft Word.lnk -> [2010/08/30 11:48:27 | 000,002,473 | ---- | M] ()
 May 3.doc -> C:\Documents and Settings\Tim\My Documents\May 3.doc -> [2010/08/30 11:09:38 | 000,020,992 | ---- | M] ()
 6 C:\windows\*.tmp files -> C:\windows\*.tmp -> 
 15 C:\Documents and Settings\Tim\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Tim\Local Settings\Temp\*.tmp -> 
 1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> 
 
[Files - No Company Name]
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/09/23 18:20:37 | 000,000,696 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/11/08 17:22:36 | 000,007,680 | ---- | C] ()
 PICSDK.ini -> C:\windows\System32\PICSDK.ini -> [2009/04/29 14:09:28 | 000,000,097 | ---- | C] ()
 EPWF500.ini -> C:\windows\EPWF500.ini -> [2009/04/29 14:07:52 | 000,000,044 | ---- | C] ()
 pythoncom25.dll -> C:\windows\System32\pythoncom25.dll -> [2008/11/29 15:16:34 | 000,339,968 | ---- | C] ()
 pywintypes25.dll -> C:\windows\System32\pywintypes25.dll -> [2008/11/29 15:16:34 | 000,114,688 | ---- | C] ()
 GlobalUserInterface.CompositeFont -> C:\windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 14:58:52 | 000,030,808 | ---- | C] ()
 GlobalSansSerif.CompositeFont -> C:\windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 14:53:56 | 000,026,489 | ---- | C] ()
 GlobalSerif.CompositeFont -> C:\windows\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 15:39:28 | 000,029,779 | ---- | C] ()
 GlobalMonospace.CompositeFont -> C:\windows\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 15:39:28 | 000,026,040 | ---- | C] ()
 desktop.ini -> C:\Documents and Settings\All Users\Application Data\desktop.ini -> [2005/06/28 00:38:09 | 000,000,062 | -HS- | C] ()
 GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Tim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2005/06/27 20:44:41 | 000,052,168 | ---- | C] ()
 nmocod.dll -> C:\windows\System32\nmocod.dll -> [2005/06/27 18:51:27 | 000,240,640 | ---- | C] ()
 usrwiz.ini -> C:\windows\usrwiz.ini -> [2005/06/27 18:50:03 | 000,000,082 | ---- | C] ()
 fusioncache.dat -> C:\Documents and Settings\Tim\Local Settings\Application Data\fusioncache.dat -> [2005/06/27 18:30:22 | 000,000,126 | ---- | C] ()
 ODBC.INI -> C:\windows\ODBC.INI -> [2005/06/27 18:19:51 | 000,000,376 | ---- | C] ()
 ntiembed.dll -> C:\windows\System32\ntiembed.dll -> [2005/06/27 18:08:02 | 000,001,024 | RH-- | C] ()
 NTIMPEG2.dll -> C:\windows\System32\NTIMPEG2.dll -> [2005/06/27 18:07:14 | 000,001,024 | RH-- | C] ()
 NTICDMK32.dll -> C:\windows\System32\NTICDMK32.dll -> [2005/06/27 18:07:14 | 000,001,024 | RH-- | C] ()
 IconCache.db -> C:\Documents and Settings\Tim\Local Settings\Application Data\IconCache.db -> [2005/06/27 17:10:49 | 011,218,436 | -H-- | C] ()
 RTLCPAPI.dll -> C:\windows\System32\RTLCPAPI.dll -> [2005/06/27 17:02:16 | 000,156,672 | ---- | C] ()
 ASACPI.sys -> C:\windows\System32\drivers\ASACPI.sys -> [2005/06/27 17:01:15 | 000,005,810 | R--- | C] ()
 Ascd_tmp.ini -> C:\windows\Ascd_tmp.ini -> [2005/06/27 17:01:13 | 000,017,968 | ---- | C] ()
 ASUSHWIO.SYS -> C:\windows\System32\drivers\ASUSHWIO.SYS -> [2005/06/27 17:01:12 | 000,005,824 | ---- | C] ()
 desktop.ini -> C:\Documents and Settings\Tim\Application Data\desktop.ini -> [2005/06/27 16:58:41 | 000,000,062 | -HS- | C] ()
 MSRTEDIT.DLL -> C:\windows\System32\MSRTEDIT.DLL -> [2004/09/20 17:08:22 | 000,065,536 | ---- | C] ()
 netamsg.dll -> C:\windows\System32\drivers\netamsg.dll -> [2004/09/19 04:27:52 | 000,019,968 | ---- | C] ()
 AsfBios.dll -> C:\windows\System32\AsfBios.dll -> [2004/07/15 02:30:02 | 000,073,728 | ---- | C] ()
 multiplex_vcd.dll -> C:\windows\System32\multiplex_vcd.dll -> [2001/12/26 16:12:30 | 000,065,536 | R--- | C] ()
 Hmpg12.dll -> C:\windows\System32\Hmpg12.dll -> [2001/09/03 23:46:38 | 000,110,592 | R--- | C] ()
 HMPV2_ENC.dll -> C:\windows\System32\HMPV2_ENC.dll -> [2001/07/30 16:33:56 | 000,118,784 | R--- | C] ()
 HMPV2_ENC_MMX.dll -> C:\windows\System32\HMPV2_ENC_MMX.dll -> [2001/07/23 22:04:36 | 000,118,784 | R--- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
```


----------



## luvmycubbies (Aug 18, 2006)

I hope I did this right. I didn't see any attachments section when I used the "Reply" button. 
Thank you.


----------



## Cookiegal (Aug 27, 2003)

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.


```
[Kill All Processes]
[Unregister Dlls]
[Driver Services - Safe List]
YN -> (TfSysMon) TfSysMon [Kernel | Boot | Stopped] -> C:\windows\System32\drivers\TfSysMon.sys
YN -> (TfNetMon) TfNetMon [Kernel | On_Demand | Stopped] -> C:\windows\System32\drivers\TfNetMon.sys
YN -> (TfFsMon) TfFsMon [Kernel | Boot | Stopped] -> C:\windows\System32\drivers\TfFsMon.sys
YN -> (SBRE) SBRE [Kernel | System | Stopped] -> C:\windows\System32\drivers\SBREdrv.sys
YN -> (pctplsg) pctplsg [Kernel | On_Demand | Stopped] -> C:\windows\System32\drivers\pctplsg.sys
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG9\avgssie.dll [AVG Safe Search]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{F2E259E8-0FC8-438C-A6E0-342DD80FA53E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "USRpdA" -> [C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA]
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
YN -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> Reg Error: Value error.
[Files/Folders - Created Within 30 Days]
NY ->  6 C:\windows\*.tmp files -> C:\windows\*.tmp
NY ->  1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  6 C:\windows\*.tmp files -> C:\windows\*.tmp
NY ->  15 C:\Documents and Settings\Tim\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Tim\Local Settings\Temp\*.tmp
NY ->  1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp
[Alternate Data Streams]
NY -> @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
NY -> @Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
[Empty Temp Folders]
[Start Explorer]
[Reboot]
```


----------



## luvmycubbies (Aug 18, 2006)

```
OTS logfile created on: 9/25/2010 5:57:22 PM - Run 1
OTS by OldTimer - Version 3.1.38.1     Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,015.00 Mb Total Physical Memory | 502.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 27.61 Gb Free Space | 74.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 37.26 Gb Total Space | 37.19 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TIMP432
Current User Name: Tim
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Tim\Desktop\OTS.exe -> [2010/09/25 17:55:33 | 000,641,536 | ---- | M] (OldTimer Tools)
superantispyware.exe -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -> [2010/09/23 11:18:00 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com)
msseces.exe -> C:\Program Files\Microsoft Security Essentials\msseces.exe -> [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation)
msmpeng.exe -> c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -> [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation)
agcoreservice.exe -> C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe -> [2010/03/18 10:57:48 | 000,020,480 | ---- | M] (AG Interactive)
acservice.exe -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2009/02/06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.)
webshots.scr -> C:\PROGRA~1\Webshots\Webshots.scr -> [2008/11/29 15:23:49 | 003,446,088 | ---- | M] (Webshots.com)
msimn.exe -> C:\Program Files\Outlook Express\msimn.exe -> [2008/04/13 19:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\windows\Explorer.EXE -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
mccitrayapp_ssr.exe -> C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe -> [2007/11/20 16:36:25 | 001,454,592 | ---- | M] (Motive Communications, Inc.)
point32.exe -> C:\Program Files\Microsoft IntelliPoint\point32.exe -> [2005/03/23 18:26:09 | 000,217,088 | ---- | M] (Microsoft Corporation)
usrmlnka.exe -> C:\windows\System32\USRmlnkA.exe -> [2004/08/04 07:00:00 | 000,077,891 | ---- | M] (U.S. Robotics Corporation)
usrshuta.exe -> C:\windows\System32\USRshutA.exe -> [2004/08/04 07:00:00 | 000,069,700 | ---- | M] ( U.S. Robotics Corporation)
type32.exe -> C:\Program Files\Microsoft IntelliType Pro\type32.exe -> [2004/06/03 03:51:27 | 000,172,032 | ---- | M] (Microsoft Corporation)
asfagent.exe -> C:\Program Files\Intel\ASF Agent\ASFAgent.exe -> [2004/05/30 06:25:18 | 000,122,880 | ---- | M] (Intel Corporation)
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Tim\Desktop\OTS.exe -> [2010/09/25 17:55:33 | 000,641,536 | ---- | M] (OldTimer Tools)
vdmdbg.dll -> C:\WINDOWS\system32\vdmdbg.dll -> [2008/04/13 19:12:08 | 000,026,112 | ---- | M] (Microsoft Corporation)
msscript.ocx -> C:\WINDOWS\system32\msscript.ocx -> [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation)
mccicontexthook_6-1-0_dsr.dll -> C:\Program Files\Common Files\Motive\McciContextHook_6-1-0_DSR.dll -> [2007/10/15 16:28:59 | 000,454,144 | ---- | M] (Motive Communications, Inc.)
 
[Win32 Services - Safe List]
(MSDTC) Distributed Transaction Coordinator [On_Demand | Stopped] ->  -> File not found
(AppMgmt) Application Management [On_Demand | Stopped] -> C:\windows\System32\appmgmts.dll -> File not found
(MsMpSvc) Microsoft Antimalware Service [Auto | Running] -> c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -> [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation)
(AGCoreService) AG Core Services [Auto | Running] -> C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe -> [2010/03/18 10:57:48 | 000,020,480 | ---- | M] (AG Interactive)
(ACDaemon) ArcSoft Connect Daemon [Auto | Running] -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2009/02/06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.)
(ASFAgent) ASF Agent [Auto | Running] -> C:\Program Files\Intel\ASF Agent\ASFAgent.exe -> [2004/05/30 06:25:18 | 000,122,880 | ---- | M] (Intel Corporation)
 
[Driver Services - Safe List]
(TfSysMon) TfSysMon [Kernel | Boot | Stopped] -> C:\windows\System32\drivers\TfSysMon.sys -> File not found
(TfNetMon) TfNetMon [Kernel | On_Demand | Stopped] -> C:\windows\System32\drivers\TfNetMon.sys -> File not found
(TfFsMon) TfFsMon [Kernel | Boot | Stopped] -> C:\windows\System32\drivers\TfFsMon.sys -> File not found
(SBRE) SBRE [Kernel | System | Stopped] -> C:\windows\System32\drivers\SBREdrv.sys -> File not found
(pctplsg) pctplsg [Kernel | On_Demand | Stopped] -> C:\windows\System32\drivers\pctplsg.sys -> File not found
(MRESP50a64) MRESP50a64 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -> File not found
(MREMP50a64) MREMP50a64 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -> File not found
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(MpFilter) Microsoft Malware Protection Driver [File_System | System | Running] -> C:\windows\System32\DRIVERS\MpFilter.sys -> [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation)
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -> [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\windows\System32\DRIVERS\HDAudBus.sys -> [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(MREMP50) MREMP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -> [2007/10/15 16:36:07 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(MRESP50) MRESP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -> [2007/10/15 16:36:07 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(vsdatant) vsdatant [Kernel | On_Demand | Stopped] -> C:\windows\System32\vsdatant.sys -> [2005/11/15 01:50:34 | 000,372,816 | ---- | M] (Zone Labs, LLC)
(NTIDrvr) Upper Class Filter Driver [Kernel | On_Demand | Running] -> C:\windows\System32\DRIVERS\NTIDrvr.sys -> [2005/06/27 18:08:35 | 000,006,912 | ---- | M] (NewTech Infosystems, Inc.)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\windows\System32\drivers\RtkHDAud.sys -> [2005/05/04 04:18:26 | 002,951,680 | ---- | M] (Realtek Semiconductor Corp.)
(iteraid) ITERAID_Service_Install [Kernel | Boot | Running] -> C:\windows\system32\DRIVERS\iteraid.sys -> [2005/04/16 14:01:44 | 000,024,960 | ---- | M] (Integrated Technology Express, Inc.)
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> C:\windows\System32\DRIVERS\e1e5132.sys -> [2005/03/31 04:04:52 | 000,180,736 | R--- | M] (Intel Corporation)
(iteatapi) ITEATAPI_Service_Install [Kernel | Boot | Running] -> C:\windows\system32\DRIVERS\iteatapi.sys -> [2005/03/04 00:34:40 | 000,025,424 | R--- | M] (Integrated Technology Express, Inc.)
(MRENDIS5) MRENDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -> [2004/11/22 11:36:40 | 000,018,003 | ---- | M] (Motive, Inc.)
(AsfAlrt) AsfAlrt Service [Kernel | On_Demand | Stopped] -> C:\windows\System32\Drivers\AsfAlrt.sys -> [2004/09/19 04:27:42 | 000,036,064 | ---- | M] (Intel Corporation)
(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> C:\windows\System32\DRIVERS\ASACPI.sys -> [2004/08/12 21:56:20 | 000,005,810 | R--- | M] ()
(USRpdA) U.S. Robotics 56K PCI Faxmodem Driver [Kernel | On_Demand | Running] -> C:\windows\System32\DRIVERS\USRpdA.sys -> [2001/08/17 08:28:26 | 000,113,762 | ---- | M] (U.S. Robotics Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://google.com/ -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> www.direcwaysupport.com;www.systemcontrolcenter.com;192.168.0.1;;127.0.0.1;<local> -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Tim\Application Data\Mozilla\FireFox\Profiles\ofsq8jv6.default\prefs.js -> 
browser.search.selectedEngine -> "Google" ->
browser.startup.homepage -> "http://www.msn.com/" ->
extensions.enabledItems -> [email protected]:1.0 ->
extensions.enabledItems -> {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.1 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  -> 
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Tim\Application Data\Mozilla\Extensions -> [2010/08/18 11:18:10 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\ofsq8jv6.default\extensions -> [2010/08/19 09:52:55 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant   -> C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\ofsq8jv6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/08/18 11:26:16 | 000,000,000 | ---D | M]
NoScript   -> C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\ofsq8jv6.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} -> [2010/08/19 09:01:07 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/08/17 21:39:28 | 000,417,864 | R--- | M] - 14469 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
First 25 entries...
Reset Hosts
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.123topsearch.com
127.0.0.1	123topsearch.com
127.0.0.1	www.132.com
127.0.0.1	132.com
127.0.0.1	www.136136.net
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2010/06/19 14:29:40 | 000,061,888 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG9\avgssie.dll [AVG Safe Search] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/07/14 09:00:57 | 000,278,192 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [Google Toolbar Notifier BHO] -> [2010/06/02 00:24:53 | 000,814,648 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/07/14 09:00:57 | 000,278,192 | ---- | M] (Google Inc.)
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/07/14 09:00:57 | 000,278,192 | ---- | M] (Google Inc.)
WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{F2E259E8-0FC8-438C-A6E0-342DD80FA53E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"HughesNetTools_McciTrayApp" -> C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe [C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe] -> [2007/11/20 16:36:25 | 001,454,592 | ---- | M] (Motive Communications, Inc.)
"IntelliPoint" -> C:\Program Files\Microsoft IntelliPoint\point32.exe ["C:\Program Files\Microsoft IntelliPoint\point32.exe"] -> [2005/03/23 18:26:09 | 000,217,088 | ---- | M] (Microsoft Corporation)
"MSSE" -> c:\Program Files\Microsoft Security Essentials\msseces.exe ["c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey] -> [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation)
"type32" -> C:\Program Files\Microsoft IntelliType Pro\type32.exe ["C:\Program Files\Microsoft IntelliType Pro\type32.exe"] -> [2004/06/03 03:51:27 | 000,172,032 | ---- | M] (Microsoft Corporation)
"USRpdA" ->  [C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA] -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"EPSON WorkForce 500 Series" -> C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE [C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE /FU "C:\DOCUME~1\Tim\LOCALS~1\Temp\E_S547.tmp" /EF "HKCU"] -> [2008/02/22 00:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION)
"SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2010/09/23 11:18:00 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Tim Startup Folder > -> C:\Documents and Settings\Tim\Start Menu\Programs\Startup -> 
C:\Documents and Settings\Tim\Start Menu\Programs\Startup\Webshots.lnk -> C:\Program Files\Webshots\3.1.5.7617\Launcher.exe -> [2009/12/08 13:38:14 | 000,157,088 | ---- | M] (Webshots.com)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
\Infodelivery\Restrictions\\"NoUpdateCheck" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"LinkResolveIgnoreLinkInfo" ->  [0] -> File not found
\\"NoResolveSearch" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
\\"LinkResolveIgnoreLinkInfo" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Google Sidewiki... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html] -> [2010/06/23 10:10:12 | 001,697,456 | ---- | M] (Google Inc.)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{193B17B0-7C9F-4D5B-AEAB-8D3605EFC084}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{688DC797-DC11-46A7-9F1B-445F4F58CE6E}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7413 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4818 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 49 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] -> 
{31E68DE2-5548-4B23-88F0-C51E6A0F695E} [HKLM] -> https://support.microsoft.com/OAS/ActiveX/odc.cab [Microsoft PID Sniffer] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132440494406 [MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> 
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
Microsoft XML Parser for Java [HKLM] -> file:///C:/WINDOWS/Java/classes/xmldso.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 66.82.4.8 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{EBB0C26D-589C-4CA8-8959-A96C737421EA}\\DhcpNameServer -> 66.82.4.8   (Intel(R) PRO/1000 PM Network Connection) -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"Use My Stylesheet" -> Reg Error: Invalid data type.
"User Stylesheet" -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\windows\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -> [2009/09/03 17:21:41 | 000,548,352 | ---- | M] (SUPERAntiSpyware.com)
igfxcui -> C:\windows\System32\igfxdev.dll -> [2005/04/05 01:18:22 | 000,131,072 | R--- | M] (Intel Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 12:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" -> C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe [C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player] -> File not found
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2005/05/14 12:49:52 | 009,034,240 | ---- | M] (Apple Computer, Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> Reg Error: Value error. -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Instant Update Reminder.lnk -> C:\Program Files\U.S. Robotics\ControlCenter\Reminder -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9 -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk -> C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe -> [2000/06/29 18:15:10 | 000,024,633 | ---- | M] (Microsoft® Corporation)
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe -> [2010/06/19 21:04:47 | 000,035,760 | ---- | M] (Adobe Systems Incorporated)
Alcmtr hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\windows\ALCMTR.EXE -> [2005/05/03 05:43:28 | 000,069,632 | ---- | M] (Realtek Semiconductor Corp.)
ArcSoft Connection Service hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe -> [2009/07/10 13:59:22 | 000,195,072 | ---- | M] (ArcSoft Inc.)
HotKeysCmds hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
IgfxTray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\iTunes\iTunesHelper.exe -> [2005/05/14 00:20:50 | 000,278,528 | ---- | M] (Apple Computer, Inc.)
Microsoft Works Update Detection hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
MSMSGS hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Messenger\msmsgs.exe -> [2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
Persistence hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\QuickTime\qttask.exe -> [2005/06/27 19:21:20 | 000,098,304 | ---- | M] (Apple Computer, Inc.)
RTHDCPL hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\windows\RTHDCPL.EXE -> [2005/05/04 04:28:46 | 014,396,416 | ---- | M] (Realtek Semiconductor Corp.)
SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Java\jre6\bin\jusched.exe -> File not found
swg hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2007/08/05 00:55:20 | 000,068,856 | ---- | M] (Google Inc.)
USRpdA hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Reg Error: Value error. -> File not found
WMPNSCFG hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Windows Media Player\WMPNSCFG.exe -> [2006/10/18 21:05:26 | 000,204,288 | ---- | M] (Microsoft Corporation)
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 2 -> 
"services" -> 0 -> 
"startup" -> 2 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 7/17/2010 3:36:44 PM Computer Name = TIMP432 | Source = Application Hang | ID = 1001 -> Description = Fault bucket 1180947459.
Application [ Error ] 7/19/2010 2:14:02 PM Computer Name = TIMP432 | Source = Application Error | ID = 1000 -> Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module oecom.dll, version 3.2.1.0, fault address 0x0000dab2.
Application [ Error ] 7/19/2010 2:14:10 PM Computer Name = TIMP432 | Source = Application Error | ID = 1001 -> Description = Fault bucket 863892766.
Application [ Error ] 7/29/2010 3:00:37 PM Computer Name = TIMP432 | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 8/17/2010 10:00:05 PM Computer Name = TIMP432 | Source = Google Update | ID = 20 -> Description = 
Application [ Error ] 8/18/2010 9:00:06 AM Computer Name = TIMP432 | Source = Google Update | ID = 20 -> Description = 
Application [ Error ] 8/18/2010 9:36:01 AM Computer Name = TIMP432 | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.  
Application [ Error ] 8/18/2010 9:36:01 AM Computer Name = TIMP432 | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.  
Application [ Error ] 8/18/2010 2:15:57 PM Computer Name = TIMP432 | Source = MPSampleSubmission | ID = 5000 -> Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P2 2.1.6805.0, P3 timeout, P4 1.1.6004.0, P5 local, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
Application [ Error ] 9/25/2010 6:34:04 PM Computer Name = TIMP432 | Source = MSSecurityEssentials | ID = 5000 -> Description = 
System [ Error ] 9/19/2010 8:38:35 AM Computer Name = TIMP432 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   SBRE  TfFsMon  TfSysMon
System [ Error ] 9/20/2010 9:37:42 AM Computer Name = TIMP432 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   SBRE  TfFsMon  TfSysMon
System [ Error ] 9/21/2010 8:43:23 AM Computer Name = TIMP432 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   SBRE  TfFsMon  TfSysMon
System [ Error ] 9/22/2010 8:46:16 AM Computer Name = TIMP432 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   SBRE  TfFsMon  TfSysMon
System [ Error ] 9/23/2010 9:36:38 AM Computer Name = TIMP432 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   SBRE  TfFsMon  TfSysMon
System [ Error ] 9/23/2010 12:16:29 PM Computer Name = TIMP432 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   SBRE  TfFsMon  TfSysMon
System [ Error ] 9/23/2010 12:18:05 PM Computer Name = TIMP432 | Source = Service Control Manager | ID = 7000 -> Description = The SASDIFSV service failed to start due to the following error:   %%183
System [ Error ] 9/24/2010 8:40:51 AM Computer Name = TIMP432 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   SBRE  TfFsMon  TfSysMon
System [ Error ] 9/24/2010 4:32:51 PM Computer Name = TIMP432 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   SBRE  TfFsMon  TfSysMon
System [ Error ] 9/25/2010 9:12:16 AM Computer Name = TIMP432 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   SBRE  TfFsMon  TfSysMon
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Documents and Settings\Tim\Desktop\OTS.exe -> [2010/09/25 17:55:12 | 000,641,536 | ---- | C] (OldTimer Tools)
 mbamswissarmy.sys -> C:\windows\System32\drivers\mbamswissarmy.sys -> [2010/09/23 18:20:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
 mbam.sys -> C:\windows\System32\drivers\mbam.sys -> [2010/09/23 18:20:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/09/23 18:20:30 | 000,000,000 | ---D | C]
 $hf_mig$ -> C:\windows\$hf_mig$ -> [2010/09/15 02:46:46 | 000,000,000 | -H-D | C]
 Config.Msi -> C:\Config.Msi -> [2010/08/30 23:01:26 | 000,000,000 | -HSD | C]
 6 C:\windows\*.tmp files -> C:\windows\*.tmp -> 
 1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 GoogleUpdateTaskMachineUA.job -> C:\windows\tasks\GoogleUpdateTaskMachineUA.job -> [2010/09/25 18:00:00 | 000,000,886 | ---- | M] ()
 OTS.exe -> C:\Documents and Settings\Tim\Desktop\OTS.exe -> [2010/09/25 17:55:33 | 000,641,536 | ---- | M] (OldTimer Tools)
 MP Scheduled Scan.job -> C:\windows\tasks\MP Scheduled Scan.job -> [2010/09/25 08:17:13 | 000,000,408 | -H-- | M] ()
 wpa.dbl -> C:\windows\System32\wpa.dbl -> [2010/09/25 08:12:59 | 000,013,646 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\windows\tasks\GoogleUpdateTaskMachineCore.job -> [2010/09/25 08:11:48 | 000,000,882 | ---- | M] ()
 SA.DAT -> C:\windows\tasks\SA.DAT -> [2010/09/25 08:11:46 | 000,000,006 | -H-- | M] ()
 bootstat.dat -> C:\windows\bootstat.dat -> [2010/09/25 08:11:43 | 000,002,048 | --S- | M] ()
 NTUSER.DAT -> C:\Documents and Settings\Tim\NTUSER.DAT -> [2010/09/25 02:09:48 | 007,864,320 | ---- | M] ()
 ntuser.ini -> C:\Documents and Settings\Tim\ntuser.ini -> [2010/09/25 02:09:48 | 000,000,178 | -HS- | M] ()
 IconCache.db -> C:\Documents and Settings\Tim\Local Settings\Application Data\IconCache.db -> [2010/09/25 02:09:39 | 011,218,436 | -H-- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/09/23 18:20:37 | 000,000,696 | ---- | M] ()
 imsins.BAK -> C:\windows\imsins.BAK -> [2010/09/15 03:09:40 | 000,001,374 | ---- | M] ()
 Microsoft Word.lnk -> C:\Documents and Settings\Tim\Desktop\Microsoft Word.lnk -> [2010/08/30 11:48:27 | 000,002,473 | ---- | M] ()
 May 3.doc -> C:\Documents and Settings\Tim\My Documents\May 3.doc -> [2010/08/30 11:09:38 | 000,020,992 | ---- | M] ()
 6 C:\windows\*.tmp files -> C:\windows\*.tmp -> 
 15 C:\Documents and Settings\Tim\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Tim\Local Settings\Temp\*.tmp -> 
 1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> 
 
[Files - No Company Name]
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/09/23 18:20:37 | 000,000,696 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/11/08 17:22:36 | 000,007,680 | ---- | C] ()
 PICSDK.ini -> C:\windows\System32\PICSDK.ini -> [2009/04/29 14:09:28 | 000,000,097 | ---- | C] ()
 EPWF500.ini -> C:\windows\EPWF500.ini -> [2009/04/29 14:07:52 | 000,000,044 | ---- | C] ()
 pythoncom25.dll -> C:\windows\System32\pythoncom25.dll -> [2008/11/29 15:16:34 | 000,339,968 | ---- | C] ()
 pywintypes25.dll -> C:\windows\System32\pywintypes25.dll -> [2008/11/29 15:16:34 | 000,114,688 | ---- | C] ()
 GlobalUserInterface.CompositeFont -> C:\windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 14:58:52 | 000,030,808 | ---- | C] ()
 GlobalSansSerif.CompositeFont -> C:\windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 14:53:56 | 000,026,489 | ---- | C] ()
 GlobalSerif.CompositeFont -> C:\windows\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 15:39:28 | 000,029,779 | ---- | C] ()
 GlobalMonospace.CompositeFont -> C:\windows\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 15:39:28 | 000,026,040 | ---- | C] ()
 desktop.ini -> C:\Documents and Settings\All Users\Application Data\desktop.ini -> [2005/06/28 00:38:09 | 000,000,062 | -HS- | C] ()
 GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Tim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2005/06/27 20:44:41 | 000,052,168 | ---- | C] ()
 nmocod.dll -> C:\windows\System32\nmocod.dll -> [2005/06/27 18:51:27 | 000,240,640 | ---- | C] ()
 usrwiz.ini -> C:\windows\usrwiz.ini -> [2005/06/27 18:50:03 | 000,000,082 | ---- | C] ()
 fusioncache.dat -> C:\Documents and Settings\Tim\Local Settings\Application Data\fusioncache.dat -> [2005/06/27 18:30:22 | 000,000,126 | ---- | C] ()
 ODBC.INI -> C:\windows\ODBC.INI -> [2005/06/27 18:19:51 | 000,000,376 | ---- | C] ()
 ntiembed.dll -> C:\windows\System32\ntiembed.dll -> [2005/06/27 18:08:02 | 000,001,024 | RH-- | C] ()
 NTIMPEG2.dll -> C:\windows\System32\NTIMPEG2.dll -> [2005/06/27 18:07:14 | 000,001,024 | RH-- | C] ()
 NTICDMK32.dll -> C:\windows\System32\NTICDMK32.dll -> [2005/06/27 18:07:14 | 000,001,024 | RH-- | C] ()
 IconCache.db -> C:\Documents and Settings\Tim\Local Settings\Application Data\IconCache.db -> [2005/06/27 17:10:49 | 011,218,436 | -H-- | C] ()
 RTLCPAPI.dll -> C:\windows\System32\RTLCPAPI.dll -> [2005/06/27 17:02:16 | 000,156,672 | ---- | C] ()
 ASACPI.sys -> C:\windows\System32\drivers\ASACPI.sys -> [2005/06/27 17:01:15 | 000,005,810 | R--- | C] ()
 Ascd_tmp.ini -> C:\windows\Ascd_tmp.ini -> [2005/06/27 17:01:13 | 000,017,968 | ---- | C] ()
 ASUSHWIO.SYS -> C:\windows\System32\drivers\ASUSHWIO.SYS -> [2005/06/27 17:01:12 | 000,005,824 | ---- | C] ()
 desktop.ini -> C:\Documents and Settings\Tim\Application Data\desktop.ini -> [2005/06/27 16:58:41 | 000,000,062 | -HS- | C] ()
 MSRTEDIT.DLL -> C:\windows\System32\MSRTEDIT.DLL -> [2004/09/20 17:08:22 | 000,065,536 | ---- | C] ()
 netamsg.dll -> C:\windows\System32\drivers\netamsg.dll -> [2004/09/19 04:27:52 | 000,019,968 | ---- | C] ()
 AsfBios.dll -> C:\windows\System32\AsfBios.dll -> [2004/07/15 02:30:02 | 000,073,728 | ---- | C] ()
 multiplex_vcd.dll -> C:\windows\System32\multiplex_vcd.dll -> [2001/12/26 16:12:30 | 000,065,536 | R--- | C] ()
 Hmpg12.dll -> C:\windows\System32\Hmpg12.dll -> [2001/09/03 23:46:38 | 000,110,592 | R--- | C] ()
 HMPV2_ENC.dll -> C:\windows\System32\HMPV2_ENC.dll -> [2001/07/30 16:33:56 | 000,118,784 | R--- | C] ()
 HMPV2_ENC_MMX.dll -> C:\windows\System32\HMPV2_ENC_MMX.dll -> [2001/07/23 22:04:36 | 000,118,784 | R--- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
```


----------



## luvmycubbies (Aug 18, 2006)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:05 AM, on 9/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\windows\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\windows\system32\svchost.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\windows\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.direcwaysupport.com;www.systemcontrolcenter.com;192.168.0.1;;127.0.0.1;<local>
R3 - URLSearchHook: agihelper.AGUtils - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - mscoree.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: agihelper.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HughesNetTools_McciTrayApp] C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON WorkForce 500 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE /FU "C:\DOCUME~1\Tim\LOCALS~1\Temp\E_S547.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\3.1.5.7617\Launcher.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132440494406
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

--
End of file - 6663 bytes


----------



## Cookiegal (Aug 27, 2003)

You didn't post the correct OTS log but it doesn't really matter.

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## luvmycubbies (Aug 18, 2006)

I found the errors and clicked the icon to copy the full error. I don't know how to get it into Notepad. Can you believe that? Sad but true.


----------



## luvmycubbies (Aug 18, 2006)

Pursuant to "don't know how to get notepad", I googled for a possible answer and found that I'm not the only one with WdwsXP who's had "Notepad" disappear. Many, many people have encountered that problem, including a "solved" in TSG. Most blame a trojan or virus for the situation. What do you think about that?


----------



## Cookiegal (Aug 27, 2003)

I doubt it has disappeared as you used it to post the HijackThis logs and we haven't done anything that would remove it.

If you go to Start - All Programs - Accessories - do you not see Notepad listed there?


----------



## Phantom010 (Mar 9, 2009)

You can also get Notepad to open by clicking Start > Run > and typing *notepad*. 

I use Notepad so often that I've dragged a shortcut to it on my taskbar.


----------



## Cookiegal (Aug 27, 2003)

Phantom010 said:


> You can also get Notepad to open by clicking Start > Run > and typing *notepad*.
> 
> I use Notepad so often that I've dragged a shortcut to it on my taskbar.


I have one on my desktop because I hate clutter in the Taskbar. Of course it's also in the Start Menu since I use it so often too


----------



## luvmycubbies (Aug 18, 2006)

I looked in Programs, clicked Accessories, no Notepad listed. There is Wordpad.
I also did, Start, Run and typed in "Notepad" which brought up "Untitled Notepad".
This stuff that's so basic for you all is giving me a headache! I do appreciate your patience with me. Now what should I do?


----------



## Cookiegal (Aug 27, 2003)

luvmycubbies said:


> I looked in Programs, clicked Accessories, no Notepad listed. There is Wordpad.
> I also did, Start, Run and typed in "Notepad" which brought up "Untitled Notepad".
> This stuff that's so basic for you all is giving me a headache! I do appreciate your patience with me. Now what should I do?


Untitled Notepad is exactly what you want. Now there are a couple of ways to "paste" the errors there. You can just right-click in the white text area and select "paste" from the right-click menu or you can click on "Edit" in the toolbar at the top and then select "paste" from the drop down menu.

Once you've copied all of the errors there you can copy and paste the entire report here. You should also save it in case we have to refer back to it.


----------



## luvmycubbies (Aug 18, 2006)

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 9/27/2010
Time: 8:17:24 AM
User: N/A
Computer:	TIMP432
Description:
The following boot-start or system-start driver(s) failed to load: 
SBRE
TfFsMon
TfSysMon

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 9/27/2010
Time: 8:17:24 AM
User: N/A
Computer:	TIMP432
Description:
The following boot-start or system-start driver(s) failed to load: 
SBRE
TfFsMon
TfSysMon

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 9/29/2010
Time: 8:24:40 AM
User: N/A
Computer:	TIMP432
Description:
The following boot-start or system-start driver(s) failed to load: 
SBRE
TfFsMon
TfSysMon

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 9/28/2010
Time: 4:15:21 PM
User: N/A
Computer:	TIMP432
Description:
The following boot-start or system-start driver(s) failed to load: 
SBRE
TfFsMon
TfSysMon

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 9/28/2010
Time: 8:18:30 AM
User: N/A
Computer:	TIMP432
Description:
The following boot-start or system-start driver(s) failed to load: 
SBRE
TfFsMon
TfSysMon

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 9/27/2010
Time: 10:12:16 AM
User: N/A
Computer:	TIMP432
Description:
The following boot-start or system-start driver(s) failed to load: 
SBRE
TfFsMon
TfSysMon

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7034
Date: 9/27/2010
Time: 10:07:51 AM
User: N/A
Computer:	TIMP432
Description:
The McciCMService service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7034
Date: 9/27/2010
Time: 10:07:51 AM
User: N/A
Computer:	TIMP432
Description:
The ASF Agent service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7034
Date: 9/27/2010
Time: 10:07:51 AM
User: N/A
Computer:	TIMP432
Description:
The AG Core Services service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7034
Date: 9/27/2010
Time: 10:07:51 AM
User: N/A
Computer:	TIMP432
Description:
The ArcSoft Connect Daemon service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7031
Date: 9/27/2010
Time: 10:07:50 AM
User: N/A
Computer:	TIMP432
Description:
The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 9/27/2010
Time: 8:17:24 AM
User: N/A
Computer:	TIMP432
Description:
The following boot-start or system-start driver(s) failed to load: 
SBRE
TfFsMon
TfSysMon

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

Go to *Start *- *Run * type in *cmd *then click OK. The MSDOS window will be displayed. At the prompt type the following:

*SC Delete SBRE*

Then press Enter

Type:

*SC Delete TfFsMon*

Press Enter

Type:

*SC Delete TfSysMon*

Press Enter

Type:

Exit

Then post a new HijackThis log please.


----------



## luvmycubbies (Aug 18, 2006)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:34 PM, on 9/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\RTHDCPL.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\windows\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\windows\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.direcwaysupport.com;www.systemcontrolcenter.com;192.168.0.1;;127.0.0.1;<local>
R3 - URLSearchHook: agihelper.AGUtils - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - mscoree.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: agihelper.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HughesNetTools_McciTrayApp] C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON WorkForce 500 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE /FU "C:\DOCUME~1\Tim\LOCALS~1\Temp\E_S547.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\3.1.5.7617\Launcher.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132440494406
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

--
End of file - 6883 bytes


----------



## Cookiegal (Aug 27, 2003)

Rescan with HijackThis, close all other browser windows, place a check mark beside the following entries and then click on "Fix Checked".

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Please check the Event Viewer again and copy and paste any errors that have occurred in the last 24 hours so I can see if what I just had you do worked.


----------



## luvmycubbies (Aug 18, 2006)

I did the "fix checked" in HJT. Below are the only 2 errors I found in Event Viewer.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 9/30/2010
Time: 7:30:53 AM
User: N/A
Computer:	TIMP432
Description:
The following boot-start or system-start driver(s) failed to load: 
SBRE
TfFsMon
TfSysMon

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 9/30/2010
Time: 1:43:56 AM
User: N/A
Computer:	TIMP432
Description:
The following boot-start or system-start driver(s) failed to load: 
SBRE
TfFsMon
TfSysMon

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 9/30/2010
Time: 1:43:56 AM
User: N/A
Computer:	TIMP432
Description:
The following boot-start or system-start driver(s) failed to load: 
SBRE
TfFsMon
TfSysMon

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

That's fine because those were from yesterday before I had you delete those services.

How are things now?


----------



## luvmycubbies (Aug 18, 2006)

I feel that I'm pretty much back to recognizing the files I'm seeing as I go about the periodic cleaning out of temporary files, except for 2 things. In "Temp" folder, in addition to ones I recognize that should be deleted, there are 44 folders identified as XML documents. I've never seen that description before. Are they temp folders in a new language and if so, should I delete them? And when I open "Temporary Internet Files", everything in there is cookies. Before my ex-repair guy messed everything up, I never saw a cookie list before. Should I delete all them? I always have this fear of deleting something essential. So, we're getting very close to being "solved", aren't we?


----------



## Cookiegal (Aug 27, 2003)

luvmycubbies said:


> In "Temp" folder, in addition to ones I recognize that should be deleted, there are 44 folders identified as XML documents. I've never seen that description before. Are they temp folders in a new language and if so, should I delete them?


These should be XML files (not folders). XML is a coding language. It's normal to have .xml files and you can delete them from this location because they are in a Temp folder.


> And when I open "Temporary Internet Files", everything in there is cookies. Before my ex-repair guy messed everything up, I never saw a cookie list before. Should I delete all them?


I think he just changed the setting so files/folders are unhidden and that's why you're seeing things you've never seen before. It's normal to have cookies in this location. You can delete them but if they're needed to log on to sites then you will have to log on again and accept a new cookie.


----------



## luvmycubbies (Aug 18, 2006)

OK, I do understand now about the XML files and the cookie files and I no longer fear something is lurking in the previously "strange" files that's going to trash my computer. I am sincerely appreciative of the time and effort you put forth in helping me. I'm so thankful I happened upon TSG a few years ago. You people are GREAT!
And thanks also to Ent who referenced the library article about hiding files, etc..
TSG rocks!!


----------



## Cookiegal (Aug 27, 2003)

It's my pleasure.


----------

