Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91987 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Computer randomly locks up


  • This topic is locked This topic is locked
27 replies to this topic

#16 extremeboy

extremeboy

    Retired WTT Malware Disintegrator Teacher

  • Authentic Member
  • PipPipPipPipPip
  • 1,433 posts

Posted 29 September 2009 - 06:28 PM

Hello.

Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    File::
    c:\windows\Bxemojiy.bin
    c:\windows\Fhedakohodopuvon.dat
    c:\windows\system32\usbctl.exe
    c:\windows\okedifexemexiz.dll
    Folder::
    c:\documents and settings\Edward\Local Settings\Application Data\{355914F4-88B0-47F9-AF83-F7800AFB0892}
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Jkezivajiyuh"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=-
    "FirewallOverride"=-
    Driver::
    XDva219
    NOOB
    FireFox::
    FF - ProfilePath - c:\documents and settings\Edward\Application Data\Mozilla\Firefox\Profiles\4zh2edl5.default\
    FF - HiddenExtension: XULRunner: {355914F4-88B0-47F9-AF83-F7800AFB0892} - c:\documents and settings\Edward\Local Settings\Application Data\{355914F4-88B0-47F9-AF83-F7800AFB0892
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Download and Run GooredFix

Please download GooredFix and save it to your Desktop if you lost your copy.
Alternative Download Mirror #1

Please make sure all instances of Firefox are closed at this point before proceeding.

  • Ensure all Firefox windows are closed at this time.
  • Please double-click GooredFix.exe on your Desktop to run it. If you are using Vista, please right-click and select run as administartor
  • When prompted to run the scan, click Yes.
  • The removal process will begin, please be paitent until it finishes.
  • A log will open with the file after completion, please post the contents of that log in your next reply
*Note: The log can also be found on your desktop called GooredFix.txt
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to Posted Image

    Advertisements

Register to Remove


#17 relaxtomato

relaxtomato

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 30 September 2009 - 10:46 AM

ComboFix 09-09-28.01 - Edward 09/30/2009 12:19.6.1 - NTFSx86
Running from: c:\documents and settings\Edward\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Edward\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
"c:\windows\Bxemojiy.bin"
"c:\windows\Fhedakohodopuvon.dat"
"c:\windows\okedifexemexiz.dll"
"c:\windows\system32\usbctl.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Edward\Local Settings\Application Data\{355914F4-88B0-47F9-AF83-F7800AFB0892}
c:\documents and settings\Edward\Local Settings\Application Data\{355914F4-88B0-47F9-AF83-F7800AFB0892}\chrome.manifest
c:\documents and settings\Edward\Local Settings\Application Data\{355914F4-88B0-47F9-AF83-F7800AFB0892}\chrome\content\_cfg.js
c:\documents and settings\Edward\Local Settings\Application Data\{355914F4-88B0-47F9-AF83-F7800AFB0892}\chrome\content\overlay.xul
c:\documents and settings\Edward\Local Settings\Application Data\{355914F4-88B0-47F9-AF83-F7800AFB0892}\install.rdf
c:\windows\Bxemojiy.bin
c:\windows\Fhedakohodopuvon.dat
c:\windows\okedifexemexiz.dll
c:\windows\system32\usbctl.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XDVA219
-------\Service_NOOB
-------\Service_XDva219
-------\Legacy_usbctl
-------\Service_usbctl


((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-30 )))))))))))))))))))))))))))))))
.

2009-09-28 04:22 . 2009-09-29 21:25 -------- d-----w- c:\program files\Ootake
2009-09-27 06:50 . 2009-09-27 16:35 -------- d-----w- c:\program files\The Shivah
2009-09-26 19:38 . 2009-09-26 19:38 -------- d-----w- c:\documents and settings\Edward\Application Data\Firaxis Games
2009-09-25 23:56 . 2009-09-25 23:56 -------- d-----w- c:\documents and settings\Edward\Application Data\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1
2009-09-25 23:54 . 2009-09-25 23:54 -------- d-----w- c:\program files\GOG.com Downloader
2009-09-25 23:53 . 2009-09-25 23:53 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-24 16:56 . 2009-09-24 16:56 -------- d-----w- c:\program files\DIFX
2009-09-24 16:55 . 2007-08-02 21:32 22784 ----a-w- c:\windows\system32\drivers\dadder.sys
2009-09-24 16:55 . 2005-03-03 23:47 31104 ----a-w- c:\windows\system32\drivers\CYUSB.sys
2009-09-22 16:08 . 2009-09-22 16:08 -------- d-----w- c:\program files\BlackIsle
2009-09-21 16:12 . 2009-09-21 16:12 -------- d-----w- c:\program files\Trend Micro
2009-09-20 20:42 . 2009-09-24 15:39 -------- d-----w- c:\program files\ERUNT
2009-09-19 20:12 . 2009-09-19 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Nexon
2009-09-19 17:28 . 2009-09-04 21:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-19 17:28 . 2009-09-04 21:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-19 17:28 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-19 17:28 . 2009-09-04 21:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-19 17:28 . 2009-09-04 21:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-19 17:28 . 2009-09-04 21:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-19 17:28 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-13 22:52 . 2009-09-13 23:01 -------- d-----w- c:\documents and settings\Edward\.lostlaby
2009-09-13 22:49 . 2009-09-15 19:41 -------- d-----w- c:\program files\Castlevania - The Bloodletting V.1.3 BETA
2009-09-09 17:16 . 2009-09-09 17:16 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-09-06 23:57 . 2009-09-27 19:14 -------- d-----w- c:\program files\GOG.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-30 16:16 . 2008-06-08 02:49 -------- d-----w- c:\documents and settings\Edward\Application Data\.purple
2009-09-29 23:03 . 2008-06-08 02:51 -------- d-----w- c:\documents and settings\Edward\Application Data\gtk-2.0
2009-09-28 21:13 . 2009-08-07 07:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-28 17:20 . 2007-04-14 22:25 -------- d-----w- c:\program files\World of Warcraft
2009-09-27 17:17 . 2009-07-21 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2009-09-26 21:34 . 2007-04-27 03:36 -------- d-----w- c:\documents and settings\Edward\Application Data\uTorrent
2009-09-26 19:38 . 2006-08-12 00:47 -------- d-----w- c:\documents and settings\Edward\Application Data\InstallShield Installation Information
2009-09-26 04:52 . 2008-06-12 23:39 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-09-26 04:52 . 2008-06-12 23:39 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-09-25 21:32 . 2007-04-19 17:54 -------- d-----w- c:\program files\Steam
2009-09-24 16:55 . 2007-09-26 21:57 -------- d-----w- c:\program files\Razer
2009-09-24 16:55 . 2006-05-16 02:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-22 18:07 . 2006-05-17 00:49 -------- d-----w- c:\program files\mIRC
2009-09-22 16:22 . 2007-04-06 17:06 -------- d-----w- c:\program files\Turbine
2009-09-22 16:19 . 2008-10-08 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy
2009-09-22 16:09 . 2008-06-26 22:21 52736 ----a-w- c:\windows\ipuninst.exe
2009-09-20 17:09 . 2007-05-24 17:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-20 17:07 . 2007-05-24 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-19 17:12 . 2009-08-07 16:40 179792 ----a-w- c:\windows\system32\guard32.dll
2009-09-19 17:12 . 2009-08-07 16:40 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-09-19 17:12 . 2009-08-07 16:40 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-09-19 17:12 . 2009-08-07 16:40 132296 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-09-18 06:27 . 2006-05-16 02:15 28024 ----a-w- c:\documents and settings\Edward\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-15 19:48 . 2007-12-26 21:02 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 18:54 . 2009-08-07 07:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-08-07 07:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 17:16 . 2006-08-04 20:07 -------- d-----w- c:\program files\DivX
2009-09-04 21:44 . 2009-07-05 19:10 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 21:16 . 2009-01-19 16:53 -------- d-----w- c:\program files\Project64 1.6
2009-09-03 00:38 . 2006-05-18 02:06 -------- d-----w- c:\documents and settings\Edward\Application Data\Ventrilo
2009-08-31 18:08 . 2008-02-02 07:56 -------- d-----w- c:\program files\Electronic Arts
2009-08-30 21:44 . 2009-08-30 21:44 -------- d-----w- c:\program files\1964
2009-08-25 18:08 . 2006-05-27 17:46 -------- d-----w- c:\program files\Soulseek
2009-08-22 15:34 . 2009-08-22 15:34 -------- d-----w- c:\program files\Shiny
2009-08-21 21:07 . 2009-08-21 18:29 -------- d-----w- c:\documents and settings\Edward\Application Data\RayV
2009-08-21 05:08 . 2009-08-21 05:08 -------- d-----w- c:\program files\Osmos
2009-08-19 22:02 . 2009-08-19 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-13 21:52 . 2008-01-25 05:44 -------- d-----w- c:\documents and settings\Edward\Application Data\OpenOffice.org2
2009-08-12 15:56 . 2009-08-12 15:56 -------- d-----w- c:\documents and settings\Edward\Application Data\Acreon
2009-08-10 02:48 . 2009-08-10 02:36 -------- d-----w- c:\program files\Image-Line
2009-08-10 02:47 . 2009-08-10 02:41 -------- d-----w- c:\program files\VstPlugins
2009-08-10 02:38 . 2009-08-10 02:38 -------- d-----w- c:\program files\Outsim
2009-08-10 02:30 . 2009-08-10 02:30 5120 ----a-w- c:\program files\WordPad Document Scrap 'C__Program Files...'.shs
2009-08-09 23:57 . 2009-08-07 07:29 -------- d-----w- c:\program files\PeerGuardian2
2009-08-07 18:14 . 2009-05-20 19:46 -------- d-----w- c:\documents and settings\Edward\Application Data\Hamachi
2009-08-07 16:49 . 2009-08-07 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2009-08-07 16:39 . 2009-08-07 16:39 -------- d-----w- c:\program files\COMODO
2009-08-07 09:00 . 2007-05-25 03:14 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-07 08:33 . 2008-06-08 02:32 -------- d-----w- c:\program files\ESET
2009-08-07 08:11 . 2009-08-07 08:11 -------- d-----w- c:\documents and settings\Edward\Application Data\ESET
2009-08-07 08:09 . 2008-06-08 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-08-07 07:50 . 2009-08-07 07:50 -------- d-----w- c:\documents and settings\Edward\Application Data\Malwarebytes
2009-08-07 07:50 . 2009-08-07 07:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-06 16:45 . 2006-05-16 02:35 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-08-05 15:47 . 2006-05-16 04:25 -------- d-----w- c:\program files\Winamp
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 04:09 . 2008-07-06 17:32 -------- d-----w- c:\program files\Microsoft Games
2009-08-04 03:46 . 2009-08-04 03:43 34 ----a-w- c:\documents and settings\Edward\jagex_runescape_preferences.dat
2009-08-04 03:11 . 2009-01-11 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-08-04 02:53 . 2009-08-04 02:52 -------- d-----w- c:\documents and settings\Edward\Application Data\Tenderfoot Games
2009-08-02 19:51 . 2006-08-08 21:54 -------- d-----w- c:\program files\EA GAMES
2009-08-02 16:32 . 2009-08-02 16:32 -------- d-----w- c:\program files\Defraggler
2009-08-02 16:28 . 2007-05-24 17:52 -------- d-----w- c:\program files\CCleaner
2009-08-01 20:14 . 2009-08-01 18:28 763 ----a-w- c:\windows\eReg.dat
2009-08-01 18:18 . 2009-08-01 18:18 -------- d-----w- c:\documents and settings\Edward\Application Data\DAEMON Tools Pro
2009-08-01 08:13 . 2008-06-22 20:36 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-01 08:09 . 2009-08-01 08:03 94208 ----a-w- c:\documents and settings\Edward\Application Data\ezplay.sys
2009-08-01 08:08 . 2009-08-01 08:02 47360 ----a-w- c:\documents and settings\Edward\Application Data\pcouffin.sys
2009-08-01 08:03 . 2009-08-01 08:03 94208 ----a-w- c:\windows\system32\drivers\ezplay.sys
2009-08-01 08:02 . 2009-08-01 08:02 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-07-31 20:34 . 2009-01-02 04:13 285 ----a-w- c:\windows\EReg072.dat
2009-07-23 20:20 . 2006-08-22 23:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-23 19:44 . 2009-07-23 19:44 2368 ----a-w- c:\windows\system32\SVKP.sys
2009-07-23 18:18 . 2009-07-23 18:18 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2009-07-23 18:18 . 2009-07-23 18:18 17212 ----a-w- c:\windows\system32\SIntf32.dll
2009-07-23 18:18 . 2009-07-23 18:18 12067 ----a-w- c:\windows\system32\SIntf16.dll
2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 18:55 . 2009-07-14 18:55 4 --sh--r- C:\WINOS.SYS
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 02:04 . 2009-07-14 02:04 24540 ---ha-w- c:\windows\system32\mlfcache.dat
2009-07-11 01:28 . 2009-02-27 22:15 139152 ----a-w- c:\documents and settings\Edward\Application Data\PnkBstrK.sys
2008-05-27 03:51 . 2008-04-13 22:20 197 -csha-w- c:\program files\Common Files\maxtreme.dat
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-08 00:38 . 2009-02-08 00:38 56 --sh--r- c:\windows\system32\3D2D32B15E.sys
2009-02-08 00:38 . 2009-02-08 00:38 848 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-09-27_21.43.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-30 16:32 . 2009-09-30 16:32 16384 c:\windows\TEMP\Perflib_Perfdata_7dc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"Google Update"="c:\documents and settings\Edward\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-07 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-09-19 1799952]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 18:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"WebcamMaxMoniter"="c:\program files\WebcamMax\wcmmon.exe" /a

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\deus ex\\System\\DeusEx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56804:TCP"= 56804:TCP:Pando Media Booster
"56804:UDP"= 56804:UDP:Pando Media Booster
"56126:TCP"= 56126:TCP:Pando Media Booster
"56126:UDP"= 56126:UDP:Pando Media Booster

R3 GR;GR;c:\documents and settings\Edward\Desktop\Bot\Aimbot\GR.sys [x]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\Drivers\DB3G.sys [2005-04-25 13225]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX32.sys [2007-08-14 37088]
R3 UsbFltr;%SvcDisplayName%;c:\windows\system32\drivers\copperhd.sys [2005-11-02 11596]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-09-19 132296]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-09-19 25160]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 5632]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 32256]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2009-07-23 2368]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 22784]

.
Contents of the 'Scheduled Tasks' folder

2009-09-27 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2009-07-22 14:10]

2009-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-152049171-725345543-1004Core.job
- c:\documents and settings\Edward\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-07 17:11]

2009-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-152049171-725345543-1004UA.job
- c:\documents and settings\Edward\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-07 17:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
DPF: {77538FC7-CE52-4704-9865-494FE92BC320} - hxxp://www.ultimatebaseballonline.com/myubo/launchubo.OCX
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\documents and settings\Edward\Application Data\Mozilla\Firefox\Profiles\4zh2edl5.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\Edward\Application Data\Mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Edward\Application Data\Mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{190b412f-3273-4922-9954-56e8bcb5e113}\plugins\NPnsv.dll
FF - plugin: c:\documents and settings\Edward\Application Data\Mozilla\Firefox\Profiles\4zh2edl5.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\Edward\Application Data\Mozilla\Firefox\Profiles\4zh2edl5.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\Edward\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-30 12:31
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:36,c4,b9,9f,3f,38,78,b9,1b,12,4d,22,65,c4,6f,0c,aa,ce,f5,94,e3,2b,ea,
c0,21,96,7f,44,bc,75,54,b6,4e,76,d8,18,c6,9d,28,5a,37,de,8b,14,00,19,64,27,\
"??"=hex:c5,76,78,e6,2c,d6,d2,a1,d9,73,52,64,12,8a,09,82

[HKEY_USERS\S-1-5-21-746137067-152049171-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:3b,4b,d2,dc,7e,db,f1,5f,d0,c9,2c,36,80,e9,b8,a7,bc,1e,1d,04,94,
6f,1e,67,79,37,09,18,ff,0a,ed,a1,ae,f9,aa,d7,39,21,c4,c6,da,e0,88,69,e5,62,\
"rkeysecu"=hex:ce,d2,dd,a6,01,7d,51,2f,f8,21,09,58,c7,13,5a,32
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2664)
c:\windows\IME\SPGRMR.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Razer\DeathAdder\razerofa.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-30 12:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-30 16:41
ComboFix2.txt 2009-09-29 22:32
ComboFix3.txt 2009-09-28 21:10
ComboFix4.txt 2009-09-27 21:46
ComboFix5.txt 2009-09-30 16:17

Pre-Run: 100,624,625,664 bytes free
Post-Run: 100,575,707,136 bytes free

304 --- E O F --- 2009-09-14 16:04



GooredFix by jpshortstuff (24.09.09.1)
Log created at 12:44 on 30/09/2009 (Edward)
Firefox version 3.5.2 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [02:26 16/05/2006]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [05:40 25/01/2008]
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [00:00 27/06/2008]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [21:44 28/08/2008]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [01:37 24/01/2009]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [22:09 26/06/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [01:36 24/01/2009]

-=E.O.F=-

#18 extremeboy

extremeboy

    Retired WTT Malware Disintegrator Teacher

  • Authentic Member
  • PipPipPipPipPip
  • 1,433 posts

Posted 01 October 2009 - 04:27 PM

Hello.

That looks better.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Let me know how your computer is running now as well. Any problems/issues left?

~EB
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to Posted Image

#19 relaxtomato

relaxtomato

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 03 October 2009 - 11:18 PM

Malwarebytes' Anti-Malware 1.41 Database version: 2902 Windows 5.1.2600 Service Pack 2 10/4/2009 1:17:57 AM mbam-log-2009-10-04 (01-17-57).txt Scan type: Quick Scan Objects scanned: 100761 Time elapsed: 4 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

#20 extremeboy

extremeboy

    Retired WTT Malware Disintegrator Teacher

  • Authentic Member
  • PipPipPipPipPip
  • 1,433 posts

Posted 04 October 2009 - 08:28 AM

Let me know how your computer is running now as well. Any problems/issues left?


Run ESET Online Scan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
You can refer to this animation by neomage if needed.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to Posted Image

#21 extremeboy

extremeboy

    Retired WTT Malware Disintegrator Teacher

  • Authentic Member
  • PipPipPipPipPip
  • 1,433 posts

Posted 08 October 2009 - 04:09 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.

Thanks for understanding.

With Regards,
Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to Posted Image

#22 relaxtomato

relaxtomato

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 10 October 2009 - 10:27 AM

Sorry about that, I was gone for a few days. My computer seems to be working fine now, though. I scanned with the Eset Online Scanner but it didn't find anything so I wasn't able to get a log. DDS (Ver_09-06-26.01) - NTFSx86 Run by Edward at 12:25:29.54 on Sat 10/10/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14 ============== Running Processes =============== ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear uRun: [Google Update] "c:\documents and settings\edward\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [nwiz] nwiz.exe /install mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript dRunOnce: [RunNarrator] Narrator.exe IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} - hxxp://fishingchamp.gamescampus.com/luncher/GamesCampus.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176515726406 DPF: {77538FC7-CE52-4704-9865-494FE92BC320} - hxxp://www.ultimatebaseballonline.com/myubo/launchubo.OCX DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll AppInit_DLLs: c:\windows\system32\guard32.dll SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\edward\applic~1\mozilla\firefox\profiles\4zh2edl5.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - component: c:\documents and settings\edward\application data\mozilla\firefox\profiles\4zh2edl5.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll FF - plugin: c:\documents and settings\edward\application data\mozilla\firefox\profiles\4zh2edl5.default\extensions\{190b412f-3273-4922-9954-56e8bcb5e113}\plugins\NPnsv.dll FF - plugin: c:\documents and settings\edward\application data\mozilla\firefox\profiles\4zh2edl5.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll FF - plugin: c:\documents and settings\edward\application data\mozilla\firefox\profiles\4zh2edl5.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\documents and settings\edward\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npbyond.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-10-08 17:14 <DIR> --d----- c:\docume~1\edward\applic~1\ID3-TagIT 3 2009-10-08 17:14 <DIR> --d----- c:\program files\ID3-TagIT 3 2009-10-08 17:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ID3-TagIT 3 2009-10-08 17:08 <DIR> --d----- c:\docume~1\edward\applic~1\Mp3tag 2009-10-03 19:45 <DIR> --d----- c:\program files\Sigma Team 2009-10-02 15:30 11 a------- c:\windows\tekkyuuman.INI 2009-10-02 12:15 <DIR> --d----- C:\World of Warcraft Public Test 2009-10-01 17:59 <DIR> --d----- c:\program files\Wesnoth 1.4.1 2009-09-30 17:44 <DIR> --d----- c:\program files\Stranded II 2009-09-30 15:34 <DIR> --d----- c:\program files\Multiwinia 2009-09-28 00:38 1,048,576 a------- C:\BS Super E.D.F. (J).smc 2009-09-28 00:22 <DIR> --d----- c:\program files\Ootake 2009-09-27 17:32 <DIR> a-dshr-- C:\cmdcons 2009-09-27 17:29 229,888 a------- c:\windows\PEV.exe 2009-09-27 17:29 161,792 a------- c:\windows\SWREG.exe 2009-09-27 17:29 98,816 a------- c:\windows\sed.exe 2009-09-27 02:50 <DIR> --d----- c:\program files\The Shivah 2009-09-26 00:56 453 a------- c:\windows\fred2_open_3_6_10d.INI 2009-09-25 19:56 <DIR> --d----- c:\docume~1\edward\applic~1\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1 2009-09-25 19:54 <DIR> --d----- c:\program files\GOG.com Downloader 2009-09-24 12:55 22,784 a------- c:\windows\system32\drivers\dadder.sys 2009-09-24 12:55 31,104 a------- c:\windows\system32\drivers\CYUSB.sys 2009-09-24 12:55 73,728 a------- c:\windows\system32\DeathAdder.cpl 2009-09-22 12:08 <DIR> --d----- c:\program files\BlackIsle 2009-09-21 12:12 <DIR> --d----- c:\program files\Trend Micro 2009-09-19 16:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nexon 2009-09-19 13:28 515,416 a------- c:\windows\system32\XAudio2_5.dll 2009-09-19 13:28 238,936 a------- c:\windows\system32\xactengine3_5.dll 2009-09-19 13:28 1,974,616 a------- c:\windows\system32\D3DCompiler_42.dll 2009-09-19 13:28 5,501,792 a------- c:\windows\system32\d3dcsx_42.dll 2009-09-19 13:28 235,344 a------- c:\windows\system32\d3dx11_42.dll 2009-09-19 13:28 453,456 a------- c:\windows\system32\d3dx10_42.dll 2009-09-19 13:28 1,892,184 a------- c:\windows\system32\D3DX9_42.dll 2009-09-13 18:52 <DIR> --d----- c:\documents and settings\edward\.lostlaby 2009-09-13 18:49 <DIR> --d----- c:\program files\Castlevania - The Bloodletting V.1.3 BETA ==================== Find3M ==================== 2009-09-26 00:52 444,952 a------- c:\windows\system32\wrap_oal.dll 2009-09-26 00:52 109,080 a------- c:\windows\system32\OpenAL32.dll 2009-09-22 12:09 52,736 a------- c:\windows\ipuninst.exe 2009-09-19 13:12 179,792 a------- c:\windows\system32\guard32.dll 2009-09-19 13:12 132,296 a------- c:\windows\system32\drivers\cmdguard.sys 2009-09-19 13:12 25,160 a------- c:\windows\system32\drivers\cmdhlp.sys 2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-09-04 17:44 69,464 a------- c:\windows\system32\XAPOFX1_3.dll 2009-08-09 22:30 5,120 a------- c:\program files\WordPad Document Scrap 'C__Program Files...'.shs 2009-08-07 05:00 4,212 a---h--- c:\windows\system32\zllictbl.dat 2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll 2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll 2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-03 23:46 34 a------- c:\documents and settings\edward\jagex_runescape_preferences.dat 2009-08-01 04:09 94,208 a------- c:\docume~1\edward\applic~1\ezplay.sys 2009-08-01 04:08 47,360 a------- c:\docume~1\edward\applic~1\pcouffin.sys 2009-07-23 16:20 107,888 a------- c:\windows\system32\CmdLineExt.dll 2009-07-23 15:44 2,368 a------- c:\windows\system32\SVKP.sys 2009-07-23 14:18 21,840 a------- c:\windows\system32\SIntfNT.dll 2009-07-23 14:18 17,212 a------- c:\windows\system32\SIntf32.dll 2009-07-23 14:18 12,067 a------- c:\windows\system32\SIntf16.dll 2009-07-17 14:55 58,880 a------- c:\windows\system32\atl.dll 2009-07-14 14:55 4 ---shr-- C:\WINOS.SYS 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-07-13 22:04 24,540 a---h--- c:\windows\system32\mlfcache.dat 2009-07-10 21:28 139,152 a------- c:\docume~1\edward\applic~1\PnkBstrK.sys 2008-07-22 15:33 1,568 a------- c:\docume~1\edward\applic~1\mpauth.dat 2008-07-03 23:24 64,269 a------- c:\documents and settings\edward\bncache.dat 2008-05-26 23:51 197 ac-sh--- c:\program files\common files\maxtreme.dat 2007-10-11 23:53 140,202,521 a------- c:\documents and settings\edward\WoW-2.2.3.7359-to-0.3.0.7382-enUS-patch.exe 2007-08-17 17:29 32 a----r-- c:\documents and settings\all users\hash.dat 2007-06-16 17:59 29 a------- c:\documents and settings\edward\break.dat 2007-06-16 17:59 0 ac------ c:\documents and settings\edward\Break.bat 2004-03-07 03:30 16 a------- c:\docume~1\edward\applic~1\QNVW601P.dll 2009-02-07 20:38 56 ---shr-- c:\windows\system32\3D2D32B15E.sys 2009-02-07 20:38 848 ac-sh--- c:\windows\system32\KGyGaAvL.sys ============= FINISH: 12:26:13.71 ===============

Attached Files



#23 extremeboy

extremeboy

    Retired WTT Malware Disintegrator Teacher

  • Authentic Member
  • PipPipPipPipPip
  • 1,433 posts

Posted 10 October 2009 - 10:57 AM

Hello.

Update Java to Version 6 Update 16

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Download and run OTL

  • Download OTL by OldTimer and save it to your desktop.
  • Double click on the Posted Image icon on your desktop. If you are using Vista, please right-click and select run as administrator
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • It will now begin to scan, please be paitent while it scans.
  • Two reports will open once it's done.
  • Please copy and paste them in your next reply:
  • OTL.txt <-- Will be opened
  • Extras.txt <-- Will be minimized


With Regards,
Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to Posted Image

#24 relaxtomato

relaxtomato

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 10 October 2009 - 11:36 AM

OTL only produced one log?



OTL logfile created on: 10/10/2009 1:31:05 PM - Run 2
OTL by OldTimer - Version 3.0.19.0 Folder = C:\Documents and Settings\Edward\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 525.07 Mb Available Physical Memory | 51.30% Memory free
2.40 Gb Paging File | 2.05 Gb Available in Paging File | 85.50% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 87.28 Gb Free Space | 37.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EDDIE
Current User Name: Edward
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/10 13:30:43 | 00,520,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Edward\Desktop\OTL.exe
PRC - [2009/09/19 13:10:59 | 01,799,952 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2009/09/19 13:10:21 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009/07/30 07:26:38 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/05/14 15:47:08 | 02,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/01/15 09:19:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2007/09/07 15:54:54 | 00,159,744 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razerhid.exe
PRC - [2007/09/04 19:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/05/07 15:35:14 | 00,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\DeathAdder\razerofa.exe
PRC - [2005/07/15 17:48:33 | 00,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (iPod Service [Unknown | Stopped])
SRV - [2009/09/19 13:10:21 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Unknown | Running])
SRV - [2009/05/14 15:54:22 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [Unknown | Stopped])
SRV - [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Unknown | Running])
SRV - [2009/01/15 09:19:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Unknown | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Unknown | Stopped])
SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [Unknown | Stopped])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Unknown | Stopped])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [Unknown | Stopped])
SRV - [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [Unknown | Stopped])
SRV - [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Unknown | Stopped])
SRV - [2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [Unknown | Stopped])
SRV - [2007/09/04 19:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService [Unknown | Running])
SRV - [2007/08/02 13:33:50 | 00,080,528 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\Mabinogi\npkcmsvc.exe -- (npkcmsvc [Unknown | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Unknown | Stopped])
SRV - [2006/08/16 07:58:05 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Unknown | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [Unknown | Stopped])
SRV - [2004/08/04 08:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Unknown | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/09/19 13:12:08 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect [Unknown | Running])
DRV - [2009/09/19 13:12:06 | 00,132,296 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys -- (cmdGuard [Unknown | Running])
DRV - [2009/09/19 13:12:06 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys -- (cmdHlp [Unknown | Running])
DRV - [2009/08/01 04:13:27 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Unknown | Running])
DRV - [2009/08/01 04:03:28 | 00,094,208 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\ezplay.sys -- (ezplay [Unknown | Stopped])
DRV - [2009/08/01 04:02:59 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [Unknown | Stopped])
DRV - [2009/07/23 15:44:04 | 00,002,368 | ---- | M] (AntiCracking) -- C:\WINDOWS\System32\SVKP.sys -- (SVKP [Unknown | Running])
DRV - [2009/05/20 15:43:31 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [Unknown | Running])
DRV - [2009/05/14 15:49:32 | 00,094,360 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir [Unknown | Running])
DRV - [2009/05/14 15:47:14 | 00,107,256 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys -- (ehdrv [Unknown | Running])
DRV - [2009/05/14 15:41:10 | 00,114,472 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon [Unknown | Running])
DRV - [2009/01/15 09:19:00 | 06,301,248 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [Unknown | Running])
DRV - [2008/06/20 05:52:06 | 00,225,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys -- (Tcpip6 [Unknown | Running])
DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [Unknown | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Unknown | Running])
DRV - [2007/11/09 20:54:52 | 00,278,984 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Unknown | Running])
DRV - [2007/11/09 20:54:52 | 00,025,416 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Unknown | Running])
DRV - [2007/09/04 19:26:32 | 00,029,696 | ---- | M] (NVidia Corp.) -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev [Unknown | Running])
DRV - [2007/08/14 19:02:08 | 00,037,088 | ---- | M] (Ray Hinchliffe) -- C:\WINDOWS\System32\Drivers\SIVX32.sys -- (SIVDRIVER [Unknown | Stopped])
DRV - [2007/08/02 17:32:26 | 00,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) -- C:\WINDOWS\System32\drivers\dadder.sys -- (DAdderFltr [Unknown | Running])
DRV - [2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Unknown | Running])
DRV - [2007/02/27 13:39:26 | 00,032,256 | ---- | M] () -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [Unknown | Running])
DRV - [2006/10/10 14:53:48 | 00,005,632 | ---- | M] () -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [Unknown | Running])
DRV - [2006/05/19 15:44:52 | 03,965,056 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [Unknown | Running])
DRV - [2006/02/16 18:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [Unknown | Stopped])
DRV - [2005/12/29 02:03:00 | 00,043,008 | R--- | M] (Best Buy Corporation ) -- C:\WINDOWS\System32\DRIVERS\dxe1015b.sys -- (FETNDISB [Unknown | Stopped])
DRV - [2005/11/21 01:48:20 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Unknown | Running])
DRV - [2005/11/02 10:54:44 | 00,011,596 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) -- C:\WINDOWS\System32\drivers\copperhd.sys -- (UsbFltr [Unknown | Stopped])
DRV - [2005/05/17 05:45:08 | 00,092,800 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata [Unknown | Running])
DRV - [2005/04/24 23:43:58 | 00,013,225 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) -- C:\WINDOWS\System32\Drivers\DB3G.sys -- (Razerlow [Unknown | Stopped])
DRV - [2005/04/05 15:22:30 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [Unknown | Running])
DRV - [2005/04/05 15:22:28 | 00,033,536 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [Unknown | Running])
DRV - [2005/01/04 14:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys -- (NPPTNT2 [Unknown | Stopped])
DRV - [2004/08/12 22:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [Unknown | Running])
DRV - [2004/08/04 08:00:00 | 00,088,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Unknown | Running])
DRV - [2004/08/04 08:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Unknown | Running])
DRV - [2004/08/04 08:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Unknown | Running])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [Unknown | Running])
DRV - [2004/08/03 19:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [Unknown | Running])
DRV - [2001/08/17 10:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msmpu401.sys -- (ms_mpu401 [Unknown | Running])
DRV - [1996/04/03 15:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\System32\giveio.sys -- (giveio [Unknown | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-746137067-152049171-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Disable Script Debugger Default = yes
IE - HKU\S-1-5-21-746137067-152049171-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,DisableScriptDebuggerIE Default = yes
IE - HKU\S-1-5-21-746137067-152049171-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-746137067-152049171-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\S-1-5-21-746137067-152049171-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-746137067-152049171-725345543-1004\S-1-5-21-746137067-152049171-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-746137067-152049171-725345543-1004\S-1-5-21-746137067-152049171-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.21.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.6
FF - prefs.js..extensions.enabledItems: {190b412f-3273-4922-9954-56e8bcb5e113}:0.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.07
FF - prefs.js..extensions.enabledItems: {F645A8C9-E969-42D9-B3F3-F325537222FD}:1.1.5
FF - prefs.js..extensions.enabledItems: sabnzbdstatus@dq5studios.com:1.0.10
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:1.1.3
FF - prefs.js..extensions.enabledItems: cfxe@Triton:3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/10 01:01:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/09 13:16:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2008/06/18 03:04:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Extensions
[2008/06/18 03:04:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/10 13:29:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions
[2009/08/07 12:53:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2007/10/29 15:25:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{190b412f-3273-4922-9954-56e8bcb5e113}
[2008/06/18 12:16:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{1ebc69c0-92ff-11dc-8314-0800200c9a66}
[2009/08/07 13:07:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2008/06/18 12:13:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2009/08/07 13:07:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a66}
[2009/09/28 18:14:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2008/06/18 04:01:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2009/10/10 13:29:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/08/07 12:53:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2007/04/14 18:12:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{8e12f188-352c-4476-8198-e9b8f4a4353a}(2)
[2009/09/28 18:14:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/10/10 13:29:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/08/07 13:07:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2007/04/15 01:58:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{caad1bbc-cf5d-9b9b-3a37-a1061684b0a7}
[2007/04/14 18:12:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{caad1bbc-cf5d-9b9b-3a37-a1061684b0a7}(2)
[2009/09/28 18:14:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/07 13:58:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2008/06/18 03:21:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{dd30bf68-268a-4815-ad48-8740b774c764}
[2009/09/28 18:15:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/09/28 18:14:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/08/07 12:54:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2009/01/25 19:49:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2009/07/10 21:17:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\battlefieldheroespatcher@ea.com
[2009/08/07 13:47:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\cfxe@Triton
[2009/09/17 19:45:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\chromifox@altmusictv.com
[2008/06/26 17:03:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\iaplayer@instantaction.com
[2009/06/15 15:46:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\moveplayer@movenetworks.com
[2009/08/01 02:43:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\mozilla\Firefox\Profiles\4zh2edl5.default\extensions\sabnzbdstatus@dq5studios.com
[2009/10/10 13:29:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/07 13:06:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/23 21:37:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/10/10 13:28:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/07/30 07:26:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/30 07:26:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 17:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2008/11/24 15:35:00 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/07/08 17:07:06 | 00,040,960 | ---- | M] (BYOND) -- C:\Program Files\mozilla firefox\plugins\npbyond.dll
[2009/10/10 13:28:36 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 14:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/12/10 20:33:34 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2007/05/07 17:32:56 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/07/30 07:26:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/08/03 23:10:49 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2009/01/08 19:13:21 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/01/08 19:13:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/01/08 19:13:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/01/08 19:13:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/01/08 19:13:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/01/08 19:13:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/01/08 19:13:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/01/08 19:13:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll
[2009/05/01 17:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/07/30 03:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 03:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 03:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 03:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 03:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 03:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 03:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-746137067-152049171-725345543-1004..\Run: [Google Update] C:\Documents and Settings\Edward\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-746137067-152049171-725345543-1004..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-152049171-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-152049171-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-746137067-152049171-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-746137067-152049171-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-746137067-152049171-725345543-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 44 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 44 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-746137067-152049171-725345543-1004\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} http://fishingchamp....GamesCampus.cab (GamesCampus Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.co...sreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1176515726406 (WUWebControl Class)
O16 - DPF: {77538FC7-CE52-4704-9865-494FE92BC320} http://www.ultimateb...o/launchubo.OCX (LaunchUBO.Ulit)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://disteng.neffi...ffyLauncher.cab (NeffyLauncherCtl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} http://gamedownload....GPlugin9USA.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/15 22:09:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/12 16:31:44 | 00,622,632 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autoruns.exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/25 19:53:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/10/08 17:14:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ID3-TagIT 3
[2009/09/19 16:12:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2009/09/25 19:56:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Application Data\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1
[2009/10/08 17:14:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Application Data\ID3-TagIT 3
[2009/10/08 17:08:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Application Data\Mp3tag
[2009/09/30 15:35:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Local Settings\Application Data\Introversion
[2009/09/25 19:53:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/09/22 12:08:30 | 00,000,000 | ---D | C] -- C:\Program Files\BlackIsle
[2009/09/13 18:49:12 | 00,000,000 | ---D | C] -- C:\Program Files\Castlevania - The Bloodletting V.1.3 BETA
[2009/09/24 12:56:09 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX
[2009/09/20 16:42:11 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/25 19:54:17 | 00,000,000 | ---D | C] -- C:\Program Files\GOG.com Downloader
[2009/10/08 17:14:05 | 00,000,000 | ---D | C] -- C:\Program Files\ID3-TagIT 3
[2009/09/30 15:34:49 | 00,000,000 | ---D | C] -- C:\Program Files\Multiwinia
[2009/09/28 00:22:25 | 00,000,000 | ---D | C] -- C:\Program Files\Ootake
[2009/10/03 19:45:52 | 00,000,000 | ---D | C] -- C:\Program Files\Sigma Team
[2009/09/30 17:44:31 | 00,000,000 | ---D | C] -- C:\Program Files\Stranded II
[2009/09/27 02:50:51 | 00,000,000 | ---D | C] -- C:\Program Files\The Shivah
[2009/09/21 12:12:24 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/01 17:59:36 | 00,000,000 | ---D | C] -- C:\Program Files\Wesnoth 1.4.1
[2009/10/10 13:30:22 | 00,520,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Edward\Desktop\OTL.exe
[2009/10/10 13:28:50 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/10 13:28:50 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/10 13:28:50 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/10 13:28:50 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/10/10 13:15:39 | 00,000,000 | ---D | C] -- C:\Sun
[2009/10/08 16:06:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Edward\My Documents\Soulseek Chat Logs
[2009/10/06 18:05:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Desktop\star_guard_0.95_pc
[2009/10/03 19:50:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Edward\My Documents\Zombie Shooter 2 Saves
[2009/10/02 12:15:14 | 00,000,000 | ---D | C] -- C:\World of Warcraft Public Test
[2009/10/02 12:10:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Edward\My Documents\3.0.1.8874 US PTR Installer
[2009/10/01 20:23:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Desktop\Runman
[2009/09/30 15:22:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Edward\My Documents\wurm
[2009/09/30 12:49:10 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/09/27 17:32:55 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/09/27 17:29:06 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/09/27 17:29:06 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/09/27 17:29:06 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/09/24 12:55:58 | 00,022,784 | ---- | C] (Razer (Asia-Pacific) Pte Ltd) -- C:\WINDOWS\System32\drivers\dadder.sys
[2009/09/24 12:55:54 | 00,031,104 | ---- | C] (Cypress Semiconductor) -- C:\WINDOWS\System32\drivers\CYUSB.sys
[2009/09/24 12:55:43 | 00,073,728 | ---- | C] (Razer Inc.) -- C:\WINDOWS\System32\DeathAdder.cpl
[2009/09/19 13:28:12 | 00,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2009/09/19 13:28:11 | 00,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2009/09/19 13:28:10 | 01,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2009/09/19 13:28:08 | 05,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2009/09/19 13:28:07 | 00,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2009/09/19 13:28:06 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2009/09/19 13:28:05 | 01,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2009/09/15 23:22:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Edward\My Documents\Rawr v2.2.16
[2009/08/01 04:03:28 | 00,094,208 | ---- | C] (VSO Software) -- C:\Documents and Settings\Edward\Application Data\ezplay.sys
[2009/08/01 04:02:59 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Edward\Application Data\pcouffin.sys
[2008/07/03 04:39:02 | 00,103,424 | ---- | C] ( ) -- C:\WINDOWS\System32\nUI_nat.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/10/10 13:30:43 | 00,520,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Edward\Desktop\OTL.exe
[2009/10/10 13:28:35 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/10 13:28:35 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/10 13:28:35 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/10 13:28:35 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/10/10 13:28:31 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/10/10 13:26:36 | 00,000,095 | ---- | M] () -- C:\WINDOWS\System32\productregistry
[2009/10/10 13:23:00 | 00,198,464 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/10/10 13:22:42 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/10 13:21:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/10 13:21:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/10 13:16:02 | 00,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-152049171-725345543-1004UA.job
[2009/10/10 13:16:01 | 00,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-152049171-725345543-1004Core.job
[2009/10/08 16:47:24 | 00,111,616 | ---- | M] () -- C:\Documents and Settings\Edward\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/07 20:34:19 | 00,002,425 | ---- | M] () -- C:\Documents and Settings\Edward\Desktop\Paint Shop Pro 7.lnk
[2009/10/04 13:30:41 | 00,000,292 | ---- | M] () -- C:\WINDOWS\tasks\Defraggler Volume C Task.job
[2009/10/04 03:20:54 | 01,552,344 | -H-- | M] () -- C:\Documents and Settings\Edward\Local Settings\Application Data\IconCache.db
[2009/10/02 15:30:39 | 00,000,011 | ---- | M] () -- C:\WINDOWS\tekkyuuman.INI
[2009/09/30 12:31:13 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/29 18:28:40 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/27 17:33:03 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/09/26 00:56:13 | 00,000,453 | ---- | M] () -- C:\WINDOWS\fred2_open_3_6_10d.INI
[2009/09/26 00:52:57 | 00,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2009/09/26 00:52:57 | 00,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2009/09/22 12:09:31 | 00,052,736 | ---- | M] (Interplay Productions) -- C:\WINDOWS\ipuninst.exe
[2009/09/20 14:33:50 | 00,331,873 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090920-143437.backup
[2009/09/19 18:04:51 | 00,000,139 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dungeon Fighter Online.url
[2009/09/19 13:12:09 | 00,179,792 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/09/19 13:12:08 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/09/19 13:12:06 | 00,132,296 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/09/19 13:12:06 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/09/18 13:34:01 | 00,138,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/18 02:27:20 | 00,028,024 | ---- | M] () -- C:\Documents and Settings\Edward\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files - No Company Name ==========
[2009/10/10 13:16:57 | 00,000,095 | ---- | C] () -- C:\WINDOWS\System32\productregistry
[2009/10/02 15:30:38 | 00,000,011 | ---- | C] () -- C:\WINDOWS\tekkyuuman.INI
[2009/09/28 00:38:34 | 01,048,576 | ---- | C] () -- C:\BS Super E.D.F. (J).smc
[2009/09/27 17:33:03 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/09/27 17:32:59 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/09/27 17:29:07 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/09/27 17:29:06 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/09/27 17:29:06 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/09/27 17:29:06 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/09/26 00:56:13 | 00,000,453 | ---- | C] () -- C:\WINDOWS\fred2_open_3_6_10d.INI
[2009/09/19 18:04:51 | 00,000,139 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dungeon Fighter Online.url
[2009/08/09 22:30:04 | 00,005,120 | ---- | C] () -- C:\Program Files\WordPad Document Scrap 'C__Program Files...'.shs
[2009/08/07 21:19:10 | 00,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/08/01 04:03:36 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\Edward\Application Data\ezplay.log
[2009/08/01 04:03:28 | 00,007,861 | ---- | C] () -- C:\Documents and Settings\Edward\Application Data\ezplay.cat
[2009/08/01 04:03:28 | 00,001,104 | ---- | C] () -- C:\Documents and Settings\Edward\Application Data\ezplay.inf
[2009/08/01 04:03:28 | 00,000,125 | ---- | C] () -- C:\Documents and Settings\Edward\Application Data\ezplay.ini
[2009/08/01 04:03:26 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\Edward\Application Data\pcouffin.log
[2009/08/01 04:02:59 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Edward\Application Data\pcouffin.cat
[2009/08/01 04:02:59 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Edward\Application Data\pcouffin.inf
[2009/08/01 03:44:09 | 00,000,281 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\nbinst.ini
[2009/07/23 14:18:17 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/07/23 14:18:17 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/07/23 14:18:17 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/06/03 19:36:31 | 00,000,272 | ---- | C] () -- C:\WINDOWS\tango.ini
[2009/02/27 18:15:43 | 00,139,152 | ---- | C] () -- C:\Documents and Settings\Edward\Application Data\PnkBstrK.sys
[2009/02/13 02:43:24 | 00,000,078 | ---- | C] () -- C:\WINDOWS\CheetaChat.INI
[2009/02/07 20:38:45 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\3D2D32B15E.sys
[2009/02/07 20:38:40 | 00,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/02/02 23:33:17 | 00,003,710 | ---- | C] () -- C:\WINDOWS\YAHELITE.INI
[2009/01/20 20:31:07 | 00,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2009/01/02 00:13:05 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/11/06 12:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 12:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 12:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/12 23:11:40 | 00,000,107 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2008/07/06 13:37:28 | 00,000,022 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2008/06/26 16:10:46 | 00,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2008/06/22 16:36:54 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/04/13 18:20:07 | 00,000,197 | -HS- | C] () -- C:\Program Files\Common Files\maxtreme.dat
[2008/04/13 15:22:03 | 00,941,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamthWDM.sys
[2008/02/02 15:39:50 | 00,001,568 | ---- | C] () -- C:\Documents and Settings\Edward\Application Data\mpauth.dat
[2008/01/08 16:26:10 | 00,000,088 | ---- | C] () -- C:\WINDOWS\StyleBuilder.INI
[2007/12/17 14:03:27 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/11/26 22:56:28 | 00,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/11/09 20:54:52 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007/11/09 20:54:52 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007/08/13 00:26:38 | 01,552,344 | -H-- | C] () -- C:\Documents and Settings\Edward\Local Settings\Application Data\IconCache.db
[2007/06/03 18:32:13 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2007/06/03 18:32:10 | 00,573,503 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2007/05/28 14:06:35 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/05/24 13:08:10 | 00,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll
[2007/03/19 18:01:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/03/12 12:01:30 | 00,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2007/03/09 11:15:22 | 00,299,008 | ---- | C] () -- C:\WINDOWS\System32\ELVideoCapture.dll
[2006/12/17 14:49:55 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/10/16 17:27:42 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Q3version.ini
[2006/10/11 17:26:15 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2006/09/06 21:59:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2006/07/21 15:25:42 | 00,002,917 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/09 16:33:11 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/06/02 19:08:34 | 00,111,616 | ---- | C] () -- C:\Documents and Settings\Edward\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/22 14:58:05 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Edward\Local Settings\Application Data\fusioncache.dat
[2006/05/15 22:19:12 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/05/15 22:17:23 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/05/15 22:16:42 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2006/05/15 22:16:42 | 00,005,700 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/05/15 22:16:39 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/05/15 22:15:44 | 00,028,024 | ---- | C] () -- C:\Documents and Settings\Edward\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/05/15 22:13:01 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Edward\Application Data\desktop.ini
[2006/05/15 18:00:25 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/04/13 11:30:06 | 01,073,152 | ---- | C] () -- C:\WINDOWS\System32\libmysql_c.dll
[2005/12/10 07:06:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/12/10 07:06:00 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/12/10 07:06:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/12/10 07:06:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/12/10 07:06:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/10 07:06:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/08/30 01:00:00 | 00,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll
[2005/08/30 01:00:00 | 00,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll
[2005/08/30 01:00:00 | 00,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll
[2004/08/04 08:00:00 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/08/04 08:00:00 | 00,000,952 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/03/07 03:30:24 | 00,000,016 | ---- | C] () -- C:\Documents and Settings\Edward\Application Data\QNVW601P.dll
[2003/01/05 00:42:42 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[1996/04/03 15:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >

#25 extremeboy

extremeboy

    Retired WTT Malware Disintegrator Teacher

  • Authentic Member
  • PipPipPipPipPip
  • 1,433 posts

Posted 10 October 2009 - 12:32 PM

Hello.

That's fine since it's the second run.

Looks fine.

Please follow/read the steps below to remove the tools we used, purge a system restore and for some more information. :)

Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Create a New System Restore Point<- Very Important

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

System A bit Slow? Try StartupLight

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

Congratulations! You now appear clean! :D

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:

  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

Disable Autorun on Flash-Drive/Removable Drives

When is AUTORUN.INF really an AUTORUN.INF?

USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)...


Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!.

If using Windows Vista, please refer to:
"Disable AutoPlay in Windows Vista"
"Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel"

Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.

Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks :)

With Regards,
Extremeboy

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to Posted Image

    Advertisements

Register to Remove


#26 relaxtomato

relaxtomato

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 10 October 2009 - 12:47 PM

Thanks a ton for the help. One last thing, all of the icons on my desktop were renamed so that they all end with .Ink. If I try to rename them, I can't use them. Is there a way to rename them to just My Computer and My Documents? Not sure how this happened. Edit: I went into Control Panel > Folder Options and checked Hide extensions for known file types. I guess that worked.

Edited by relaxtomato, 10 October 2009 - 12:57 PM.


#27 extremeboy

extremeboy

    Retired WTT Malware Disintegrator Teacher

  • Authentic Member
  • PipPipPipPipPip
  • 1,433 posts

Posted 10 October 2009 - 08:26 PM

Glad you resolved it. Happy surfing and good luck in the future then. I'll close this topic shortly. Take care, Extremeboy
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to Posted Image

#28 extremeboy

extremeboy

    Retired WTT Malware Disintegrator Teacher

  • Authentic Member
  • PipPipPipPipPip
  • 1,433 posts

Posted 10 October 2009 - 08:27 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

The help you receive here is free. If you wish to show your appreciation, you may wish to Posted Image

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users