Edited by DCShoesRocking, 04 November 2010 - 09:46 PM.
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Something seriously wrong with my CPU Help NEEDED
Started by
DCShoesRocking
, Nov 04 2010 09:45 PM
-
This topic is locked
30 replies to this topic
#1
DCShoesRocking
-
- Authentic Member
-
- 26 posts
Authentic Member
Posted 04 November 2010 - 09:45 PM
Register to Remove
#2
mowman
-
- Malware Team
-
- 2,669 posts
SuperMember
Posted 05 November 2010 - 04:53 AM
Hello,
Welcome to WhatTheTech. My name is mowman, and I will be helping you fix your problems.
If you do not make a reply in 3 days, we will have to close your topic.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this topic. The topics you are tracking can be found by clicking on My Topics at the top of any page.
Please take note of some guidelines for this fix:
•Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
•If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
•Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
•Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
Only attach them if requested or if they do not fit into the post
Please download Rkill and save to desktop.
Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes from Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again
Next
Download GMER Rootkit Scanner from here or here.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
If GMER won't run try with devices unchecked.If still no go try in safe mode.
In your next reply please post the following.
Welcome to WhatTheTech. My name is mowman, and I will be helping you fix your problems.
If you do not make a reply in 3 days, we will have to close your topic.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this topic. The topics you are tracking can be found by clicking on My Topics at the top of any page.
Please take note of some guidelines for this fix:
•Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
•If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
•Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
•Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
Only attach them if requested or if they do not fit into the post
Please download Rkill and save to desktop.
Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes from Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again
Next
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Check the boxes beside LOP Check and Purity Check.
- Under Custom Scan paste this in
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
- You may need two posts to fit them both in.
Download GMER Rootkit Scanner from here or here.
- Extract the contents of the zipped file to desktop.
- Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
- If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
Click the image to enlarge it
- In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
- Save it where you can easily find it, such as your desktop, and attach it in your reply.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
If GMER won't run try with devices unchecked.If still no go try in safe mode.
In your next reply please post the following.
- Both OTL logs
- GMER log
#3
DCShoesRocking
-
- Authentic Member
-
- 26 posts
Authentic Member
Posted 06 November 2010 - 12:52 AM
The OTL Logs
OTL logfile created on: 11/6/2010 12:27:46 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\andrew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 9.59 Gb Free Space | 6.43% Space Free | Partition Type: NTFS
Computer Name: HP12902580339 | User Name: andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\andrew\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\VEXPLite\MONLITE.EXE (TG Soft S.a.s. - www.tgsoft.it)
PRC - C:\VEXPLite\VIRITSVC.EXE (TG Soft Sas www.tgsoft.it)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Process Lasso\ProcessLasso.exe (Bitsum Technologies)
PRC - C:\Program Files\Process Lasso\ProcessGovernor.exe (Bitsum Technologies)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Verizon\VSP\ServicepointService.exe (Radialpoint Inc.)
PRC - C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\andrew\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
========== Win32 Services (SafeList) ==========
SRV - (Windows Storage Service v2.0) -- C:\WINDOWS\csrss\csrss.exe File not found
SRV - (DfSdkS) -- File not found
SRV - (Apple Mobile Device) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_062a651.dll ()
SRV - (viritsvclite) -- C:\VEXPLite\VIRITSVC.EXE (TG Soft Sas www.tgsoft.it)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (ServicepointService) -- C:\Program Files\Verizon\VSP\ServicepointService.exe (Radialpoint Inc.)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
========== Driver Services (SafeList) ==========
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (FreshIO) -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (nocashio) -- C:\WINDOWS\system32\drivers\nocashio.sys ()
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (VIRAGTLT) -- C:\WINDOWS\system32\drivers\VIRAGTLT.SYS (TG Soft S.a.s.)
DRV - (AnyDVD) -- C:\WINDOWS\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\WINDOWS\System32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (FSLX) -- C:\WINDOWS\system32\drivers\fslx.sys (Altiris, Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (e1yexpress) Intel® -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (xusb21) -- C:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ElbyDelay) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (ActionReplayDS) -- C:\WINDOWS\system32\drivers\ActionReplayDS.sys (Thesycon GmbH, Germany)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel® Corporation)
DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel® Corporation)
DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel® Corporation)
DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel® Corporation)
DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel® Corporation)
DRV - (adpu320) -- C:\WINDOWS\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (USBIO) USBIO Driver (usbio.sys) -- C:\WINDOWS\system32\drivers\usbio.sys (Thesycon GmbH, Germany)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.ijji.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.daemon-se...age|google.com"
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.99999
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/04/24 07:47:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/04/24 07:47:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/08/06 02:27:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/09/02 23:02:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 07:38:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 07:38:23 | 000,000,000 | ---D | M]
[2010/04/09 11:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\Mozilla\Extensions
[2010/11/05 00:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions
[2010/05/02 05:35:51 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010/10/22 00:57:58 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/11/02 23:48:55 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/04/27 18:54:13 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010/08/09 08:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\DTToolbar@toolbarnet.com
[2010/10/26 20:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\toolbar@ask.com
[2010/04/07 16:16:11 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\searchplugins\aim-search.xml
[2010/11/02 23:48:36 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\searchplugins\AOL Search.xml
[2010/04/19 01:35:44 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\searchplugins\askcom.xml
[2010/04/27 19:29:43 | 000,000,873 | ---- | M] () -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\searchplugins\conduit.xml
[2010/08/09 08:21:54 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\searchplugins\daemon-search.xml
[2010/11/05 00:26:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/16 22:04:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/19 22:14:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2010/11/02 23:48:36 | 000,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml
[2010/08/04 14:52:38 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
O1 HOSTS File: ([2010/05/06 05:49:47 | 000,000,060 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi0.dll (Conduit Ltd.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - Disabled:{5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Value error. File not found
O2 - BHO: (no name) - Disabled:{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - Reg Error: Value error. File not found
O2 - BHO: (no name) - Disabled:{9030D464-4C02-4ABF-8ECC-5164760863C6} - Reg Error: Value error. File not found
O2 - BHO: (no name) - Disabled:{A057A204-BACC-4D26-8398-26FADCF27386} - Reg Error: Value error. File not found
O2 - BHO: (no name) - Disabled:{d2ce3e00-f94a-4740-988e-03dc2f38c34f} - Reg Error: Value error. File not found
O2 - BHO: (no name) - Disabled:{DBC80044-A445-435b-BC74-9C25C1C588A9} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfi0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [ProcessGovernor] C:\Program Files\Process Lasso\ProcessGovernor.exe (Bitsum Technologies)
O4 - HKLM..\Run: [ProcessLassoManagementConsole] C:\Program Files\Process Lasso\ProcessLasso.exe (Bitsum Technologies)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VIRIT LITE MONITOR] C:\VEXPLite\MONLITE.EXE (TG Soft S.a.s. - www.tgsoft.it)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Documents and Settings\andrew\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O9 - Extra 'Tools' menuitem : WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...20Installer.cab (Reg Error: Value error.)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} http://w4s.work4sure...ge/w4sgeen9.exe (Reg Error: Value error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsec...r/cascanner.cab (Reg Error: Value error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\andrew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\andrew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 30 Days ==========
[2010/11/06 00:25:01 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\andrew\Desktop\OTL.exe
[2010/11/04 07:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010/11/04 06:49:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\New Folder
[2010/11/02 23:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/11/02 23:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Application Data\acccore
[2010/11/02 23:48:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Local Settings\Application Data\AIM
[2010/11/02 23:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/11/02 23:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/11/02 23:47:46 | 007,541,896 | ---- | C] (AOL Inc.) -- C:\Documents and Settings\andrew\Desktop\Install_AIM.exe
[2010/11/02 01:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\Saves
[2010/11/02 01:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\DS Emulator
[2010/11/02 01:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\Language
[2010/11/02 01:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\pBlackV5
[2010/11/02 00:40:05 | 000,633,344 | ---- | C] (Actarus) -- C:\Documents and Settings\andrew\Desktop\ideas.exe
[2010/10/29 18:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla ActiveX Control v1.7.12
[2010/10/29 18:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/10/29 18:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[2010/10/27 05:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\C4D's
[2010/10/27 00:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\MapleStory Goodies wink wink
[2010/10/25 17:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\Binverse
[2010/10/23 00:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Application Data\Ventrilo
[2010/10/23 00:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010/10/23 00:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/10/20 03:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Local Settings\Application Data\Shoddy Battle
[2010/10/16 21:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Local Settings\Application Data\Google
[2010/10/14 22:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\cxmb
[2010/10/07 20:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\SEPLUGINS
[2010/10/07 19:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\MSH vs SF (Killah)
========== Files - Modified Within 30 Days ==========
[2010/11/06 00:27:45 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-538191299-4278470755-1679196534-1009.job
[2010/11/06 00:27:45 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-538191299-4278470755-1679196534-1009.job
[2010/11/06 00:25:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\andrew\Desktop\OTL.exe
[2010/11/06 00:23:38 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\rkill.com
[2010/11/06 00:17:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/06 00:17:48 | 2110,963,712 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/04 22:58:48 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-538191299-4278470755-1679196534-1010.job
[2010/11/04 22:58:48 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-538191299-4278470755-1679196534-1010.job
[2010/11/04 17:49:18 | 000,941,568 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Simple Disconnector.dll
[2010/11/04 13:24:29 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/11/04 10:12:25 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/04 07:08:47 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/03 23:44:48 | 000,039,336 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\popupthing.JPG
[2010/11/03 02:25:57 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Talisman Online.lnk
[2010/11/03 01:10:42 | 000,001,470 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shaiya.lnk
[2010/11/02 23:48:41 | 000,000,909 | -H-- | M] () -- C:\IPH.PH
[2010/11/02 23:48:35 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/11/02 23:48:35 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/11/02 23:48:04 | 007,541,896 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\andrew\Desktop\Install_AIM.exe
[2010/11/02 18:39:39 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/11/02 18:39:39 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/11/02 02:03:57 | 000,210,208 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\SEXY.JPG
[2010/11/02 01:07:04 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Software.ini
[2010/11/01 21:01:02 | 000,140,752 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\crazygodly.JPG
[2010/10/30 10:36:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/29 13:21:19 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-538191299-4278470755-1679196534-1008.job
[2010/10/29 13:21:19 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-538191299-4278470755-1679196534-1008.job
[2010/10/28 03:09:39 | 000,002,467 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Rapeshoddy2
[2010/10/27 21:40:44 | 000,002,432 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Sandstormshoddy
[2010/10/27 05:54:30 | 001,717,388 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Sig.psd
[2010/10/27 04:57:18 | 000,156,437 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Radiance2.jpg
[2010/10/27 04:56:35 | 000,442,867 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Radiance.jpg
[2010/10/26 23:33:23 | 000,002,391 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\ShoddyRainDancing
[2010/10/25 19:24:25 | 000,008,412 | ---- | M] () -- C:\Final Fantasy 6 Advance.clt
[2010/10/25 00:29:48 | 000,125,737 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\godlyclaw.JPG
[2010/10/23 00:08:22 | 000,000,262 | ---- | M] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/23 00:08:21 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2010/10/23 00:07:26 | 003,196,328 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\ventrilo-3.0.5-Windows-i386.exe
[2010/10/21 21:20:28 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\ShoddyBattleTeam
[2010/10/21 01:51:17 | 000,002,474 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Rapeshoddy
[2010/10/21 00:56:50 | 000,253,969 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Sheesh#1.jpg
[2010/10/20 15:53:56 | 000,134,020 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\20attsock.JPG
[2010/10/20 03:28:43 | 000,001,902 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Shoddy Battle.lnk
[2010/10/19 23:44:01 | 000,116,844 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\omgzMAPLE.JPG
[2010/10/18 23:55:06 | 000,370,990 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\1018101652a.jpg
[2010/10/16 03:11:14 | 000,129,055 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\blizzeffect.JPG
[2010/10/15 16:19:58 | 000,265,533 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\FRESH.JPG
[2010/10/15 15:18:18 | 000,529,717 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\IMG00466-20101015-1618.jpg
[2010/10/15 02:39:41 | 000,045,165 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\l_3c1d6b41048c4fe7b7e97b0183899b63.jpg
[2010/10/14 21:04:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb6c04ef454c5a.job
[2010/10/13 15:21:15 | 000,015,674 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Logo_Ralph_LaurenBlack.jpg
[2010/10/12 00:27:24 | 000,137,299 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\lv103hermitdmg.JPG
[2010/10/11 21:55:42 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-538191299-4278470755-1679196534-1011.job
[2010/10/11 21:55:42 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-538191299-4278470755-1679196534-1011.job
[2010/10/08 19:14:08 | 000,131,437 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Amazen skanda.JPG
[2010/10/08 06:12:36 | 000,633,344 | ---- | M] (Actarus) -- C:\Documents and Settings\andrew\Desktop\ideas.exe
[2010/10/07 19:28:20 | 311,339,105 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\MSH vs SF (Killah ver).rar
========== Files Created - No Company Name ==========
[2010/11/06 00:23:38 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\rkill.com
[2010/11/05 05:52:58 | 000,941,568 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Simple Disconnector.dll
[2010/11/03 23:44:48 | 000,039,336 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\popupthing.JPG
[2010/11/03 02:25:57 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Talisman Online.lnk
[2010/11/03 01:10:42 | 000,001,470 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shaiya.lnk
[2010/11/02 23:48:35 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/11/02 23:48:35 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/11/02 01:05:59 | 000,210,208 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\SEXY.JPG
[2010/11/02 01:03:36 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Software.ini
[2010/11/01 21:01:02 | 000,140,752 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\crazygodly.JPG
[2010/10/28 03:09:39 | 000,002,467 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Rapeshoddy2
[2010/10/27 05:54:27 | 001,717,388 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Sig.psd
[2010/10/27 04:57:17 | 000,156,437 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Radiance2.jpg
[2010/10/27 04:56:31 | 000,442,867 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Radiance.jpg
[2010/10/26 23:33:23 | 000,002,391 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\ShoddyRainDancing
[2010/10/25 19:24:25 | 000,008,412 | ---- | C] () -- C:\Final Fantasy 6 Advance.clt
[2010/10/25 00:29:47 | 000,125,737 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\godlyclaw.JPG
[2010/10/24 06:34:37 | 000,002,432 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Sandstormshoddy
[2010/10/23 00:08:21 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2010/10/23 00:07:56 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/23 00:07:09 | 003,196,328 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\ventrilo-3.0.5-Windows-i386.exe
[2010/10/21 01:51:17 | 000,002,474 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Rapeshoddy
[2010/10/20 18:00:42 | 000,253,969 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Sheesh#1.jpg
[2010/10/20 15:53:56 | 000,134,020 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\20attsock.JPG
[2010/10/20 03:51:25 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\ShoddyBattleTeam
[2010/10/20 03:28:43 | 000,001,902 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Shoddy Battle.lnk
[2010/10/20 00:12:00 | 000,370,990 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\1018101652a.jpg
[2010/10/19 23:44:01 | 000,116,844 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\omgzMAPLE.JPG
[2010/10/16 03:11:14 | 000,129,055 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\blizzeffect.JPG
[2010/10/15 16:20:05 | 000,529,717 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\IMG00466-20101015-1618.jpg
[2010/10/15 16:19:58 | 000,265,533 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\FRESH.JPG
[2010/10/15 02:39:40 | 000,045,165 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\l_3c1d6b41048c4fe7b7e97b0183899b63.jpg
[2010/10/14 21:04:36 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb6c04ef454c5a.job
[2010/10/13 15:21:15 | 000,015,674 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Logo_Ralph_LaurenBlack.jpg
[2010/10/12 00:27:23 | 000,137,299 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\lv103hermitdmg.JPG
[2010/10/08 19:14:07 | 000,131,437 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Amazen skanda.JPG
[2010/10/07 18:07:45 | 311,339,105 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\MSH vs SF (Killah ver).rar
[2010/08/01 15:20:17 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/12 15:15:41 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/07/12 15:15:01 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2010/07/12 15:14:00 | 000,000,058 | ---- | C] () -- C:\WINDOWS\EPSPRX580.ini
[2010/07/11 10:46:23 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/06/14 12:33:34 | 001,914,216 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2010/06/12 19:02:58 | 000,002,554 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/05/24 12:34:04 | 000,697,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/05/02 05:30:20 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\uc_karos_launching.dll
[2010/04/30 02:42:44 | 000,000,050 | -H-- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/04/29 17:20:05 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2010/04/29 10:28:05 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/04/23 20:10:38 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/05 18:46:02 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\andrew\Local Settings\Application Data\setup.txt
[2010/03/18 00:06:50 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2010/03/17 23:53:09 | 000,154,992 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/17 23:47:02 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4964.dll
[2010/03/17 23:01:03 | 000,000,758 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2010/03/02 20:00:00 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/03/02 20:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/03/02 20:00:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/03/02 20:00:00 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/02 20:00:00 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/03/02 20:00:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/03/02 20:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/03/02 20:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/03/02 20:00:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/03/02 20:00:00 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/03/02 20:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/03/02 20:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/03/02 20:00:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/03/02 20:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/03/02 20:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/03/02 20:00:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/03/02 20:00:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/14 14:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/11/14 14:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/11/14 14:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/11/14 14:11:42 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/11/14 14:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/11/14 14:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/11/14 14:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/11/14 14:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/11/14 14:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/11/14 14:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009/06/07 12:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/10 20:30:38 | 000,054,608 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2006/04/25 20:31:56 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
========== LOP Check ==========
[2010/11/02 23:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/04/07 16:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/07/13 17:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/08/09 08:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/06/18 00:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/08/01 23:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/07/13 17:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/07/04 14:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/08/01 15:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/10 05:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/06/14 13:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MD_Data
[2010/06/17 16:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSNDynFiles
[2010/04/07 16:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/05/01 12:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/08/02 01:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2010/04/05 18:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/05/29 14:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SnitchPlusData
[2010/08/04 02:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/05 19:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/05/04 07:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZapShares
[2010/03/18 00:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/04/09 17:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/01 15:33:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}
[2010/11/02 23:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\acccore
[2010/08/09 08:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\DAEMON Tools Lite
[2010/08/09 08:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\DAEMON Tools Pro
[2010/08/17 04:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\ElevatedDiagnostics
[2010/11/04 07:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\FrostWire
[2010/05/02 19:57:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\andrew\Application Data\ijjigame
[2010/08/12 19:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\ImgBurn
[2010/08/04 13:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\ProcessLasso
[2010/04/10 16:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\Search Settings
[2010/08/28 22:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\SystemRequirementsLab
[2010/08/19 01:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\uTorrent
[2010/04/10 16:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\YouTube Downloader
[2004/08/04 03:56:50 | 000,000,004 | -HS- | M] () -- C:\WINDOWS\Tasks\FOLDER.TSX
[2010/08/05 08:05:08 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/03/17 21:17:10 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/04/16 01:50:00 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/05/17 19:30:24 | 000,036,580 | ---- | M] () -- C:\ComboFix.txt
[2010/10/25 19:24:25 | 000,008,412 | ---- | M] () -- C:\Final Fantasy 6 Advance.clt
[2010/11/06 00:17:48 | 2110,963,712 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/24 08:51:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/11/02 23:48:41 | 000,000,909 | -H-- | M] () -- C:\IPH.PH
[2010/11/04 19:08:07 | 000,089,914 | ---- | M] () -- C:\MP4debug.log
[2010/05/29 13:49:19 | 000,000,072 | ---- | M] () -- C:\msbasppl.syn
[2010/04/24 08:51:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2002/08/11 00:00:00 | 000,000,035 | ---- | M] () -- C:\mst26v.syn
[2010/08/12 19:31:13 | 787,289,664 | ---- | M] () -- C:\MVC2.BIN
[2010/08/12 19:31:13 | 000,000,176 | ---- | M] () -- C:\MVC2.CUE
[2010/06/16 17:09:06 | 000,001,098 | ---- | M] () -- C:\NTDClient.log
[2006/02/27 22:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/04/16 21:40:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/06 00:17:38 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/11/06 00:24:48 | 000,000,394 | ---- | M] () -- C:\rkill.log
[2010/09/20 23:06:50 | 000,008,412 | ---- | M] () -- C:\Zoids - Legacy.clt
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/04/25 13:31:26 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
[2006/11/15 07:00:58 | 000,473,403 | -H-- | M] () -- C:\WINDOWS\hp2_1024x768.jpg
[2006/11/15 06:45:40 | 000,366,564 | -H-- | M] () -- C:\WINDOWS\hp3_1024x768.jpg
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2007/08/18 22:16:44 | 000,549,888 | -H-- | M] () -- C:\WINDOWS\TheMatrix.scr
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2006/04/25 13:17:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/04/25 13:17:52 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/04/25 13:17:50 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/04/16 21:46:27 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
< %systemroot%\system32\config\systemprofile\*.dat /x >
[2010/03/18 00:04:42 | 000,000,152 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\BCM_DropUserDatabases.txt
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/04/16 21:51:56 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2006/04/25 18:41:10 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
< %USERPROFILE%\Desktop\*.exe >
[2010/09/01 08:36:40 | 000,339,257 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\CleanUp452.exe
[2010/10/08 06:12:36 | 000,633,344 | ---- | M] (Actarus) -- C:\Documents and Settings\andrew\Desktop\ideas.exe
[2010/11/02 23:48:04 | 007,541,896 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\andrew\Desktop\Install_AIM.exe
[2010/11/06 00:25:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\andrew\Desktop\OTL.exe
[2010/10/23 00:07:26 | 003,196,328 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\ventrilo-3.0.5-Windows-i386.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2010/04/16 21:51:56 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\andrew\Favorites\Desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
[2010/11/06 00:27:45 | 000,049,152 | -HS- | M] () -- C:\Documents and Settings\andrew\Cookies\index.dat
< %SystemRoot%\system32\fonts\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-04-08 08:46:27
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B61A2D1
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:890CC2F3
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D06A4C76
< End of report >
OTL Extras logfile created on: 11/6/2010 12:27:46 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\andrew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 9.59 Gb Free Space | 6.43% Space Free | Partition Type: NTFS
Computer Name: HP12902580339 | User Name: andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57999:TCP" = 57999:TCP:*:Enabled:Pando Media Booster
"57999:UDP" = 57999:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"58960:TCP" = 58960:TCP:*:Enabled:Pando Media Booster
"58960:UDP" = 58960:UDP:*:Enabled:Pando Media Booster
"57999:TCP" = 57999:TCP:*:Enabled:Pando Media Booster
"57999:UDP" = 57999:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1038:TCP" = 1038:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\All Users\Documents\uTorrent.exe" = C:\Documents and Settings\All Users\Documents\uTorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Verizon\VSP\ServicepointService.exe" = C:\Program Files\Verizon\VSP\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004098A1-0362-4C42-A1C3-CAD436CFF4A1}" = YouTube Downloader Toolbar v1.0
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0F5BC8D3-3741-4542-AF00-51202A9FD357}" = VirIT eXplorer Lite
"{146E206D-7D2C-493A-B431-1F1D16E822AF}" = MobileMe Control Panel
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus Photo RX580 Scanner Driver Update
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2266312B-3502-41EE-82CD-8DC62276D87B}" = Vz In Home Agent
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{30283233-3BE6-473D-A47C-ED964A2F78B4}_is1" = Inpaint 2.4
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.106e
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7BDD6642-76D6-49F7-9157-6100E5C75B97}" = Vz In Home Agent
"{7D8DBB7C-1C55-4950-A107-043C164F379A}" = Altiris Software Virtualization Agent
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BBB19C0-1FE1-4A4E-B25F-C9E1B0497EC5}" = Shaiya(US)
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.9.462
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF4720EC-795A-4DE4-8A03-F80C52256E03}" = SCG Route 2.20 NT
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel® Network Connections 13.1.33.0
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E3D4F451-5F04-4082-BE21-1C0C1ADF5014}" = Vz In Home Agent
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FC274982-5AAD-4C20-848D-4424A5043009}_is1" = WinUtilities 9.7 Professional Edition
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AIM Search" = AIM Search
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"AnyDVD" = AnyDVD
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"AutocompletePro3_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager for Outlook 2007" = Business Contact Manager for Outlook 2007
"CleanUp!" = CleanUp!
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.9.1
"Complete Cleanup Trial_is1" = Complete Cleanup Trial
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Fraps" = Fraps (remove only)
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.4
"FrostWire" = FrostWire 4.20.7
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel® Graphics Media Accelerator Driver
"HitmanPro35" = Hitman Pro 3.5
"iCare Data Recovery_is1" = iCare Data Recovery 3.8.1
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"JixeySearchHelper" = Jixey Search Helper
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapleStory" = MapleStory
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Multi Virus Cleaner 2009_is1" = Multi Virus Cleaner 2009
"PDF Complete" = PDF Complete
"ProcessLasso" = Process Lasso
"QuickTime Converter_is1" = QuickTime Converter 2.1
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.5.10
"RealPlayer 12.0" = RealPlayer
"Software Informer_is1" = Software Informer 1.0 BETA
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Tansee iPod Transfer_is1" = Tansee iPod Transfer v3.8
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Verizon Broadband Toolbar Firefox only" = Verizon Broadband Toolbar Firefox only
"Verizon Help and Support" = Verizon Help and Support Tool
"verizon_broad" = Verizon Broadband Toolbar (IE only)
"VirIT eXplorer Lite" = VirIT eXplorer Lite
"vReveal" = vReveal
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"WinAVI FLV Converter 1.0_is1" = WinAVI FLV Converter
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X Video Downloader_is1" = X Video Downloader
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Shoddy Battle" = Shoddy Battle
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/22/2010 4:16:31 PM | Computer Name = HP12902580339 | Source = Application Error | ID = 1000
Description = Faulting application winavi mp4 converter.exe, version 0.0.0.0, faulting
module matroskasplitter.ax, version 1.0.2.6, fault address 0x00002485.
Error - 10/22/2010 4:16:53 PM | Computer Name = HP12902580339 | Source = Application Error | ID = 1000
Description = Faulting application winavi mp4 converter.exe, version 0.0.0.0, faulting
module matroskasplitter.ax, version 1.0.2.6, fault address 0x00002485.
Error - 10/22/2010 4:16:59 PM | Computer Name = HP12902580339 | Source = Application Error | ID = 1001
Description = Fault bucket 349305636.
Error - 10/22/2010 4:17:25 PM | Computer Name = HP12902580339 | Source = Application Error | ID = 1000
Description = Faulting application winavi mp4 converter.exe, version 0.0.0.0, faulting
module matroskasplitter.ax, version 1.0.2.6, fault address 0x00002485.
Error - 10/29/2010 7:25:14 PM | Computer Name = HP12902580339 | Source = Application Error | ID = 1000
Description = Faulting application winavi mp4 converter.exe, version 0.0.0.0, faulting
module matroskasplitter.ax, version 1.0.2.6, fault address 0x00002485.
Error - 11/3/2010 3:22:47 AM | Computer Name = HP12902580339 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0437251c.
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
OTL logfile created on: 11/6/2010 12:27:46 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\andrew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 9.59 Gb Free Space | 6.43% Space Free | Partition Type: NTFS
Computer Name: HP12902580339 | User Name: andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\andrew\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\VEXPLite\MONLITE.EXE (TG Soft S.a.s. - www.tgsoft.it)
PRC - C:\VEXPLite\VIRITSVC.EXE (TG Soft Sas www.tgsoft.it)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Process Lasso\ProcessLasso.exe (Bitsum Technologies)
PRC - C:\Program Files\Process Lasso\ProcessGovernor.exe (Bitsum Technologies)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Verizon\VSP\ServicepointService.exe (Radialpoint Inc.)
PRC - C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\andrew\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
========== Win32 Services (SafeList) ==========
SRV - (Windows Storage Service v2.0) -- C:\WINDOWS\csrss\csrss.exe File not found
SRV - (DfSdkS) -- File not found
SRV - (Apple Mobile Device) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_062a651.dll ()
SRV - (viritsvclite) -- C:\VEXPLite\VIRITSVC.EXE (TG Soft Sas www.tgsoft.it)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (ServicepointService) -- C:\Program Files\Verizon\VSP\ServicepointService.exe (Radialpoint Inc.)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
========== Driver Services (SafeList) ==========
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (FreshIO) -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (nocashio) -- C:\WINDOWS\system32\drivers\nocashio.sys ()
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (VIRAGTLT) -- C:\WINDOWS\system32\drivers\VIRAGTLT.SYS (TG Soft S.a.s.)
DRV - (AnyDVD) -- C:\WINDOWS\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\WINDOWS\System32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (FSLX) -- C:\WINDOWS\system32\drivers\fslx.sys (Altiris, Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (e1yexpress) Intel® -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (xusb21) -- C:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ElbyDelay) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (ActionReplayDS) -- C:\WINDOWS\system32\drivers\ActionReplayDS.sys (Thesycon GmbH, Germany)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel® Corporation)
DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel® Corporation)
DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel® Corporation)
DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel® Corporation)
DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel® Corporation)
DRV - (adpu320) -- C:\WINDOWS\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (USBIO) USBIO Driver (usbio.sys) -- C:\WINDOWS\system32\drivers\usbio.sys (Thesycon GmbH, Germany)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.ijji.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.daemon-se...age|google.com"
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.99999
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/04/24 07:47:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/04/24 07:47:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/08/06 02:27:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/09/02 23:02:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 07:38:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 07:38:23 | 000,000,000 | ---D | M]
[2010/04/09 11:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\Mozilla\Extensions
[2010/11/05 00:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions
[2010/05/02 05:35:51 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010/10/22 00:57:58 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/11/02 23:48:55 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/04/27 18:54:13 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010/08/09 08:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\DTToolbar@toolbarnet.com
[2010/10/26 20:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\toolbar@ask.com
[2010/04/07 16:16:11 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\searchplugins\aim-search.xml
[2010/11/02 23:48:36 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\searchplugins\AOL Search.xml
[2010/04/19 01:35:44 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\searchplugins\askcom.xml
[2010/04/27 19:29:43 | 000,000,873 | ---- | M] () -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\searchplugins\conduit.xml
[2010/08/09 08:21:54 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\searchplugins\daemon-search.xml
[2010/11/05 00:26:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/16 22:04:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/19 22:14:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2010/11/02 23:48:36 | 000,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml
[2010/08/04 14:52:38 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
O1 HOSTS File: ([2010/05/06 05:49:47 | 000,000,060 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi0.dll (Conduit Ltd.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - Disabled:{5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Value error. File not found
O2 - BHO: (no name) - Disabled:{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - Reg Error: Value error. File not found
O2 - BHO: (no name) - Disabled:{9030D464-4C02-4ABF-8ECC-5164760863C6} - Reg Error: Value error. File not found
O2 - BHO: (no name) - Disabled:{A057A204-BACC-4D26-8398-26FADCF27386} - Reg Error: Value error. File not found
O2 - BHO: (no name) - Disabled:{d2ce3e00-f94a-4740-988e-03dc2f38c34f} - Reg Error: Value error. File not found
O2 - BHO: (no name) - Disabled:{DBC80044-A445-435b-BC74-9C25C1C588A9} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfi0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [ProcessGovernor] C:\Program Files\Process Lasso\ProcessGovernor.exe (Bitsum Technologies)
O4 - HKLM..\Run: [ProcessLassoManagementConsole] C:\Program Files\Process Lasso\ProcessLasso.exe (Bitsum Technologies)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VIRIT LITE MONITOR] C:\VEXPLite\MONLITE.EXE (TG Soft S.a.s. - www.tgsoft.it)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Documents and Settings\andrew\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O9 - Extra 'Tools' menuitem : WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...20Installer.cab (Reg Error: Value error.)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} http://w4s.work4sure...ge/w4sgeen9.exe (Reg Error: Value error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsec...r/cascanner.cab (Reg Error: Value error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\andrew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\andrew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 30 Days ==========
[2010/11/06 00:25:01 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\andrew\Desktop\OTL.exe
[2010/11/04 07:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010/11/04 06:49:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\New Folder
[2010/11/02 23:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/11/02 23:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Application Data\acccore
[2010/11/02 23:48:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Local Settings\Application Data\AIM
[2010/11/02 23:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/11/02 23:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/11/02 23:47:46 | 007,541,896 | ---- | C] (AOL Inc.) -- C:\Documents and Settings\andrew\Desktop\Install_AIM.exe
[2010/11/02 01:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\Saves
[2010/11/02 01:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\DS Emulator
[2010/11/02 01:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\Language
[2010/11/02 01:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\pBlackV5
[2010/11/02 00:40:05 | 000,633,344 | ---- | C] (Actarus) -- C:\Documents and Settings\andrew\Desktop\ideas.exe
[2010/10/29 18:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla ActiveX Control v1.7.12
[2010/10/29 18:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/10/29 18:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[2010/10/27 05:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\C4D's
[2010/10/27 00:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\MapleStory Goodies wink wink
[2010/10/25 17:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\Binverse
[2010/10/23 00:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Application Data\Ventrilo
[2010/10/23 00:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010/10/23 00:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/10/20 03:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Local Settings\Application Data\Shoddy Battle
[2010/10/16 21:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Local Settings\Application Data\Google
[2010/10/14 22:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\cxmb
[2010/10/07 20:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\SEPLUGINS
[2010/10/07 19:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\MSH vs SF (Killah)
========== Files - Modified Within 30 Days ==========
[2010/11/06 00:27:45 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-538191299-4278470755-1679196534-1009.job
[2010/11/06 00:27:45 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-538191299-4278470755-1679196534-1009.job
[2010/11/06 00:25:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\andrew\Desktop\OTL.exe
[2010/11/06 00:23:38 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\rkill.com
[2010/11/06 00:17:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/06 00:17:48 | 2110,963,712 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/04 22:58:48 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-538191299-4278470755-1679196534-1010.job
[2010/11/04 22:58:48 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-538191299-4278470755-1679196534-1010.job
[2010/11/04 17:49:18 | 000,941,568 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Simple Disconnector.dll
[2010/11/04 13:24:29 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/11/04 10:12:25 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/04 07:08:47 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/03 23:44:48 | 000,039,336 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\popupthing.JPG
[2010/11/03 02:25:57 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Talisman Online.lnk
[2010/11/03 01:10:42 | 000,001,470 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shaiya.lnk
[2010/11/02 23:48:41 | 000,000,909 | -H-- | M] () -- C:\IPH.PH
[2010/11/02 23:48:35 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/11/02 23:48:35 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/11/02 23:48:04 | 007,541,896 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\andrew\Desktop\Install_AIM.exe
[2010/11/02 18:39:39 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/11/02 18:39:39 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/11/02 02:03:57 | 000,210,208 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\SEXY.JPG
[2010/11/02 01:07:04 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Software.ini
[2010/11/01 21:01:02 | 000,140,752 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\crazygodly.JPG
[2010/10/30 10:36:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/29 13:21:19 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-538191299-4278470755-1679196534-1008.job
[2010/10/29 13:21:19 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-538191299-4278470755-1679196534-1008.job
[2010/10/28 03:09:39 | 000,002,467 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Rapeshoddy2
[2010/10/27 21:40:44 | 000,002,432 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Sandstormshoddy
[2010/10/27 05:54:30 | 001,717,388 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Sig.psd
[2010/10/27 04:57:18 | 000,156,437 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Radiance2.jpg
[2010/10/27 04:56:35 | 000,442,867 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Radiance.jpg
[2010/10/26 23:33:23 | 000,002,391 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\ShoddyRainDancing
[2010/10/25 19:24:25 | 000,008,412 | ---- | M] () -- C:\Final Fantasy 6 Advance.clt
[2010/10/25 00:29:48 | 000,125,737 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\godlyclaw.JPG
[2010/10/23 00:08:22 | 000,000,262 | ---- | M] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/23 00:08:21 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2010/10/23 00:07:26 | 003,196,328 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\ventrilo-3.0.5-Windows-i386.exe
[2010/10/21 21:20:28 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\ShoddyBattleTeam
[2010/10/21 01:51:17 | 000,002,474 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Rapeshoddy
[2010/10/21 00:56:50 | 000,253,969 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Sheesh#1.jpg
[2010/10/20 15:53:56 | 000,134,020 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\20attsock.JPG
[2010/10/20 03:28:43 | 000,001,902 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Shoddy Battle.lnk
[2010/10/19 23:44:01 | 000,116,844 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\omgzMAPLE.JPG
[2010/10/18 23:55:06 | 000,370,990 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\1018101652a.jpg
[2010/10/16 03:11:14 | 000,129,055 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\blizzeffect.JPG
[2010/10/15 16:19:58 | 000,265,533 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\FRESH.JPG
[2010/10/15 15:18:18 | 000,529,717 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\IMG00466-20101015-1618.jpg
[2010/10/15 02:39:41 | 000,045,165 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\l_3c1d6b41048c4fe7b7e97b0183899b63.jpg
[2010/10/14 21:04:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb6c04ef454c5a.job
[2010/10/13 15:21:15 | 000,015,674 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Logo_Ralph_LaurenBlack.jpg
[2010/10/12 00:27:24 | 000,137,299 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\lv103hermitdmg.JPG
[2010/10/11 21:55:42 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-538191299-4278470755-1679196534-1011.job
[2010/10/11 21:55:42 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-538191299-4278470755-1679196534-1011.job
[2010/10/08 19:14:08 | 000,131,437 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Amazen skanda.JPG
[2010/10/08 06:12:36 | 000,633,344 | ---- | M] (Actarus) -- C:\Documents and Settings\andrew\Desktop\ideas.exe
[2010/10/07 19:28:20 | 311,339,105 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\MSH vs SF (Killah ver).rar
========== Files Created - No Company Name ==========
[2010/11/06 00:23:38 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\rkill.com
[2010/11/05 05:52:58 | 000,941,568 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Simple Disconnector.dll
[2010/11/03 23:44:48 | 000,039,336 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\popupthing.JPG
[2010/11/03 02:25:57 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Talisman Online.lnk
[2010/11/03 01:10:42 | 000,001,470 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shaiya.lnk
[2010/11/02 23:48:35 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/11/02 23:48:35 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/11/02 01:05:59 | 000,210,208 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\SEXY.JPG
[2010/11/02 01:03:36 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Software.ini
[2010/11/01 21:01:02 | 000,140,752 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\crazygodly.JPG
[2010/10/28 03:09:39 | 000,002,467 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Rapeshoddy2
[2010/10/27 05:54:27 | 001,717,388 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Sig.psd
[2010/10/27 04:57:17 | 000,156,437 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Radiance2.jpg
[2010/10/27 04:56:31 | 000,442,867 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Radiance.jpg
[2010/10/26 23:33:23 | 000,002,391 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\ShoddyRainDancing
[2010/10/25 19:24:25 | 000,008,412 | ---- | C] () -- C:\Final Fantasy 6 Advance.clt
[2010/10/25 00:29:47 | 000,125,737 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\godlyclaw.JPG
[2010/10/24 06:34:37 | 000,002,432 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Sandstormshoddy
[2010/10/23 00:08:21 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2010/10/23 00:07:56 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/23 00:07:09 | 003,196,328 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\ventrilo-3.0.5-Windows-i386.exe
[2010/10/21 01:51:17 | 000,002,474 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Rapeshoddy
[2010/10/20 18:00:42 | 000,253,969 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Sheesh#1.jpg
[2010/10/20 15:53:56 | 000,134,020 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\20attsock.JPG
[2010/10/20 03:51:25 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\ShoddyBattleTeam
[2010/10/20 03:28:43 | 000,001,902 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Shoddy Battle.lnk
[2010/10/20 00:12:00 | 000,370,990 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\1018101652a.jpg
[2010/10/19 23:44:01 | 000,116,844 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\omgzMAPLE.JPG
[2010/10/16 03:11:14 | 000,129,055 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\blizzeffect.JPG
[2010/10/15 16:20:05 | 000,529,717 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\IMG00466-20101015-1618.jpg
[2010/10/15 16:19:58 | 000,265,533 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\FRESH.JPG
[2010/10/15 02:39:40 | 000,045,165 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\l_3c1d6b41048c4fe7b7e97b0183899b63.jpg
[2010/10/14 21:04:36 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb6c04ef454c5a.job
[2010/10/13 15:21:15 | 000,015,674 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Logo_Ralph_LaurenBlack.jpg
[2010/10/12 00:27:23 | 000,137,299 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\lv103hermitdmg.JPG
[2010/10/08 19:14:07 | 000,131,437 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Amazen skanda.JPG
[2010/10/07 18:07:45 | 311,339,105 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\MSH vs SF (Killah ver).rar
[2010/08/01 15:20:17 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/12 15:15:41 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/07/12 15:15:01 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2010/07/12 15:14:00 | 000,000,058 | ---- | C] () -- C:\WINDOWS\EPSPRX580.ini
[2010/07/11 10:46:23 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/06/14 12:33:34 | 001,914,216 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2010/06/12 19:02:58 | 000,002,554 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/05/24 12:34:04 | 000,697,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/05/02 05:30:20 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\uc_karos_launching.dll
[2010/04/30 02:42:44 | 000,000,050 | -H-- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/04/29 17:20:05 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2010/04/29 10:28:05 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/04/23 20:10:38 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/05 18:46:02 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\andrew\Local Settings\Application Data\setup.txt
[2010/03/18 00:06:50 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2010/03/17 23:53:09 | 000,154,992 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/17 23:47:02 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4964.dll
[2010/03/17 23:01:03 | 000,000,758 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2010/03/02 20:00:00 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/03/02 20:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/03/02 20:00:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/03/02 20:00:00 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/02 20:00:00 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/03/02 20:00:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/03/02 20:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/03/02 20:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/03/02 20:00:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/03/02 20:00:00 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/03/02 20:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/03/02 20:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/03/02 20:00:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/03/02 20:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/03/02 20:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/03/02 20:00:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/03/02 20:00:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/14 14:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/11/14 14:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/11/14 14:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/11/14 14:11:42 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/11/14 14:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/11/14 14:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/11/14 14:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/11/14 14:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/11/14 14:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/11/14 14:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009/06/07 12:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/10 20:30:38 | 000,054,608 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2006/04/25 20:31:56 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
========== LOP Check ==========
[2010/11/02 23:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/04/07 16:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/07/13 17:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/08/09 08:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/06/18 00:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/08/01 23:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/07/13 17:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/07/04 14:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/08/01 15:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/10 05:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/06/14 13:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MD_Data
[2010/06/17 16:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSNDynFiles
[2010/04/07 16:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/05/01 12:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/08/02 01:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2010/04/05 18:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/05/29 14:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SnitchPlusData
[2010/08/04 02:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/05 19:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/05/04 07:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZapShares
[2010/03/18 00:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/04/09 17:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/01 15:33:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{619D4E1A-1164-42DD-8AE4-DECA8C1B305E}
[2010/11/02 23:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\acccore
[2010/08/09 08:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\DAEMON Tools Lite
[2010/08/09 08:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\DAEMON Tools Pro
[2010/08/17 04:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\ElevatedDiagnostics
[2010/11/04 07:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\FrostWire
[2010/05/02 19:57:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\andrew\Application Data\ijjigame
[2010/08/12 19:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\ImgBurn
[2010/08/04 13:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\ProcessLasso
[2010/04/10 16:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\Search Settings
[2010/08/28 22:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\SystemRequirementsLab
[2010/08/19 01:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\uTorrent
[2010/04/10 16:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\YouTube Downloader
[2004/08/04 03:56:50 | 000,000,004 | -HS- | M] () -- C:\WINDOWS\Tasks\FOLDER.TSX
[2010/08/05 08:05:08 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/03/17 21:17:10 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/04/16 01:50:00 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/05/17 19:30:24 | 000,036,580 | ---- | M] () -- C:\ComboFix.txt
[2010/10/25 19:24:25 | 000,008,412 | ---- | M] () -- C:\Final Fantasy 6 Advance.clt
[2010/11/06 00:17:48 | 2110,963,712 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/24 08:51:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/11/02 23:48:41 | 000,000,909 | -H-- | M] () -- C:\IPH.PH
[2010/11/04 19:08:07 | 000,089,914 | ---- | M] () -- C:\MP4debug.log
[2010/05/29 13:49:19 | 000,000,072 | ---- | M] () -- C:\msbasppl.syn
[2010/04/24 08:51:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2002/08/11 00:00:00 | 000,000,035 | ---- | M] () -- C:\mst26v.syn
[2010/08/12 19:31:13 | 787,289,664 | ---- | M] () -- C:\MVC2.BIN
[2010/08/12 19:31:13 | 000,000,176 | ---- | M] () -- C:\MVC2.CUE
[2010/06/16 17:09:06 | 000,001,098 | ---- | M] () -- C:\NTDClient.log
[2006/02/27 22:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/04/16 21:40:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/06 00:17:38 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/11/06 00:24:48 | 000,000,394 | ---- | M] () -- C:\rkill.log
[2010/09/20 23:06:50 | 000,008,412 | ---- | M] () -- C:\Zoids - Legacy.clt
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/04/25 13:31:26 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
[2006/11/15 07:00:58 | 000,473,403 | -H-- | M] () -- C:\WINDOWS\hp2_1024x768.jpg
[2006/11/15 06:45:40 | 000,366,564 | -H-- | M] () -- C:\WINDOWS\hp3_1024x768.jpg
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2007/08/18 22:16:44 | 000,549,888 | -H-- | M] () -- C:\WINDOWS\TheMatrix.scr
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2006/04/25 13:17:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/04/25 13:17:52 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/04/25 13:17:50 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/04/16 21:46:27 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
< %systemroot%\system32\config\systemprofile\*.dat /x >
[2010/03/18 00:04:42 | 000,000,152 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\BCM_DropUserDatabases.txt
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/04/16 21:51:56 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2006/04/25 18:41:10 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
< %USERPROFILE%\Desktop\*.exe >
[2010/09/01 08:36:40 | 000,339,257 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\CleanUp452.exe
[2010/10/08 06:12:36 | 000,633,344 | ---- | M] (Actarus) -- C:\Documents and Settings\andrew\Desktop\ideas.exe
[2010/11/02 23:48:04 | 007,541,896 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\andrew\Desktop\Install_AIM.exe
[2010/11/06 00:25:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\andrew\Desktop\OTL.exe
[2010/10/23 00:07:26 | 003,196,328 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\ventrilo-3.0.5-Windows-i386.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2010/04/16 21:51:56 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\andrew\Favorites\Desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
[2010/11/06 00:27:45 | 000,049,152 | -HS- | M] () -- C:\Documents and Settings\andrew\Cookies\index.dat
< %SystemRoot%\system32\fonts\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-04-08 08:46:27
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B61A2D1
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:890CC2F3
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D06A4C76
< End of report >
OTL Extras logfile created on: 11/6/2010 12:27:46 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\andrew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 9.59 Gb Free Space | 6.43% Space Free | Partition Type: NTFS
Computer Name: HP12902580339 | User Name: andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57999:TCP" = 57999:TCP:*:Enabled:Pando Media Booster
"57999:UDP" = 57999:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"58960:TCP" = 58960:TCP:*:Enabled:Pando Media Booster
"58960:UDP" = 58960:UDP:*:Enabled:Pando Media Booster
"57999:TCP" = 57999:TCP:*:Enabled:Pando Media Booster
"57999:UDP" = 57999:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1038:TCP" = 1038:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\All Users\Documents\uTorrent.exe" = C:\Documents and Settings\All Users\Documents\uTorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Verizon\VSP\ServicepointService.exe" = C:\Program Files\Verizon\VSP\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004098A1-0362-4C42-A1C3-CAD436CFF4A1}" = YouTube Downloader Toolbar v1.0
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0F5BC8D3-3741-4542-AF00-51202A9FD357}" = VirIT eXplorer Lite
"{146E206D-7D2C-493A-B431-1F1D16E822AF}" = MobileMe Control Panel
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus Photo RX580 Scanner Driver Update
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2266312B-3502-41EE-82CD-8DC62276D87B}" = Vz In Home Agent
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{30283233-3BE6-473D-A47C-ED964A2F78B4}_is1" = Inpaint 2.4
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.106e
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7BDD6642-76D6-49F7-9157-6100E5C75B97}" = Vz In Home Agent
"{7D8DBB7C-1C55-4950-A107-043C164F379A}" = Altiris Software Virtualization Agent
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BBB19C0-1FE1-4A4E-B25F-C9E1B0497EC5}" = Shaiya(US)
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.9.462
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF4720EC-795A-4DE4-8A03-F80C52256E03}" = SCG Route 2.20 NT
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel® Network Connections 13.1.33.0
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E3D4F451-5F04-4082-BE21-1C0C1ADF5014}" = Vz In Home Agent
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FC274982-5AAD-4C20-848D-4424A5043009}_is1" = WinUtilities 9.7 Professional Edition
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AIM Search" = AIM Search
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"AnyDVD" = AnyDVD
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"AutocompletePro3_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager for Outlook 2007" = Business Contact Manager for Outlook 2007
"CleanUp!" = CleanUp!
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.9.1
"Complete Cleanup Trial_is1" = Complete Cleanup Trial
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Fraps" = Fraps (remove only)
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.4
"FrostWire" = FrostWire 4.20.7
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel® Graphics Media Accelerator Driver
"HitmanPro35" = Hitman Pro 3.5
"iCare Data Recovery_is1" = iCare Data Recovery 3.8.1
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"JixeySearchHelper" = Jixey Search Helper
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapleStory" = MapleStory
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Multi Virus Cleaner 2009_is1" = Multi Virus Cleaner 2009
"PDF Complete" = PDF Complete
"ProcessLasso" = Process Lasso
"QuickTime Converter_is1" = QuickTime Converter 2.1
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.5.10
"RealPlayer 12.0" = RealPlayer
"Software Informer_is1" = Software Informer 1.0 BETA
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Tansee iPod Transfer_is1" = Tansee iPod Transfer v3.8
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Verizon Broadband Toolbar Firefox only" = Verizon Broadband Toolbar Firefox only
"Verizon Help and Support" = Verizon Help and Support Tool
"verizon_broad" = Verizon Broadband Toolbar (IE only)
"VirIT eXplorer Lite" = VirIT eXplorer Lite
"vReveal" = vReveal
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"WinAVI FLV Converter 1.0_is1" = WinAVI FLV Converter
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X Video Downloader_is1" = X Video Downloader
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Shoddy Battle" = Shoddy Battle
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/22/2010 4:16:31 PM | Computer Name = HP12902580339 | Source = Application Error | ID = 1000
Description = Faulting application winavi mp4 converter.exe, version 0.0.0.0, faulting
module matroskasplitter.ax, version 1.0.2.6, fault address 0x00002485.
Error - 10/22/2010 4:16:53 PM | Computer Name = HP12902580339 | Source = Application Error | ID = 1000
Description = Faulting application winavi mp4 converter.exe, version 0.0.0.0, faulting
module matroskasplitter.ax, version 1.0.2.6, fault address 0x00002485.
Error - 10/22/2010 4:16:59 PM | Computer Name = HP12902580339 | Source = Application Error | ID = 1001
Description = Fault bucket 349305636.
Error - 10/22/2010 4:17:25 PM | Computer Name = HP12902580339 | Source = Application Error | ID = 1000
Description = Faulting application winavi mp4 converter.exe, version 0.0.0.0, faulting
module matroskasplitter.ax, version 1.0.2.6, fault address 0x00002485.
Error - 10/29/2010 7:25:14 PM | Computer Name = HP12902580339 | Source = Application Error | ID = 1000
Description = Faulting application winavi mp4 converter.exe, version 0.0.0.0, faulting
module matroskasplitter.ax, version 1.0.2.6, fault address 0x00002485.
Error - 11/3/2010 3:22:47 AM | Computer Name = HP12902580339 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0437251c.
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Edited by DCShoesRocking, 06 November 2010 - 12:53 AM.
#4
DCShoesRocking
-
- Authentic Member
-
- 26 posts
Authentic Member
Posted 06 November 2010 - 12:54 AM
Gmer.txt LOG
GMER 1.0.15.15507 - http://www.gmer.net
Rootkit scan 2010-11-06 02:49:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 02.0
Running: gmer.exe; Driver: C:\DOCUME~1\andrew\LOCALS~1\Temp\kxdyqfog.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwClose [0x9F1D37F8]
SSDT 97E7E5DE ZwCreateKey
SSDT 97E7E5D4 ZwCreateThread
SSDT 97E7E5E3 ZwDeleteKey
SSDT 97E7E5ED ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwDuplicateObject [0x9F1D4712]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwEnumerateKey [0x9F1D3F2A]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwEnumerateValueKey [0x9F1D42E6]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwFlushKey [0x9F1D3892]
SSDT 97E7E5F2 ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwOpenKey [0x9F1D2D76]
SSDT 97E7E5C0 ZwOpenProcess
SSDT 97E7E5C5 ZwOpenThread
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwQueryKey [0x9F1D4038]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwQueryValueKey [0x9F1D4428]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwRenameKey [0x9F1D47A2]
SSDT 97E7E5FC ZwReplaceKey
SSDT 97E7E5F7 ZwRestoreKey
SSDT 97E7E5E8 ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwUnloadKey [0x9F1D4624]
INT 0x83 ? 8A727C88
INT 0x84 ? 89C47C88
INT 0x94 ? 89C47C88
INT 0x94 ? 89C47C88
INT 0xA4 ? 89C47C88
INT 0xB4 ? 89C47C88
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2FA0 8050482C 4 Bytes CALL 74E83016
? spyz.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B810E8AC 5 Bytes JMP 89C471D8
.text az6n5l9w.SYS B805A306 50 Bytes [00, 00, 00, 48, 03, 00, F0, ...]
.text az6n5l9w.SYS B805A339 23 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text az6n5l9w.SYS B805A351 87 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text az6n5l9w.SYS B805A3A9 10 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text az6n5l9w.SYS B805A3B4 12 Bytes [40, 00, 00, C8, 50, 41, 47, ...] {INC EAX; ADD [EAX], AL; ENTER 0x4150, 0x47; INC EBP; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[1428] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes CALL 0008ED99 C:\Program Files\Webroot\Washer\WasherSvc.exe (Window Washer Engine/Webroot Software, Inc.)
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[3036] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A7261F8
AttachedDevice \FileSystem\Ntfs \Ntfs fslx.sys (FSL System Driver/Altiris, Inc.)
Device \Driver\usbehci \Device\USBPDO-0 89C411F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A7281F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A7281F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A7281F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A7281F8
Device \Driver\usbuhci \Device\USBPDO-1 89C461F8
Device \Driver\usbuhci \Device\USBPDO-2 89C461F8
Device \Driver\sptd \Device\2189302066 spyz.sys
Device \Driver\usbuhci \Device\USBPDO-3 89C461F8
Device \Driver\usbuhci \Device\USBPDO-4 89C461F8
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-5 89C461F8
Device \Driver\usbuhci \Device\USBPDO-6 89C461F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7991F8
Device \Driver\usbehci \Device\USBPDO-7 89C411F8
Device \Driver\Cdrom \Device\CdRom0 89BB41F8
Device \Driver\iaStor \Device\Ide\iaStor0 [B9D69ED0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [B9D69ED0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [B9D69ED0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 89BB41F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{05524139-8DF4-43E2-BC9B-78E4A9B7D829} 88E5F1F8
Device \Driver\Cdrom \Device\CdRom2 89BB41F8
Device \Driver\Cdrom \Device\CdRom3 89BB41F8
Device \Driver\Cdrom \Device\CdRom4 89BB41F8
Device \Driver\USBSTOR \Device\00000082 8943D470
Device \Driver\Cdrom \Device\CdRom5 89BB41F8
Device \Driver\USBSTOR \Device\00000083 8943D470
Device \Driver\NetBT \Device\NetBt_Wins_Export 88E5F1F8
Device \Driver\USBSTOR \Device\00000084 8943D470
Device \Driver\USBSTOR \Device\00000085 8943D470
Device \Driver\NetBT \Device\NetbiosSmb 88E5F1F8
Device \Driver\USBSTOR \Device\00000086 8943D470
Device \Driver\USBSTOR \Device\00000087 8943D470
Device \Driver\PCI_PNP8316 \Device\0000004e spyz.sys
Device \Driver\usbuhci \Device\USBFDO-0 89C461F8
Device \Driver\usbuhci \Device\USBFDO-1 89C461F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88E4E1F8
Device \Driver\usbuhci \Device\USBFDO-2 89C461F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 88E4E1F8
Device \Driver\usbehci \Device\USBFDO-3 89C411F8
Device \Driver\usbuhci \Device\USBFDO-4 89C461F8
Device \Driver\Ftdisk \Device\FtControl 8A7991F8
Device \Driver\usbuhci \Device\USBFDO-5 89C461F8
Device \Driver\usbuhci \Device\USBFDO-6 89C461F8
Device \Driver\usbehci \Device\USBFDO-7 89C411F8
Device \Driver\az6n5l9w \Device\Scsi\az6n5l9w1 89B2E1F8
Device \Driver\az6n5l9w \Device\Scsi\az6n5l9w1Port2Path0Target1Lun0 89B2E1F8
Device \Driver\az6n5l9w \Device\Scsi\az6n5l9w1Port2Path0Target3Lun0 89B2E1F8
Device \Driver\az6n5l9w \Device\Scsi\az6n5l9w1Port2Path0Target2Lun0 89B2E1F8
Device \Driver\az6n5l9w \Device\Scsi\az6n5l9w1Port2Path0Target0Lun0 89B2E1F8
Device \FileSystem\Cdfs \Cdfs 88E5A1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xA5 0x5F 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2F 0x2B 0x2E 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAA 0x22 0xCA 0x8E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA7 0x84 0xB6 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x48 0xE6 0x77 0x53 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x48 0xE6 0x77 0x53 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x48 0xE6 0x77 0x53 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xA5 0x5F 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x59 0xF3 0xBB 0x11 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAA 0x22 0xCA 0x8E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA7 0x84 0xB6 0x25 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x48 0xE6 0x77 0x53 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x48 0xE6 0x77 0x53 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x48 0xE6 0x77 0x53 ...
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15507 - http://www.gmer.net
Rootkit scan 2010-11-06 02:49:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 02.0
Running: gmer.exe; Driver: C:\DOCUME~1\andrew\LOCALS~1\Temp\kxdyqfog.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwClose [0x9F1D37F8]
SSDT 97E7E5DE ZwCreateKey
SSDT 97E7E5D4 ZwCreateThread
SSDT 97E7E5E3 ZwDeleteKey
SSDT 97E7E5ED ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwDuplicateObject [0x9F1D4712]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwEnumerateKey [0x9F1D3F2A]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwEnumerateValueKey [0x9F1D42E6]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwFlushKey [0x9F1D3892]
SSDT 97E7E5F2 ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwOpenKey [0x9F1D2D76]
SSDT 97E7E5C0 ZwOpenProcess
SSDT 97E7E5C5 ZwOpenThread
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwQueryKey [0x9F1D4038]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwQueryValueKey [0x9F1D4428]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwRenameKey [0x9F1D47A2]
SSDT 97E7E5FC ZwReplaceKey
SSDT 97E7E5F7 ZwRestoreKey
SSDT 97E7E5E8 ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwUnloadKey [0x9F1D4624]
INT 0x83 ? 8A727C88
INT 0x84 ? 89C47C88
INT 0x94 ? 89C47C88
INT 0x94 ? 89C47C88
INT 0xA4 ? 89C47C88
INT 0xB4 ? 89C47C88
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2FA0 8050482C 4 Bytes CALL 74E83016
? spyz.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B810E8AC 5 Bytes JMP 89C471D8
.text az6n5l9w.SYS B805A306 50 Bytes [00, 00, 00, 48, 03, 00, F0, ...]
.text az6n5l9w.SYS B805A339 23 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text az6n5l9w.SYS B805A351 87 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text az6n5l9w.SYS B805A3A9 10 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text az6n5l9w.SYS B805A3B4 12 Bytes [40, 00, 00, C8, 50, 41, 47, ...] {INC EAX; ADD [EAX], AL; ENTER 0x4150, 0x47; INC EBP; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[1428] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes CALL 0008ED99 C:\Program Files\Webroot\Washer\WasherSvc.exe (Window Washer Engine/Webroot Software, Inc.)
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[3036] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A7261F8
AttachedDevice \FileSystem\Ntfs \Ntfs fslx.sys (FSL System Driver/Altiris, Inc.)
Device \Driver\usbehci \Device\USBPDO-0 89C411F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A7281F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A7281F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A7281F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A7281F8
Device \Driver\usbuhci \Device\USBPDO-1 89C461F8
Device \Driver\usbuhci \Device\USBPDO-2 89C461F8
Device \Driver\sptd \Device\2189302066 spyz.sys
Device \Driver\usbuhci \Device\USBPDO-3 89C461F8
Device \Driver\usbuhci \Device\USBPDO-4 89C461F8
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-5 89C461F8
Device \Driver\usbuhci \Device\USBPDO-6 89C461F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7991F8
Device \Driver\usbehci \Device\USBPDO-7 89C411F8
Device \Driver\Cdrom \Device\CdRom0 89BB41F8
Device \Driver\iaStor \Device\Ide\iaStor0 [B9D69ED0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [B9D69ED0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [B9D69ED0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 89BB41F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{05524139-8DF4-43E2-BC9B-78E4A9B7D829} 88E5F1F8
Device \Driver\Cdrom \Device\CdRom2 89BB41F8
Device \Driver\Cdrom \Device\CdRom3 89BB41F8
Device \Driver\Cdrom \Device\CdRom4 89BB41F8
Device \Driver\USBSTOR \Device\00000082 8943D470
Device \Driver\Cdrom \Device\CdRom5 89BB41F8
Device \Driver\USBSTOR \Device\00000083 8943D470
Device \Driver\NetBT \Device\NetBt_Wins_Export 88E5F1F8
Device \Driver\USBSTOR \Device\00000084 8943D470
Device \Driver\USBSTOR \Device\00000085 8943D470
Device \Driver\NetBT \Device\NetbiosSmb 88E5F1F8
Device \Driver\USBSTOR \Device\00000086 8943D470
Device \Driver\USBSTOR \Device\00000087 8943D470
Device \Driver\PCI_PNP8316 \Device\0000004e spyz.sys
Device \Driver\usbuhci \Device\USBFDO-0 89C461F8
Device \Driver\usbuhci \Device\USBFDO-1 89C461F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88E4E1F8
Device \Driver\usbuhci \Device\USBFDO-2 89C461F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 88E4E1F8
Device \Driver\usbehci \Device\USBFDO-3 89C411F8
Device \Driver\usbuhci \Device\USBFDO-4 89C461F8
Device \Driver\Ftdisk \Device\FtControl 8A7991F8
Device \Driver\usbuhci \Device\USBFDO-5 89C461F8
Device \Driver\usbuhci \Device\USBFDO-6 89C461F8
Device \Driver\usbehci \Device\USBFDO-7 89C411F8
Device \Driver\az6n5l9w \Device\Scsi\az6n5l9w1 89B2E1F8
Device \Driver\az6n5l9w \Device\Scsi\az6n5l9w1Port2Path0Target1Lun0 89B2E1F8
Device \Driver\az6n5l9w \Device\Scsi\az6n5l9w1Port2Path0Target3Lun0 89B2E1F8
Device \Driver\az6n5l9w \Device\Scsi\az6n5l9w1Port2Path0Target2Lun0 89B2E1F8
Device \Driver\az6n5l9w \Device\Scsi\az6n5l9w1Port2Path0Target0Lun0 89B2E1F8
Device \FileSystem\Cdfs \Cdfs 88E5A1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xA5 0x5F 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2F 0x2B 0x2E 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAA 0x22 0xCA 0x8E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA7 0x84 0xB6 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x48 0xE6 0x77 0x53 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x48 0xE6 0x77 0x53 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x48 0xE6 0x77 0x53 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xA5 0x5F 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x59 0xF3 0xBB 0x11 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAA 0x22 0xCA 0x8E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA7 0x84 0xB6 0x25 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x48 0xE6 0x77 0x53 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x48 0xE6 0x77 0x53 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x48 0xE6 0x77 0x53 ...
---- EOF - GMER 1.0.15 ----
#5
mowman
-
- Malware Team
-
- 2,669 posts
SuperMember
Posted 06 November 2010 - 04:38 AM
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- See this Link for programs that need to be disabled and instruction on how to disable them.
- Remember to re-enable them when we're done.
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
#6
DCShoesRocking
-
- Authentic Member
-
- 26 posts
Authentic Member
Posted 06 November 2010 - 06:13 AM
Combofix LOG
ComboFix 10-11-05.06 - andrew 11/06/2010 7:51.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1187 [GMT -4:00]
Running from: c:\documents and settings\andrew\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((( Files Created from 2010-10-06 to 2010-11-06 )))))))))))))))))))))))))))))))
.
2010-11-04 11:09 . 2010-11-04 17:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2010-11-04 11:07 . 2010-11-04 11:07 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-03 03:48 . 2010-11-03 03:48 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-11-03 03:48 . 2010-11-03 03:49 -------- d-----w- c:\documents and settings\andrew\Application Data\acccore
2010-11-03 03:48 . 2010-11-03 03:49 -------- d-----w- c:\documents and settings\andrew\Local Settings\Application Data\AIM
2010-11-03 03:48 . 2010-11-03 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-11-03 03:48 . 2010-11-03 03:48 -------- d-----w- c:\program files\AIM
2010-10-29 22:36 . 2010-10-29 22:36 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2010-10-29 22:35 . 2010-10-29 22:35 -------- d-----w- c:\program files\VideoLAN
2010-10-29 22:35 . 2010-10-29 22:36 -------- d-----w- c:\program files\Graboid
2010-10-25 21:03 . 2010-10-25 21:03 -------- d-----w- c:\program files\Binverse
2010-10-23 04:09 . 2010-10-23 04:11 -------- d-----w- c:\documents and settings\andrew\Application Data\Ventrilo
2010-10-23 04:08 . 2010-10-23 04:08 -------- d-----w- c:\program files\Ventrilo
2010-10-23 04:07 . 2010-10-23 04:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-10-20 07:28 . 2010-10-20 07:28 -------- d-----w- c:\documents and settings\andrew\Local Settings\Application Data\Shoddy Battle
2010-10-17 01:57 . 2010-11-04 11:11 -------- d-----w- c:\documents and settings\andrew\Local Settings\Application Data\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-02 22:39 . 2010-04-17 01:04 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-02 22:39 . 2010-04-17 01:04 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-03 03:01 . 2010-09-03 03:01 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-03 03:01 . 2010-09-03 03:01 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfi0.dll" [2010-09-22 2735200]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2010-09-22 22:25 2735200 ----a-w- c:\program files\XfireXO\tbXfi0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 20:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfi0.dll" [2010-09-22 2735200]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfi0.dll" [2010-09-22 2735200]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM\aim.exe" [2010-10-12 4258136]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-05-01 2938552]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-01 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-01 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-01 141848]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
"ProcessLassoManagementConsole"="c:\program files\Process Lasso\processlasso.exe" [2010-05-19 414736]
"ProcessGovernor"="c:\program files\Process Lasso\processgovernor.exe" [2010-05-19 252944]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2010-10-20 294912]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-09-03 202256]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
c:\documents and settings\andrew\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-8-9 576000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58960:TCP"= 58960:TCP:Pando Media Booster
"58960:UDP"= 58960:UDP:Pando Media Booster
"57999:TCP"= 57999:TCP:Pando Media Booster
"57999:UDP"= 57999:UDP:Pando Media Booster
"1038:TCP"= 1038:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/29/2010 2:39 PM 28552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/24/2010 12:34 PM 697328]
R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.sys [11/11/2009 3:53 AM 45312]
R1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [7/11/2008 6:44 PM 191872]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 3:56 AM 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/16/2010 9:04 PM 135336]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2/19/2010 7:43 PM 380928]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [3/18/2010 12:04 AM 576024]
R2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [6/16/2010 5:09 PM 668912]
R2 viritsvclite;VirIT eXplorer Lite;c:\vexplite\VIRITSVC.EXE [7/20/2010 12:31 PM 81920]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [5/23/2010 5:37 PM 598856]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [3/17/2010 11:47 PM 243856]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/2/2010 11:00 PM 136176]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [5/29/2010 10:57 PM 88176]
S2 Windows Storage Service v2.0;Windows Storage Service v2.0;c:\windows\csrss\csrss.exe -service xvd --> c:\windows\csrss\csrss.exe -service xvd [?]
S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\ActionReplayDS.sys [4/9/2010 9:04 PM 29184]
S3 DfSdkS;Defragmentation-Service; [x]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [4/24/2010 6:03 AM 29184]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - KXDYQFOG
*Deregistered* - kxdyqfog
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2010-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
2010-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6c04ef454c5a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-03 03:00]
2010-10-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-538191299-4278470755-1679196534-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
2010-11-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-538191299-4278470755-1679196534-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
2010-11-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-538191299-4278470755-1679196534-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
2010-10-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-538191299-4278470755-1679196534-1011.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
2010-10-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-538191299-4278470755-1679196534-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
2010-11-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-538191299-4278470755-1679196534-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
2010-11-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-538191299-4278470755-1679196534-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
2010-10-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-538191299-4278470755-1679196534-1011.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
2010-08-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 20:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=all&pf=cmdt
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - c:\documents and settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage|google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\YouTube Downloader Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Verizon\VSP\nprpspa.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
AddRemove-iCare Data Recovery_is1 - l:\data recover\iCare Data Recovery\unins000.exe
AddRemove-X Video Downloader_is1 - c:\program files\X Video Downloader\unins000.exe
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files\YouTube Downloader\uninstall.exe
AddRemove-{30283233-3BE6-473D-A47C-ED964A2F78B4}_is1 - l:\inpaint\unins000.exe
AddRemove-{FC274982-5AAD-4C20-848D-4424A5043009}_is1 - c:\program files\WinUtilities\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-06 08:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\igfxdev.dll
- - - - - - - > 'explorer.exe'(1900)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-11-06 08:09:56
ComboFix-quarantined-files.txt 2010-11-06 12:09
ComboFix2.txt 2010-05-17 23:30
Pre-Run: 10,131,730,432 bytes free
Post-Run: 10,291,167,232 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 32D674FCF8A5ABEB858560E995BDFEA1
ComboFix 10-11-05.06 - andrew 11/06/2010 7:51.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1187 [GMT -4:00]
Running from: c:\documents and settings\andrew\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((( Files Created from 2010-10-06 to 2010-11-06 )))))))))))))))))))))))))))))))
.
2010-11-04 11:09 . 2010-11-04 17:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2010-11-04 11:07 . 2010-11-04 11:07 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-03 03:48 . 2010-11-03 03:48 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-11-03 03:48 . 2010-11-03 03:49 -------- d-----w- c:\documents and settings\andrew\Application Data\acccore
2010-11-03 03:48 . 2010-11-03 03:49 -------- d-----w- c:\documents and settings\andrew\Local Settings\Application Data\AIM
2010-11-03 03:48 . 2010-11-03 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-11-03 03:48 . 2010-11-03 03:48 -------- d-----w- c:\program files\AIM
2010-10-29 22:36 . 2010-10-29 22:36 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2010-10-29 22:35 . 2010-10-29 22:35 -------- d-----w- c:\program files\VideoLAN
2010-10-29 22:35 . 2010-10-29 22:36 -------- d-----w- c:\program files\Graboid
2010-10-25 21:03 . 2010-10-25 21:03 -------- d-----w- c:\program files\Binverse
2010-10-23 04:09 . 2010-10-23 04:11 -------- d-----w- c:\documents and settings\andrew\Application Data\Ventrilo
2010-10-23 04:08 . 2010-10-23 04:08 -------- d-----w- c:\program files\Ventrilo
2010-10-23 04:07 . 2010-10-23 04:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-10-20 07:28 . 2010-10-20 07:28 -------- d-----w- c:\documents and settings\andrew\Local Settings\Application Data\Shoddy Battle
2010-10-17 01:57 . 2010-11-04 11:11 -------- d-----w- c:\documents and settings\andrew\Local Settings\Application Data\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-02 22:39 . 2010-04-17 01:04 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-02 22:39 . 2010-04-17 01:04 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-03 03:01 . 2010-09-03 03:01 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-03 03:01 . 2010-09-03 03:01 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfi0.dll" [2010-09-22 2735200]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2010-09-22 22:25 2735200 ----a-w- c:\program files\XfireXO\tbXfi0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 20:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfi0.dll" [2010-09-22 2735200]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfi0.dll" [2010-09-22 2735200]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM\aim.exe" [2010-10-12 4258136]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-05-01 2938552]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-01 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-01 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-01 141848]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
"ProcessLassoManagementConsole"="c:\program files\Process Lasso\processlasso.exe" [2010-05-19 414736]
"ProcessGovernor"="c:\program files\Process Lasso\processgovernor.exe" [2010-05-19 252944]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2010-10-20 294912]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-09-03 202256]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
c:\documents and settings\andrew\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-8-9 576000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58960:TCP"= 58960:TCP:Pando Media Booster
"58960:UDP"= 58960:UDP:Pando Media Booster
"57999:TCP"= 57999:TCP:Pando Media Booster
"57999:UDP"= 57999:UDP:Pando Media Booster
"1038:TCP"= 1038:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/29/2010 2:39 PM 28552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/24/2010 12:34 PM 697328]
R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.sys [11/11/2009 3:53 AM 45312]
R1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [7/11/2008 6:44 PM 191872]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 3:56 AM 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/16/2010 9:04 PM 135336]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2/19/2010 7:43 PM 380928]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [3/18/2010 12:04 AM 576024]
R2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [6/16/2010 5:09 PM 668912]
R2 viritsvclite;VirIT eXplorer Lite;c:\vexplite\VIRITSVC.EXE [7/20/2010 12:31 PM 81920]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [5/23/2010 5:37 PM 598856]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [3/17/2010 11:47 PM 243856]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/2/2010 11:00 PM 136176]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [5/29/2010 10:57 PM 88176]
S2 Windows Storage Service v2.0;Windows Storage Service v2.0;c:\windows\csrss\csrss.exe -service xvd --> c:\windows\csrss\csrss.exe -service xvd [?]
S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\ActionReplayDS.sys [4/9/2010 9:04 PM 29184]
S3 DfSdkS;Defragmentation-Service; [x]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [4/24/2010 6:03 AM 29184]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - KXDYQFOG
*Deregistered* - kxdyqfog
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2010-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
2010-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6c04ef454c5a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-03 03:00]
2010-10-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-538191299-4278470755-1679196534-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
2010-11-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-538191299-4278470755-1679196534-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
2010-11-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-538191299-4278470755-1679196534-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
2010-10-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-538191299-4278470755-1679196534-1011.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
2010-10-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-538191299-4278470755-1679196534-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
2010-11-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-538191299-4278470755-1679196534-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
2010-11-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-538191299-4278470755-1679196534-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
2010-10-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-538191299-4278470755-1679196534-1011.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
2010-08-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 20:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=all&pf=cmdt
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - c:\documents and settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage|google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\YouTube Downloader Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Verizon\VSP\nprpspa.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
AddRemove-iCare Data Recovery_is1 - l:\data recover\iCare Data Recovery\unins000.exe
AddRemove-X Video Downloader_is1 - c:\program files\X Video Downloader\unins000.exe
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files\YouTube Downloader\uninstall.exe
AddRemove-{30283233-3BE6-473D-A47C-ED964A2F78B4}_is1 - l:\inpaint\unins000.exe
AddRemove-{FC274982-5AAD-4C20-848D-4424A5043009}_is1 - c:\program files\WinUtilities\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-06 08:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\igfxdev.dll
- - - - - - - > 'explorer.exe'(1900)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-11-06 08:09:56
ComboFix-quarantined-files.txt 2010-11-06 12:09
ComboFix2.txt 2010-05-17 23:30
Pre-Run: 10,131,730,432 bytes free
Post-Run: 10,291,167,232 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 32D674FCF8A5ABEB858560E995BDFEA1
#7
mowman
-
- Malware Team
-
- 2,669 posts
SuperMember
Posted 06 November 2010 - 06:57 AM
COMBOFIX-Script
Next
I need you to run the following scan: Eset Online Scanner
- Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
File:: c:\windows\csrss\csrss.exe -service xvd Driver:: Windows Storage Service v2.0
- Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- If you need help to disable your protection programs see here.
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
- When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
- Please open your MalwareBytes AntiMalware Program
- Click the Update Tab and search for updates
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish, so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected. <-- very important
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Next
I need you to run the following scan: Eset Online Scanner
- Place a check mark in the box YES, I accept the Terms Of Use
- Click the Start button.
- Now click the Install button.
- Click Start. The scanner engine will initialize and update.
- Do Not place a check mark in the box beside Remove found threats.
- Click the Scan button. The scan will now run, please be patient.
- When the scan finishes click the Details tab.
- Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply.
#8
DCShoesRocking
-
- Authentic Member
-
- 26 posts
Authentic Member
Posted 06 November 2010 - 07:43 AM
Alrighty ... There's seems to be a serious problem here I went and did the first step of ComboFix with the .txt document the scan went up to Stage 47 then insane amounts of errors occured I tried to SS it but it said I had unsufficient memory but that's not the case I have over 10 GB's .. Then the Window's Start MENU Went blank again so I restarted and I am now in Safe Mode do you want me to try it again ?
EDIT: Btw it canceled ComboFix's scan in the process
Edited by DCShoesRocking, 06 November 2010 - 07:45 AM.
#9
mowman
-
- Malware Team
-
- 2,669 posts
SuperMember
Posted 06 November 2010 - 07:56 AM
Leave the Combofix for now,boot into normal mode and do the other scans suggested.
#10
DCShoesRocking
-
- Authentic Member
-
- 26 posts
Authentic Member
Posted 06 November 2010 - 09:11 AM
Ok for the ESET Scan there wasn't any details tab just the viruses to copy/paste not sure if I did anything wrong but yea
Malewarebytes LOG
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5059
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
11/6/2010 10:08:31 AM
mbam-log-2010-11-06 (10-08-31).txt
Scan type: Quick scan
Objects scanned: 156384
Time elapsed: 7 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ESET Scanner RESULTS
C:\Documents and Settings\All Users\ConvertXtoDVD 3.3.4.106e And Keygen [1337x]\Keygen.exe a variant of Win32/Keygen.AS application
C:\Documents and Settings\All Users\Documents\ConvertXtoDVD 3.3.4.106e And Keygen [1337x]\Keygen.exe a variant of Win32/Keygen.AS application
C:\Documents and Settings\andrew\Local Settings\temp\Av-test.txt Eicar test file
C:\Program Files\TalismanOnline\client.exe probably a variant of Win32/Packed.Themida application
C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP17\A0001719.exe Win32/Adware.Toolbar.Dealio application
C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP17\A0001720.exe Win32/Adware.Toolbar.Dealio application
C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP87\A0011960.exe a variant of Win32/Keygen.AS application
C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP87\A0011984.exe a variant of Win32/Keygen.AS application
C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP98\A0028080.exe probably a variant of Win32/Packed.Themida application
Register to Remove
#11
mowman
-
- Malware Team
-
- 2,669 posts
SuperMember
Posted 06 November 2010 - 10:28 AM
Ok first
Run OTL.exe
Next
Clean out your temp files.
Download Attribune's ATF Cleaner and save to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
After this is done
Please open OTL
Change the Extra registry to use safe list
Run OTL.exe
- Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services :Files C:\Documents and Settings\All Users\ConvertXtoDVD 3.3.4.106e And Keygen [1337x]\Keygen.exe C:\Documents and Settings\All Users\Documents\ConvertXtoDVD 3.3.4.106e And Keygen [1337x]\Keygen.exe C:\Program Files\TalismanOnline\client.exe :Commands [emptytemp] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
- Then post the log it produces
Next
You only have 6% free space on your hard drive,you need at least 15% for windows to function properly,please remove any old unused programs,music,videos etc to free up as much space as possible.Also clean out temp files with Atf cleaner.Drive C: | 149.05 Gb Total Space | 9.59 Gb Free Space | 6.43% Space Free | Partition Type: NTFS
Clean out your temp files.
Download Attribune's ATF Cleaner and save to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
After this is done
Please open OTL
Change the Extra registry to use safe list
- Click the Run Scan button.The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. - Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
#12
DCShoesRocking
-
- Authentic Member
-
- 26 posts
Authentic Member
Posted 06 November 2010 - 11:59 AM
OTL Run Fix LOG
User: NetworkService
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 49219 bytes
->Flash cache emptied: 0 bytes
User: rox
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Java cache emptied: 122837 bytes
->FireFox cache emptied: 41743777 bytes
->Google Chrome cache emptied: 557424 bytes
->Flash cache emptied: 1160 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 163.00 mb
OTL by OldTimer - Version 3.2.17.3 log created on 11062010_134805
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_834.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_f8.dat not found!
Registry entries deleted on Reboot...
#13
DCShoesRocking
-
- Authentic Member
-
- 26 posts
Authentic Member
Posted 06 November 2010 - 12:00 PM
OTL.txt LOG
OTL logfile created on: 11/6/2010 1:54:19 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\andrew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 32.06 Gb Free Space | 21.51% Space Free | Partition Type: NTFS
Computer Name: HP12902580339 | User Name: andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\andrew\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\VEXPLite\MONLITE.EXE (TG Soft S.a.s. - www.tgsoft.it)
PRC - C:\Program Files\AIM\aim.exe (AOL Inc.)
PRC - C:\VEXPLite\VIRITSVC.EXE (TG Soft Sas www.tgsoft.it)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Process Lasso\ProcessLasso.exe (Bitsum Technologies)
PRC - C:\Program Files\Process Lasso\ProcessGovernor.exe (Bitsum Technologies)
PRC - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Verizon\VSP\ServicepointService.exe (Radialpoint Inc.)
PRC - C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\andrew\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll ()
MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Alcatel-Lucent)
========== Win32 Services (SafeList) ==========
SRV - (DfSdkS) -- File not found
SRV - (Apple Mobile Device) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_062a651.dll ()
SRV - (viritsvclite) -- C:\VEXPLite\VIRITSVC.EXE (TG Soft Sas www.tgsoft.it)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (ServicepointService) -- C:\Program Files\Verizon\VSP\ServicepointService.exe (Radialpoint Inc.)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
========== Driver Services (SafeList) ==========
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (FreshIO) -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (catchme) -- C:\DOCUME~1\andrew\LOCALS~1\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (nocashio) -- C:\WINDOWS\system32\drivers\nocashio.sys ()
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (VIRAGTLT) -- C:\WINDOWS\system32\drivers\VIRAGTLT.SYS (TG Soft S.a.s.)
DRV - (AnyDVD) -- C:\WINDOWS\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\WINDOWS\System32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (FSLX) -- C:\WINDOWS\system32\drivers\fslx.sys (Altiris, Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (e1yexpress) Intel® -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (xusb21) -- C:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ElbyDelay) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (ActionReplayDS) -- C:\WINDOWS\system32\drivers\ActionReplayDS.sys (Thesycon GmbH, Germany)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel® Corporation)
DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel® Corporation)
DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel® Corporation)
DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel® Corporation)
DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel® Corporation)
DRV - (adpu320) -- C:\WINDOWS\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (USBIO) USBIO Driver (usbio.sys) -- C:\WINDOWS\system32\drivers\usbio.sys (Thesycon GmbH, Germany)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.daemon-se...age|google.com"
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.99999
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/04/24 07:47:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/04/24 07:47:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/08/06 02:27:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/09/02 23:02:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 07:38:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 07:38:23 | 000,000,000 | ---D | M]
[2010/04/09 11:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\Mozilla\Extensions
[2010/11/06 05:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions
[2010/05/02 05:35:51 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010/10/22 00:57:58 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/11/02 23:48:55 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/04/27 18:54:13 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010/08/09 08:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\DTToolbar@toolbarnet.com
[2010/10/26 20:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\toolbar@ask.com
[2010/04/07 16:16:11 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\searchplugins\aim-search.xml
[2010/11/02 23:48:36 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\searchplugins\AOL Search.xml
[2010/04/19 01:35:44 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\searchplugins\askcom.xml
[2010/04/27 19:29:43 | 000,000,873 | ---- | M] () -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\searchplugins\conduit.xml
[2010/08/09 08:21:54 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\searchplugins\daemon-search.xml
[2010/11/06 05:02:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/16 22:04:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/19 22:14:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2010/11/02 23:48:36 | 000,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml
[2010/08/04 14:52:38 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
O1 HOSTS File: ([2010/05/06 05:49:47 | 000,000,060 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi0.dll (Conduit Ltd.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - Disabled:{5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Value error. File not found
O2 - BHO: (no name) - Disabled:{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - Reg Error: Value error. File not found
O2 - BHO: (no name) - Disabled:{9030D464-4C02-4ABF-8ECC-5164760863C6} - Reg Error: Value error. File not found
O2 - BHO: (no name) - Disabled:{A057A204-BACC-4D26-8398-26FADCF27386} - Reg Error: Value error. File not found
O2 - BHO: (no name) - Disabled:{d2ce3e00-f94a-4740-988e-03dc2f38c34f} - Reg Error: Value error. File not found
O2 - BHO: (no name) - Disabled:{DBC80044-A445-435b-BC74-9C25C1C588A9} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfi0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [ProcessGovernor] C:\Program Files\Process Lasso\ProcessGovernor.exe (Bitsum Technologies)
O4 - HKLM..\Run: [ProcessLassoManagementConsole] C:\Program Files\Process Lasso\ProcessLasso.exe (Bitsum Technologies)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VIRIT LITE MONITOR] C:\VEXPLite\MONLITE.EXE (TG Soft S.a.s. - www.tgsoft.it)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Documents and Settings\andrew\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O9 - Extra 'Tools' menuitem : WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...20Installer.cab (Reg Error: Value error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsec...r/cascanner.cab (Reg Error: Value error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\andrew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\andrew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/11/06 13:52:16 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\andrew\Desktop\ATF-Cleaner.exe
[2010/11/06 13:48:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/06 09:18:24 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/11/06 07:49:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/06 07:45:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/06 07:45:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/06 07:45:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/06 07:45:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/06 07:44:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/06 00:25:01 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\andrew\Desktop\OTL.exe
[2010/11/04 07:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010/11/04 06:49:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\New Folder
[2010/11/02 23:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/11/02 23:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Application Data\acccore
[2010/11/02 23:48:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Local Settings\Application Data\AIM
[2010/11/02 23:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/11/02 23:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/11/02 23:47:46 | 007,541,896 | ---- | C] (AOL Inc.) -- C:\Documents and Settings\andrew\Desktop\Install_AIM.exe
[2010/11/02 01:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\Saves
[2010/11/02 01:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\DS Emulator
[2010/11/02 01:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\Language
[2010/11/02 01:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\pBlackV5
[2010/11/02 00:40:05 | 000,633,344 | ---- | C] (Actarus) -- C:\Documents and Settings\andrew\Desktop\ideas.exe
[2010/10/29 18:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla ActiveX Control v1.7.12
[2010/10/29 18:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/10/29 18:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[2010/10/27 05:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\C4D's
[2010/10/27 00:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\MapleStory Goodies wink wink
[2010/10/25 17:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\Binverse
[2010/10/23 00:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Application Data\Ventrilo
[2010/10/23 00:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010/10/23 00:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/10/20 03:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Local Settings\Application Data\Shoddy Battle
[2010/10/16 21:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Local Settings\Application Data\Google
[2010/10/14 22:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\cxmb
[2010/10/07 20:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\SEPLUGINS
[2010/10/07 19:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\MSH vs SF (Killah)
========== Files - Modified Within 30 Days ==========
[2010/11/06 13:54:55 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-538191299-4278470755-1679196534-1009.job
[2010/11/06 13:54:55 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-538191299-4278470755-1679196534-1009.job
[2010/11/06 13:52:16 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\andrew\Desktop\ATF-Cleaner.exe
[2010/11/06 13:49:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/06 13:49:24 | 2110,963,712 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/06 10:10:42 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\esetsmartinstaller_enu.exe
[2010/11/06 09:42:56 | 000,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/06 09:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/11/06 08:09:57 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb6c04ef454c5a.job
[2010/11/06 08:09:57 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-538191299-4278470755-1679196534-1010.job
[2010/11/06 08:09:57 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-538191299-4278470755-1679196534-1011.job
[2010/11/06 08:09:57 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-538191299-4278470755-1679196534-1008.job
[2010/11/06 08:09:57 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-538191299-4278470755-1679196534-1010.job
[2010/11/06 08:09:57 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-538191299-4278470755-1679196534-1011.job
[2010/11/06 08:09:57 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-538191299-4278470755-1679196534-1008.job
[2010/11/06 07:49:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/06 07:44:08 | 003,903,864 | R--- | M] () -- C:\Documents and Settings\andrew\Desktop\ComboFix.exe
[2010/11/06 00:25:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\andrew\Desktop\OTL.exe
[2010/11/06 00:23:38 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\rkill.com
[2010/11/05 21:15:49 | 000,088,576 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/04 17:49:18 | 000,941,568 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Simple Disconnector.dll
[2010/11/04 13:24:29 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/11/04 11:16:58 | 000,295,424 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\gmer.exe
[2010/11/04 10:12:25 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/04 07:08:47 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/03 02:25:57 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Talisman Online.lnk
[2010/11/03 01:10:42 | 000,001,470 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shaiya.lnk
[2010/11/02 23:48:41 | 000,000,909 | -H-- | M] () -- C:\IPH.PH
[2010/11/02 23:48:35 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/11/02 23:48:35 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/11/02 23:48:04 | 007,541,896 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\andrew\Desktop\Install_AIM.exe
[2010/11/02 18:39:39 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/11/02 18:39:39 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/11/02 02:03:57 | 000,210,208 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\SEXY.JPG
[2010/11/02 01:07:04 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Software.ini
[2010/10/30 10:36:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/28 03:09:39 | 000,002,467 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Rapeshoddy2
[2010/10/27 21:40:44 | 000,002,432 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Sandstormshoddy
[2010/10/27 05:54:30 | 001,717,388 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Sig.psd
[2010/10/26 23:33:23 | 000,002,391 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\ShoddyRainDancing
[2010/10/25 19:24:25 | 000,008,412 | ---- | M] () -- C:\Final Fantasy 6 Advance.clt
[2010/10/23 00:08:22 | 000,000,262 | ---- | M] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/23 00:08:21 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2010/10/23 00:07:26 | 003,196,328 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\ventrilo-3.0.5-Windows-i386.exe
[2010/10/21 21:20:28 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\ShoddyBattleTeam
[2010/10/21 01:51:17 | 000,002,474 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Rapeshoddy
[2010/10/20 03:28:43 | 000,001,902 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Shoddy Battle.lnk
[2010/10/16 03:11:14 | 000,129,055 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\blizzeffect.JPG
[2010/10/15 02:39:41 | 000,045,165 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\l_3c1d6b41048c4fe7b7e97b0183899b63.jpg
[2010/10/13 15:21:15 | 000,015,674 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Logo_Ralph_LaurenBlack.jpg
[2010/10/12 00:27:24 | 000,137,299 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\lv103hermitdmg.JPG
[2010/10/08 06:12:36 | 000,633,344 | ---- | M] (Actarus) -- C:\Documents and Settings\andrew\Desktop\ideas.exe
[2010/10/07 19:28:20 | 311,339,105 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\MSH vs SF (Killah ver).rar
========== Files Created - No Company Name ==========
[2010/11/06 10:09:43 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\esetsmartinstaller_enu.exe
[2010/11/06 09:57:26 | 2110,963,712 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/06 07:45:51 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/06 07:45:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/06 07:45:51 | 000,088,576 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/06 07:45:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/06 07:45:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/06 07:44:02 | 003,903,864 | R--- | C] () -- C:\Documents and Settings\andrew\Desktop\ComboFix.exe
[2010/11/06 00:35:02 | 000,295,424 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\gmer.exe
[2010/11/06 00:23:38 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\rkill.com
[2010/11/05 05:52:58 | 000,941,568 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Simple Disconnector.dll
[2010/11/03 02:25:57 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Talisman Online.lnk
[2010/11/03 01:10:42 | 000,001,470 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shaiya.lnk
[2010/11/02 23:48:35 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/11/02 23:48:35 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/11/02 01:05:59 | 000,210,208 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\SEXY.JPG
[2010/11/02 01:03:36 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Software.ini
[2010/10/28 03:09:39 | 000,002,467 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Rapeshoddy2
[2010/10/27 05:54:27 | 001,717,388 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Sig.psd
[2010/10/26 23:33:23 | 000,002,391 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\ShoddyRainDancing
[2010/10/25 19:24:25 | 000,008,412 | ---- | C] () -- C:\Final Fantasy 6 Advance.clt
[2010/10/24 06:34:37 | 000,002,432 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Sandstormshoddy
[2010/10/23 00:08:21 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2010/10/23 00:07:56 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/23 00:07:09 | 003,196,328 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\ventrilo-3.0.5-Windows-i386.exe
[2010/10/21 01:51:17 | 000,002,474 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Rapeshoddy
[2010/10/20 03:51:25 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\ShoddyBattleTeam
[2010/10/20 03:28:43 | 000,001,902 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Shoddy Battle.lnk
[2010/10/16 03:11:14 | 000,129,055 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\blizzeffect.JPG
[2010/10/15 02:39:40 | 000,045,165 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\l_3c1d6b41048c4fe7b7e97b0183899b63.jpg
[2010/10/14 21:04:36 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb6c04ef454c5a.job
[2010/10/13 15:21:15 | 000,015,674 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Logo_Ralph_LaurenBlack.jpg
[2010/10/12 00:27:23 | 000,137,299 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\lv103hermitdmg.JPG
[2010/10/07 18:07:45 | 311,339,105 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\MSH vs SF (Killah ver).rar
[2010/08/01 15:20:17 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/12 15:15:41 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/07/12 15:15:01 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2010/07/12 15:14:00 | 000,000,058 | ---- | C] () -- C:\WINDOWS\EPSPRX580.ini
[2010/07/11 10:46:23 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/06/14 12:33:34 | 001,914,216 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2010/06/12 19:02:58 | 000,002,554 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/05/24 12:34:04 | 000,697,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/05/02 05:30:20 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\uc_karos_launching.dll
[2010/04/30 02:42:44 | 000,000,050 | -H-- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/04/29 17:20:05 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2010/04/29 10:28:05 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/04/23 20:10:38 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/05 18:46:02 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\andrew\Local Settings\Application Data\setup.txt
[2010/03/18 00:06:50 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2010/03/17 23:53:09 | 000,154,992 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/17 23:47:02 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4964.dll
[2010/03/17 23:01:03 | 000,000,758 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2010/03/02 20:00:00 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/03/02 20:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/03/02 20:00:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/03/02 20:00:00 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/02 20:00:00 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/03/02 20:00:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/03/02 20:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/03/02 20:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/03/02 20:00:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/03/02 20:00:00 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/03/02 20:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/03/02 20:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/03/02 20:00:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/03/02 20:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/03/02 20:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/03/02 20:00:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/03/02 20:00:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/14 14:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/11/14 14:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/11/14 14:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/11/14 14:11:42 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/11/14 14:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/11/14 14:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/11/14 14:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/11/14 14:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/11/14 14:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/11/14 14:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009/06/07 12:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/10 20:30:38 | 000,054,608 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2006/04/25 20:31:56 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B61A2D1
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:890CC2F3
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D06A4C76
< End of report >
OTL logfile created on: 11/6/2010 1:54:19 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\andrew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 32.06 Gb Free Space | 21.51% Space Free | Partition Type: NTFS
Computer Name: HP12902580339 | User Name: andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\andrew\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\VEXPLite\MONLITE.EXE (TG Soft S.a.s. - www.tgsoft.it)
PRC - C:\Program Files\AIM\aim.exe (AOL Inc.)
PRC - C:\VEXPLite\VIRITSVC.EXE (TG Soft Sas www.tgsoft.it)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Process Lasso\ProcessLasso.exe (Bitsum Technologies)
PRC - C:\Program Files\Process Lasso\ProcessGovernor.exe (Bitsum Technologies)
PRC - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Verizon\VSP\ServicepointService.exe (Radialpoint Inc.)
PRC - C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\andrew\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll ()
MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Alcatel-Lucent)
========== Win32 Services (SafeList) ==========
SRV - (DfSdkS) -- File not found
SRV - (Apple Mobile Device) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_062a651.dll ()
SRV - (viritsvclite) -- C:\VEXPLite\VIRITSVC.EXE (TG Soft Sas www.tgsoft.it)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (ServicepointService) -- C:\Program Files\Verizon\VSP\ServicepointService.exe (Radialpoint Inc.)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
========== Driver Services (SafeList) ==========
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (FreshIO) -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (catchme) -- C:\DOCUME~1\andrew\LOCALS~1\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (nocashio) -- C:\WINDOWS\system32\drivers\nocashio.sys ()
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (VIRAGTLT) -- C:\WINDOWS\system32\drivers\VIRAGTLT.SYS (TG Soft S.a.s.)
DRV - (AnyDVD) -- C:\WINDOWS\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\WINDOWS\System32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (FSLX) -- C:\WINDOWS\system32\drivers\fslx.sys (Altiris, Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (e1yexpress) Intel® -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (xusb21) -- C:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ElbyDelay) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (ActionReplayDS) -- C:\WINDOWS\system32\drivers\ActionReplayDS.sys (Thesycon GmbH, Germany)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel® Corporation)
DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel® Corporation)
DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel® Corporation)
DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel® Corporation)
DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel® Corporation)
DRV - (adpu320) -- C:\WINDOWS\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (USBIO) USBIO Driver (usbio.sys) -- C:\WINDOWS\system32\drivers\usbio.sys (Thesycon GmbH, Germany)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.daemon-se...age|google.com"
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.99999
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/04/24 07:47:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/04/24 07:47:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/08/06 02:27:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/09/02 23:02:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 07:38:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 07:38:23 | 000,000,000 | ---D | M]
[2010/04/09 11:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\Mozilla\Extensions
[2010/11/06 05:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions
[2010/05/02 05:35:51 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010/10/22 00:57:58 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/11/02 23:48:55 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/04/27 18:54:13 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010/08/09 08:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\DTToolbar@toolbarnet.com
[2010/10/26 20:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\extensions\toolbar@ask.com
[2010/04/07 16:16:11 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\searchplugins\aim-search.xml
[2010/11/02 23:48:36 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\searchplugins\AOL Search.xml
[2010/04/19 01:35:44 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\searchplugins\askcom.xml
[2010/04/27 19:29:43 | 000,000,873 | ---- | M] () -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\searchplugins\conduit.xml
[2010/08/09 08:21:54 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\zkoqafgo.default\searchplugins\daemon-search.xml
[2010/11/06 05:02:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/16 22:04:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/19 22:14:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2010/11/02 23:48:36 | 000,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml
[2010/08/04 14:52:38 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
O1 HOSTS File: ([2010/05/06 05:49:47 | 000,000,060 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi0.dll (Conduit Ltd.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - Disabled:{5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Value error. File not found
O2 - BHO: (no name) - Disabled:{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - Reg Error: Value error. File not found
O2 - BHO: (no name) - Disabled:{9030D464-4C02-4ABF-8ECC-5164760863C6} - Reg Error: Value error. File not found
O2 - BHO: (no name) - Disabled:{A057A204-BACC-4D26-8398-26FADCF27386} - Reg Error: Value error. File not found
O2 - BHO: (no name) - Disabled:{d2ce3e00-f94a-4740-988e-03dc2f38c34f} - Reg Error: Value error. File not found
O2 - BHO: (no name) - Disabled:{DBC80044-A445-435b-BC74-9C25C1C588A9} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfi0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [ProcessGovernor] C:\Program Files\Process Lasso\ProcessGovernor.exe (Bitsum Technologies)
O4 - HKLM..\Run: [ProcessLassoManagementConsole] C:\Program Files\Process Lasso\ProcessLasso.exe (Bitsum Technologies)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VIRIT LITE MONITOR] C:\VEXPLite\MONLITE.EXE (TG Soft S.a.s. - www.tgsoft.it)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Documents and Settings\andrew\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O9 - Extra 'Tools' menuitem : WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...20Installer.cab (Reg Error: Value error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsec...r/cascanner.cab (Reg Error: Value error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\andrew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\andrew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/11/06 13:52:16 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\andrew\Desktop\ATF-Cleaner.exe
[2010/11/06 13:48:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/06 09:18:24 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/11/06 07:49:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/06 07:45:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/06 07:45:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/06 07:45:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/06 07:45:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/06 07:44:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/06 00:25:01 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\andrew\Desktop\OTL.exe
[2010/11/04 07:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010/11/04 06:49:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\New Folder
[2010/11/02 23:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/11/02 23:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Application Data\acccore
[2010/11/02 23:48:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Local Settings\Application Data\AIM
[2010/11/02 23:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/11/02 23:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/11/02 23:47:46 | 007,541,896 | ---- | C] (AOL Inc.) -- C:\Documents and Settings\andrew\Desktop\Install_AIM.exe
[2010/11/02 01:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\Saves
[2010/11/02 01:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\DS Emulator
[2010/11/02 01:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\Language
[2010/11/02 01:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\pBlackV5
[2010/11/02 00:40:05 | 000,633,344 | ---- | C] (Actarus) -- C:\Documents and Settings\andrew\Desktop\ideas.exe
[2010/10/29 18:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla ActiveX Control v1.7.12
[2010/10/29 18:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/10/29 18:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[2010/10/27 05:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\C4D's
[2010/10/27 00:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\MapleStory Goodies wink wink
[2010/10/25 17:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\Binverse
[2010/10/23 00:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Application Data\Ventrilo
[2010/10/23 00:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010/10/23 00:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/10/20 03:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Local Settings\Application Data\Shoddy Battle
[2010/10/16 21:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Local Settings\Application Data\Google
[2010/10/14 22:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\cxmb
[2010/10/07 20:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\SEPLUGINS
[2010/10/07 19:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andrew\Desktop\MSH vs SF (Killah)
========== Files - Modified Within 30 Days ==========
[2010/11/06 13:54:55 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-538191299-4278470755-1679196534-1009.job
[2010/11/06 13:54:55 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-538191299-4278470755-1679196534-1009.job
[2010/11/06 13:52:16 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\andrew\Desktop\ATF-Cleaner.exe
[2010/11/06 13:49:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/06 13:49:24 | 2110,963,712 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/06 10:10:42 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\esetsmartinstaller_enu.exe
[2010/11/06 09:42:56 | 000,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/06 09:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/11/06 08:09:57 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb6c04ef454c5a.job
[2010/11/06 08:09:57 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-538191299-4278470755-1679196534-1010.job
[2010/11/06 08:09:57 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-538191299-4278470755-1679196534-1011.job
[2010/11/06 08:09:57 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-538191299-4278470755-1679196534-1008.job
[2010/11/06 08:09:57 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-538191299-4278470755-1679196534-1010.job
[2010/11/06 08:09:57 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-538191299-4278470755-1679196534-1011.job
[2010/11/06 08:09:57 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-538191299-4278470755-1679196534-1008.job
[2010/11/06 07:49:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/06 07:44:08 | 003,903,864 | R--- | M] () -- C:\Documents and Settings\andrew\Desktop\ComboFix.exe
[2010/11/06 00:25:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\andrew\Desktop\OTL.exe
[2010/11/06 00:23:38 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\rkill.com
[2010/11/05 21:15:49 | 000,088,576 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/04 17:49:18 | 000,941,568 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Simple Disconnector.dll
[2010/11/04 13:24:29 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/11/04 11:16:58 | 000,295,424 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\gmer.exe
[2010/11/04 10:12:25 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/04 07:08:47 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/03 02:25:57 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Talisman Online.lnk
[2010/11/03 01:10:42 | 000,001,470 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shaiya.lnk
[2010/11/02 23:48:41 | 000,000,909 | -H-- | M] () -- C:\IPH.PH
[2010/11/02 23:48:35 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/11/02 23:48:35 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/11/02 23:48:04 | 007,541,896 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\andrew\Desktop\Install_AIM.exe
[2010/11/02 18:39:39 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/11/02 18:39:39 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/11/02 02:03:57 | 000,210,208 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\SEXY.JPG
[2010/11/02 01:07:04 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Software.ini
[2010/10/30 10:36:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/28 03:09:39 | 000,002,467 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Rapeshoddy2
[2010/10/27 21:40:44 | 000,002,432 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Sandstormshoddy
[2010/10/27 05:54:30 | 001,717,388 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Sig.psd
[2010/10/26 23:33:23 | 000,002,391 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\ShoddyRainDancing
[2010/10/25 19:24:25 | 000,008,412 | ---- | M] () -- C:\Final Fantasy 6 Advance.clt
[2010/10/23 00:08:22 | 000,000,262 | ---- | M] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/23 00:08:21 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2010/10/23 00:07:26 | 003,196,328 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\ventrilo-3.0.5-Windows-i386.exe
[2010/10/21 21:20:28 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\ShoddyBattleTeam
[2010/10/21 01:51:17 | 000,002,474 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Rapeshoddy
[2010/10/20 03:28:43 | 000,001,902 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Shoddy Battle.lnk
[2010/10/16 03:11:14 | 000,129,055 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\blizzeffect.JPG
[2010/10/15 02:39:41 | 000,045,165 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\l_3c1d6b41048c4fe7b7e97b0183899b63.jpg
[2010/10/13 15:21:15 | 000,015,674 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\Logo_Ralph_LaurenBlack.jpg
[2010/10/12 00:27:24 | 000,137,299 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\lv103hermitdmg.JPG
[2010/10/08 06:12:36 | 000,633,344 | ---- | M] (Actarus) -- C:\Documents and Settings\andrew\Desktop\ideas.exe
[2010/10/07 19:28:20 | 311,339,105 | ---- | M] () -- C:\Documents and Settings\andrew\Desktop\MSH vs SF (Killah ver).rar
========== Files Created - No Company Name ==========
[2010/11/06 10:09:43 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\esetsmartinstaller_enu.exe
[2010/11/06 09:57:26 | 2110,963,712 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/06 07:45:51 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/06 07:45:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/06 07:45:51 | 000,088,576 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/06 07:45:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/06 07:45:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/06 07:44:02 | 003,903,864 | R--- | C] () -- C:\Documents and Settings\andrew\Desktop\ComboFix.exe
[2010/11/06 00:35:02 | 000,295,424 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\gmer.exe
[2010/11/06 00:23:38 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\rkill.com
[2010/11/05 05:52:58 | 000,941,568 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Simple Disconnector.dll
[2010/11/03 02:25:57 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Talisman Online.lnk
[2010/11/03 01:10:42 | 000,001,470 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shaiya.lnk
[2010/11/02 23:48:35 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/11/02 23:48:35 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/11/02 01:05:59 | 000,210,208 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\SEXY.JPG
[2010/11/02 01:03:36 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Software.ini
[2010/10/28 03:09:39 | 000,002,467 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Rapeshoddy2
[2010/10/27 05:54:27 | 001,717,388 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Sig.psd
[2010/10/26 23:33:23 | 000,002,391 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\ShoddyRainDancing
[2010/10/25 19:24:25 | 000,008,412 | ---- | C] () -- C:\Final Fantasy 6 Advance.clt
[2010/10/24 06:34:37 | 000,002,432 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Sandstormshoddy
[2010/10/23 00:08:21 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2010/10/23 00:07:56 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/23 00:07:09 | 003,196,328 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\ventrilo-3.0.5-Windows-i386.exe
[2010/10/21 01:51:17 | 000,002,474 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Rapeshoddy
[2010/10/20 03:51:25 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\ShoddyBattleTeam
[2010/10/20 03:28:43 | 000,001,902 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Shoddy Battle.lnk
[2010/10/16 03:11:14 | 000,129,055 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\blizzeffect.JPG
[2010/10/15 02:39:40 | 000,045,165 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\l_3c1d6b41048c4fe7b7e97b0183899b63.jpg
[2010/10/14 21:04:36 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb6c04ef454c5a.job
[2010/10/13 15:21:15 | 000,015,674 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\Logo_Ralph_LaurenBlack.jpg
[2010/10/12 00:27:23 | 000,137,299 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\lv103hermitdmg.JPG
[2010/10/07 18:07:45 | 311,339,105 | ---- | C] () -- C:\Documents and Settings\andrew\Desktop\MSH vs SF (Killah ver).rar
[2010/08/01 15:20:17 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/12 15:15:41 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/07/12 15:15:01 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2010/07/12 15:14:00 | 000,000,058 | ---- | C] () -- C:\WINDOWS\EPSPRX580.ini
[2010/07/11 10:46:23 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/06/14 12:33:34 | 001,914,216 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2010/06/12 19:02:58 | 000,002,554 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/05/24 12:34:04 | 000,697,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/05/02 05:30:20 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\uc_karos_launching.dll
[2010/04/30 02:42:44 | 000,000,050 | -H-- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/04/29 17:20:05 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2010/04/29 10:28:05 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/04/23 20:10:38 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/05 18:46:02 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\andrew\Local Settings\Application Data\setup.txt
[2010/03/18 00:06:50 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2010/03/17 23:53:09 | 000,154,992 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/17 23:47:02 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4964.dll
[2010/03/17 23:01:03 | 000,000,758 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2010/03/02 20:00:00 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/03/02 20:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/03/02 20:00:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/03/02 20:00:00 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/02 20:00:00 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/03/02 20:00:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/03/02 20:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/03/02 20:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/03/02 20:00:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/03/02 20:00:00 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/03/02 20:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/03/02 20:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/03/02 20:00:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/03/02 20:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/03/02 20:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/03/02 20:00:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/03/02 20:00:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/14 14:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/11/14 14:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/11/14 14:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/11/14 14:11:42 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/11/14 14:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/11/14 14:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/11/14 14:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/11/14 14:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/11/14 14:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/11/14 14:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009/06/07 12:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/10 20:30:38 | 000,054,608 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2006/04/25 20:31:56 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B61A2D1
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:890CC2F3
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D06A4C76
< End of report >
#14
DCShoesRocking
-
- Authentic Member
-
- 26 posts
Authentic Member
Posted 06 November 2010 - 12:01 PM
OTL Extra LOG
OTL Extras logfile created on: 11/6/2010 1:54:19 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\andrew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 32.06 Gb Free Space | 21.51% Space Free | Partition Type: NTFS
Computer Name: HP12902580339 | User Name: andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57999:TCP" = 57999:TCP:*:Enabled:Pando Media Booster
"57999:UDP" = 57999:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"58960:TCP" = 58960:TCP:*:Enabled:Pando Media Booster
"58960:UDP" = 58960:UDP:*:Enabled:Pando Media Booster
"57999:TCP" = 57999:TCP:*:Enabled:Pando Media Booster
"57999:UDP" = 57999:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1036:TCP" = 1036:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Verizon\VSP\ServicepointService.exe" = C:\Program Files\Verizon\VSP\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004098A1-0362-4C42-A1C3-CAD436CFF4A1}" = YouTube Downloader Toolbar v1.0
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0F5BC8D3-3741-4542-AF00-51202A9FD357}" = VirIT eXplorer Lite
"{146E206D-7D2C-493A-B431-1F1D16E822AF}" = MobileMe Control Panel
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus Photo RX580 Scanner Driver Update
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2266312B-3502-41EE-82CD-8DC62276D87B}" = Vz In Home Agent
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.106e
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7BDD6642-76D6-49F7-9157-6100E5C75B97}" = Vz In Home Agent
"{7D8DBB7C-1C55-4950-A107-043C164F379A}" = Altiris Software Virtualization Agent
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BBB19C0-1FE1-4A4E-B25F-C9E1B0497EC5}" = Shaiya(US)
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.9.462
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF4720EC-795A-4DE4-8A03-F80C52256E03}" = SCG Route 2.20 NT
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel® Network Connections 13.1.33.0
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E3D4F451-5F04-4082-BE21-1C0C1ADF5014}" = Vz In Home Agent
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AIM Search" = AIM Search
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"AnyDVD" = AnyDVD
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"AutocompletePro3_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager for Outlook 2007" = Business Contact Manager for Outlook 2007
"CleanUp!" = CleanUp!
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.9.1
"Complete Cleanup Trial_is1" = Complete Cleanup Trial
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Fraps" = Fraps (remove only)
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.4
"FrostWire" = FrostWire 4.20.7
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel® Graphics Media Accelerator Driver
"HitmanPro35" = Hitman Pro 3.5
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"JixeySearchHelper" = Jixey Search Helper
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapleStory" = MapleStory
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Multi Virus Cleaner 2009_is1" = Multi Virus Cleaner 2009
"PDF Complete" = PDF Complete
"ProcessLasso" = Process Lasso
"QuickTime Converter_is1" = QuickTime Converter 2.1
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.5.10
"RealPlayer 12.0" = RealPlayer
"Software Informer_is1" = Software Informer 1.0 BETA
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Tansee iPod Transfer_is1" = Tansee iPod Transfer v3.8
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Verizon Broadband Toolbar Firefox only" = Verizon Broadband Toolbar Firefox only
"Verizon Help and Support" = Verizon Help and Support Tool
"verizon_broad" = Verizon Broadband Toolbar (IE only)
"VirIT eXplorer Lite" = VirIT eXplorer Lite
"vReveal" = vReveal
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"WinAVI FLV Converter 1.0_is1" = WinAVI FLV Converter
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Shoddy Battle" = Shoddy Battle
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/22/2010 4:16:31 PM | Computer Name = HP12902580339 | Source = Application Error | ID = 1000
Description = Faulting application winavi mp4 converter.exe, version 0.0.0.0, faulting
module matroskasplitter.ax, version 1.0.2.6, fault address 0x00002485.
Error - 10/22/2010 4:16:53 PM | Computer Name = HP12902580339 | Source = Application Error | ID = 1000
Description = Faulting application winavi mp4 converter.exe, version 0.0.0.0, faulting
module matroskasplitter.ax, version 1.0.2.6, fault address 0x00002485.
Error - 10/22/2010 4:16:59 PM | Computer Name = HP12902580339 | Source = Application Error | ID = 1001
Description = Fault bucket 349305636.
Error - 10/22/2010 4:17:25 PM | Computer Name = HP12902580339 | Source = Application Error | ID = 1000
Description = Faulting application winavi mp4 converter.exe, version 0.0.0.0, faulting
module matroskasplitter.ax, version 1.0.2.6, fault address 0x00002485.
Error - 10/29/2010 7:25:14 PM | Computer Name = HP12902580339 | Source = Application Error | ID = 1000
Description = Faulting application winavi mp4 converter.exe, version 0.0.0.0, faulting
module matroskasplitter.ax, version 1.0.2.6, fault address 0x00002485.
Error - 11/3/2010 3:22:47 AM | Computer Name = HP12902580339 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0437251c.
Error - 11/6/2010 6:25:34 AM | Computer Name = HP12902580339 | Source = Application Error | ID = 1000
Description = Faulting application desmume.exe, version 0.0.0.0, faulting module
desmume.exe, version 0.0.0.0, fault address 0x0019f2d1.
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
OTL Extras logfile created on: 11/6/2010 1:54:19 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\andrew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 32.06 Gb Free Space | 21.51% Space Free | Partition Type: NTFS
Computer Name: HP12902580339 | User Name: andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57999:TCP" = 57999:TCP:*:Enabled:Pando Media Booster
"57999:UDP" = 57999:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"58960:TCP" = 58960:TCP:*:Enabled:Pando Media Booster
"58960:UDP" = 58960:UDP:*:Enabled:Pando Media Booster
"57999:TCP" = 57999:TCP:*:Enabled:Pando Media Booster
"57999:UDP" = 57999:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1036:TCP" = 1036:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Verizon\VSP\ServicepointService.exe" = C:\Program Files\Verizon\VSP\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004098A1-0362-4C42-A1C3-CAD436CFF4A1}" = YouTube Downloader Toolbar v1.0
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0F5BC8D3-3741-4542-AF00-51202A9FD357}" = VirIT eXplorer Lite
"{146E206D-7D2C-493A-B431-1F1D16E822AF}" = MobileMe Control Panel
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus Photo RX580 Scanner Driver Update
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2266312B-3502-41EE-82CD-8DC62276D87B}" = Vz In Home Agent
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.106e
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7BDD6642-76D6-49F7-9157-6100E5C75B97}" = Vz In Home Agent
"{7D8DBB7C-1C55-4950-A107-043C164F379A}" = Altiris Software Virtualization Agent
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BBB19C0-1FE1-4A4E-B25F-C9E1B0497EC5}" = Shaiya(US)
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.9.462
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF4720EC-795A-4DE4-8A03-F80C52256E03}" = SCG Route 2.20 NT
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel® Network Connections 13.1.33.0
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E3D4F451-5F04-4082-BE21-1C0C1ADF5014}" = Vz In Home Agent
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AIM Search" = AIM Search
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"AnyDVD" = AnyDVD
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"AutocompletePro3_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager for Outlook 2007" = Business Contact Manager for Outlook 2007
"CleanUp!" = CleanUp!
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.9.1
"Complete Cleanup Trial_is1" = Complete Cleanup Trial
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Fraps" = Fraps (remove only)
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.4
"FrostWire" = FrostWire 4.20.7
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel® Graphics Media Accelerator Driver
"HitmanPro35" = Hitman Pro 3.5
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"JixeySearchHelper" = Jixey Search Helper
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapleStory" = MapleStory
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Multi Virus Cleaner 2009_is1" = Multi Virus Cleaner 2009
"PDF Complete" = PDF Complete
"ProcessLasso" = Process Lasso
"QuickTime Converter_is1" = QuickTime Converter 2.1
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.5.10
"RealPlayer 12.0" = RealPlayer
"Software Informer_is1" = Software Informer 1.0 BETA
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Tansee iPod Transfer_is1" = Tansee iPod Transfer v3.8
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Verizon Broadband Toolbar Firefox only" = Verizon Broadband Toolbar Firefox only
"Verizon Help and Support" = Verizon Help and Support Tool
"verizon_broad" = Verizon Broadband Toolbar (IE only)
"VirIT eXplorer Lite" = VirIT eXplorer Lite
"vReveal" = vReveal
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"WinAVI FLV Converter 1.0_is1" = WinAVI FLV Converter
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Shoddy Battle" = Shoddy Battle
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/22/2010 4:16:31 PM | Computer Name = HP12902580339 | Source = Application Error | ID = 1000
Description = Faulting application winavi mp4 converter.exe, version 0.0.0.0, faulting
module matroskasplitter.ax, version 1.0.2.6, fault address 0x00002485.
Error - 10/22/2010 4:16:53 PM | Computer Name = HP12902580339 | Source = Application Error | ID = 1000
Description = Faulting application winavi mp4 converter.exe, version 0.0.0.0, faulting
module matroskasplitter.ax, version 1.0.2.6, fault address 0x00002485.
Error - 10/22/2010 4:16:59 PM | Computer Name = HP12902580339 | Source = Application Error | ID = 1001
Description = Fault bucket 349305636.
Error - 10/22/2010 4:17:25 PM | Computer Name = HP12902580339 | Source = Application Error | ID = 1000
Description = Faulting application winavi mp4 converter.exe, version 0.0.0.0, faulting
module matroskasplitter.ax, version 1.0.2.6, fault address 0x00002485.
Error - 10/29/2010 7:25:14 PM | Computer Name = HP12902580339 | Source = Application Error | ID = 1000
Description = Faulting application winavi mp4 converter.exe, version 0.0.0.0, faulting
module matroskasplitter.ax, version 1.0.2.6, fault address 0x00002485.
Error - 11/3/2010 3:22:47 AM | Computer Name = HP12902580339 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0437251c.
Error - 11/6/2010 6:25:34 AM | Computer Name = HP12902580339 | Source = Application Error | ID = 1000
Description = Faulting application desmume.exe, version 0.0.0.0, faulting module
desmume.exe, version 0.0.0.0, fault address 0x0019f2d1.
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
#15
mowman
-
- Malware Team
-
- 2,669 posts
SuperMember
Posted 06 November 2010 - 01:23 PM
Please re run Combofix without script and post the log
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
