Followed Cleaning Guide - Now Posting Logs, It's been a while since I have had a problem - Now I need your hel |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
  Nov 12 2009, 08:56 AM
Post
#1
|
|
 Member  Posts: 55 From: Canada OS: Windows XP Media Center Edition Version 2005  |
ROOT REPEAL:
ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/11/12 06:16 Program Version: Version 1.3.5.0 Windows Version: Windows XP Media Center Edition SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF3781000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7A40000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xBAFB8000 Size: 49152 File Visible: No Signed: - Status: - SSDT ------------------- #: 025 Function Name: NtClose Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf38786b8 #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf3878574 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf3878a52 #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf387814c #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf387864e #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf387808c #: 128 Function Name: NtOpenThread Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf38780f0 #: 177 Function Name: NtQueryValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf387876e #: 204 Function Name: NtRestoreKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf387872e #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf38788ae ==EOF== Malwarebytes' Anti-Malware: Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 3 12/11/2009 6:35:51 AM mbam-log-2009-11-12 (06-35-51).txt Scan type: Quick Scan Objects scanned: 133660 Time elapsed: 6 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) OTL: OTL logfile created on: 12/11/2009 6:37:05 AM - Run 1 OTL by OldTimer - Version 3.1.5.0 Folder = C:\Program Files\HIJACKTHIS Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 1023.48 Mb Total Physical Memory | 319.66 Mb Available Physical Memory | 31.23% Memory free 2.40 Gb Paging File | 1.84 Gb Available in Paging File | 76.73% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 330.34 Gb Total Space | 1.70 Gb Free Space | 0.52% Space Free | Partition Type: NTFS Drive D: | 5.00 Gb Total Space | 0.67 Gb Free Space | 13.41% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MAIN Current User Name: rian Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009/11/12 06:18:08 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Program Files\HIJACKTHIS\OTL.exe PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/09/15 02:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009/09/15 02:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009/09/15 02:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009/09/15 02:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009/09/15 02:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2008/11/07 10:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2008/11/01 05:22:22 | 00,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\rian\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe PRC - [2008/10/01 10:22:50 | 01,679,360 | ---- | M] (D-Link) -- C:\Program Files\D-Link\DWA-130\AirNCFG.exe PRC - [2008/08/29 06:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008/07/11 12:51:32 | 00,423,200 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe PRC - [2008/07/09 07:58:42 | 00,143,360 | ---- | M] () -- C:\WINDOWS\system32\ANIWConnService.exe PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/02/24 22:57:10 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe PRC - [2007/12/04 21:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2007/04/30 14:43:54 | 03,450,608 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe PRC - [2007/04/03 18:43:59 | 00,704,512 | ---- | M] (mental images GmbH) -- C:\spm\spmd.exe PRC - [2007/03/06 18:20:00 | 00,536,576 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe PRC - [2007/01/29 16:12:14 | 00,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe PRC - [2007/01/19 10:49:04 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe PRC - [2006/10/18 16:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2006/10/18 16:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe PRC - [2006/10/09 12:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe PRC - [2005/08/05 09:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe PRC - [2005/08/05 09:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe PRC - [2005/08/05 09:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe PRC - [2005/08/05 09:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe PRC - [2004/02/24 11:05:58 | 00,508,416 | ---- | M] (Chicony) -- C:\WINDOWS\mHotkey.exe PRC - [2004/02/03 14:15:54 | 05,794,816 | ---- | M] (Chicony) -- C:\WINDOWS\CNYHKey.exe PRC - [2003/06/19 20:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE ========== Modules (SafeList) ========== MOD - [2009/11/12 06:18:08 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Program Files\HIJACKTHIS\OTL.exe MOD - [2008/04/13 16:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2008/04/13 16:12:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll MOD - [2008/04/13 16:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2007/12/04 21:41:00 | 01,474,560 | ---- | M] () -- C:\WINDOWS\system32\nview.dll MOD - [2007/12/04 21:41:00 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll MOD - [2007/04/30 14:18:50 | 00,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll MOD - [2003/05/27 14:13:02 | 00,024,576 | ---- | M] () -- C:\WINDOWS\HKCYDLL.dll ========== Win32 Services (SafeList) ========== SRV - File not found -- -- (IDriverT) SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009/09/15 02:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009/09/15 02:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009/09/15 02:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009/09/15 02:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009/03/24 15:19:37 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009/03/14 04:10:45 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9a49dec611198) SRV - [2008/11/07 10:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2008/08/29 06:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/07/29 16:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2008/07/29 14:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2008/07/29 14:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008/07/25 06:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/07/25 06:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state) SRV - [2008/07/09 07:58:42 | 00,143,360 | ---- | M] () -- C:\WINDOWS\system32\ANIWConnService.exe -- (ANIWConnService) SRV - [2008/04/13 16:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc) SRV - [2008/02/24 22:57:10 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA) SRV - [2008/02/17 19:36:37 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007/12/04 21:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2007/04/03 18:43:59 | 00,704,512 | ---- | M] (mental images GmbH) -- C:\spm\spmd.exe -- (spmd) SRV - [2007/01/19 10:49:26 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService) SRV - [2006/10/18 16:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc) SRV - [2006/10/09 12:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr) SRV - [2005/08/05 09:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched) SRV - [2005/08/05 09:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc) SRV - [2003/06/19 20:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.ca/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/28 00:51:18 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/11 06:17:59 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/29 18:42:08 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/04 20:05:56 | 00,000,000 | ---D | M] [2008/10/30 22:59:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Mozilla\Extensions [2008/10/30 22:59:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/10/30 23:09:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Mozilla\Firefox\Profiles\udizr1zo.default\extensions [2009/11/03 16:52:18 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/02/06 16:53:20 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/12/02 12:00:56 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2009/03/11 06:18:17 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009/09/28 18:18:52 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009/11/03 16:52:19 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2009/02/06 16:53:05 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2009/02/06 16:53:06 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2009/01/16 14:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll [2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2009/02/06 16:53:09 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2009/10/29 18:42:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2009/10/29 18:42:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2009/10/29 18:42:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2009/10/29 18:42:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2009/10/29 18:42:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2009/10/29 18:42:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2009/10/29 18:42:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2009/02/06 16:53:12 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2009/02/06 16:53:12 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2009/02/06 16:53:12 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009/02/06 16:53:12 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009/02/06 16:53:12 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009/02/06 16:53:12 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2009/02/06 16:53:12 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: (909 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - No CLSID value found. O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe (Chicony) O4 - HKLM..\Run: [Cmaudio] File not found O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-130] C:\Program Files\D-Link\DWA-130\AirNCFG.exe (D-Link) O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [ledpointer] C:\WINDOWS\CNYHKey.exe (Chicony) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\HIJACKTHIS\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\rian\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe File not found O4 - Startup: C:\Documents and Settings\rian\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O4 - Startup: C:\Documents and Settings\rian\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\Msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\Msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: 27 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B...tualEarth3D.cab (SentinelProxy Class) O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1125069054531 (WUWebControl Class) O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab (System Requirements Lab Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1253501223630 (MUWebControl Class) O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} http://secure2.comned.com/signuptemplates/...login-devel.cab (SecureLogin class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer) O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/26 16:45:27 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/26 16:44:51 | 00,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) ========== Files/Folders - Created Within 14 Days ========== [2009/11/12 06:08:15 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster [2009/11/11 00:19:11 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\rian\Recent [2009/11/02 16:12:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\rian\Application Data\YouSendIt [2009/10/29 18:35:44 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime [2009/10/29 17:55:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\rian\My Documents\ACTUAL Photoshop Project Files [2009/10/29 16:42:47 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2009/10/29 16:42:47 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2009/10/29 16:42:47 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2009/10/29 16:42:46 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2009/10/29 16:42:46 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr [2009/10/29 16:42:46 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2009/10/29 16:42:45 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2009/10/29 16:42:45 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2009/10/29 16:42:26 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2009/02/09 07:09:28 | 00,090,112 | R--- | C] ( ) -- C:\WINDOWS\System32\SCCD3X02.DLL [2007/11/13 15:29:50 | 00,099,471 | ---- | C] (Uniblue Software) -- C:\Program Files\UBVarRB.dll [2006/03/09 14:01:07 | 08,632,672 | ---- | C] (Nullsoft, Inc.) -- C:\Program Files\winamp52_full_bundle_emusic-7plus.exe [2006/02/28 22:46:24 | 02,865,380 | ---- | C] (FilmLoop Inc.) -- C:\Program Files\FilmLoopSetup.exe [2006/02/23 12:49:17 | 12,754,672 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MP10Setup.exe [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== Files - Modified Within 14 Days ========== [2009/11/12 06:32:24 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{616B6437-357A-4108-9B1C-68464B844E56}.job [2009/11/12 06:15:40 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\rian\Desktop\settings.dat [2009/11/12 06:00:02 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2009/11/12 04:27:01 | 00,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{55B64740-2EDE-4EF3-95FC-5DF5473EA78C} [2009/11/12 04:26:54 | 00,000,005 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{55B64740-2EDE-4EF3-95FC-5DF5473EA78C} [2009/11/12 04:26:44 | 00,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME [2009/11/12 04:26:35 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2009/11/12 04:26:14 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/11/12 04:25:38 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2009/11/12 04:25:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/12 04:25:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/11/12 04:25:21 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys [2009/11/11 22:33:19 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\rian\ntuser.ini [2009/11/11 22:33:18 | 14,417,920 | -H-- | M] () -- C:\Documents and Settings\rian\NTUSER.DAT [2009/11/11 09:05:25 | 00,205,824 | ---- | M] () -- C:\Documents and Settings\rian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/11 00:09:58 | 00,000,254 | -H-- | M] () -- C:\Documents and Settings\rian\Desktop\f a c e b o o k.url [2009/11/10 23:49:56 | 00,000,196 | -H-- | M] () -- C:\Documents and Settings\rian\Desktop\W I K I.url [2009/11/10 22:20:29 | 01,612,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/11/09 15:43:56 | 00,000,289 | -H-- | M] () -- C:\Documents and Settings\rian\Desktop\YAHOO.url [2009/11/04 18:02:12 | 00,540,894 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/11/04 18:02:12 | 00,454,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/11/04 18:02:12 | 00,076,960 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/11/04 17:53:49 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/10/29 16:42:47 | 00,001,718 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\avast!.lnk [2009/10/29 16:42:46 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009/10/29 15:57:49 | 00,000,776 | ---- | M] () -- C:\Documents and Settings\rian\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/11/12 06:15:40 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\rian\Desktop\settings.dat [2009/10/31 01:55:28 | 00,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2009/10/31 01:55:28 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2009/10/29 16:42:47 | 00,001,718 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\avast!.lnk [2009/10/29 16:42:26 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx [2009/10/29 15:57:49 | 00,000,776 | ---- | C] () -- C:\Documents and Settings\rian\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/09/29 21:43:21 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\wlanapp.dll [2009/09/29 21:43:21 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll [2009/09/29 21:42:46 | 00,385,024 | ---- | C] () -- C:\WINDOWS\System32\ANIOWPS.dll [2009/09/19 18:42:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\swunilog.ini [2009/07/21 20:08:29 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2009/03/17 11:11:46 | 04,239,130 | -H-- | C] () -- C:\Documents and Settings\rian\Local Settings\Application Data\IconCache.db [2009/03/15 06:38:02 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI [2009/02/09 07:09:26 | 00,131,072 | R--- | C] () -- C:\WINDOWS\System32\SCCD3X01.DLL [2008/10/17 12:13:25 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2008/10/17 12:13:25 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2008/10/17 11:55:37 | 00,000,212 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2008/10/17 11:55:37 | 00,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2008/10/17 11:49:44 | 00,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2008/09/15 16:14:24 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008/09/15 16:12:02 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2008/09/15 16:12:02 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2008/09/15 16:11:10 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2008/08/13 12:05:01 | 00,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI [2008/08/13 10:32:07 | 01,216,512 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008/08/13 10:32:07 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2008/08/13 10:32:07 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2008/08/13 10:32:07 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2008/08/13 10:32:07 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2008/03/08 16:03:52 | 00,013,940 | ---- | C] () -- C:\WINDOWS\ePrompter.ini [2008/03/06 12:05:42 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI [2008/03/03 11:49:01 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2008/03/03 11:48:58 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI [2008/03/03 11:48:55 | 00,134,699 | ---- | C] () -- C:\WINDOWS\Cmuda.ini [2008/03/03 11:48:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini [2008/03/03 11:48:54 | 00,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll [2008/03/02 05:52:44 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2008/03/02 05:52:43 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008/03/02 05:52:43 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008/02/24 22:40:58 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008/02/24 22:40:58 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\rian\Application Data\PnkBstrK.sys [2008/02/24 22:40:28 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini [2008/02/23 16:25:17 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll [2008/02/05 21:55:47 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat [2008/01/30 12:10:46 | 00,274,432 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll [2007/12/04 21:41:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007/10/31 05:39:54 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll [2007/10/08 16:17:06 | 00,068,560 | ---- | C] () -- C:\Documents and Settings\rian\Application Data\GDIPFONTCACHEV1.DAT [2007/09/17 23:52:03 | 01,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll [2007/09/14 14:43:03 | 00,000,520 | ---- | C] () -- C:\WINDOWS\netdet.ini [2007/05/17 09:58:10 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll [2007/04/28 06:02:16 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2007/04/18 15:52:21 | 00,000,110 | ---- | C] () -- C:\WINDOWS\Sansa Media Converter.INI [2007/04/03 16:10:21 | 00,299,288 | ---- | C] () -- C:\Program Files\GmailInstaller.exe [2007/03/28 10:30:40 | 00,001,024 | ---- | C] () -- C:\Documents and Settings\rian\Application Data\WavCodec.wff [2007/01/26 17:47:45 | 00,645,670 | ---- | C] () -- C:\Program Files\uTorrent-1.6-install.exe [2007/01/14 16:23:01 | 00,000,044 | ---- | C] () -- C:\WINDOWS\aGuitarPro2.ini [2007/01/06 04:50:25 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2006/11/18 15:28:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2006/10/29 07:55:44 | 00,000,102 | ---- | C] () -- C:\WINDOWS\smi.ini [2006/06/29 09:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006/06/29 09:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/06/02 14:15:44 | 00,294,912 | ---- | C] () -- C:\WINDOWS\System32\LDecVorbis.dll [2006/04/22 11:57:51 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2006/04/18 10:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/04/18 10:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2006/03/08 23:09:12 | 00,393,392 | ---- | C] () -- C:\Program Files\aswclnr.exe [2006/03/06 00:21:24 | 00,002,148 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/03/04 05:27:35 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2006/03/04 00:33:59 | 03,160,664 | ---- | C] () -- C:\Program Files\caaim55.exe [2006/02/25 01:15:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2006/02/25 01:14:22 | 15,943,544 | ---- | C] () -- C:\Program Files\WinProxy.exe [2006/02/24 00:41:59 | 00,438,272 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll [2006/02/24 00:41:59 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll [2006/02/23 08:36:20 | 01,798,144 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll [2006/02/23 08:36:20 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\LMOggSpl.dll [2006/02/23 08:36:20 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\LMOggMux.dll [2006/01/17 18:53:09 | 48,376,504 | ---- | C] () -- C:\Program Files\flstudio608_install.exe [2005/12/29 21:35:21 | 00,000,382 | ---- | C] () -- C:\Documents and Settings\rian\Application Data\wklnhst.dat [2005/12/28 06:28:04 | 00,084,512 | ---- | C] () -- C:\Documents and Settings\rian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2005/12/27 16:16:02 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\rian\Application Data\desktop.ini [2005/12/27 16:16:00 | 00,205,824 | ---- | C] () -- C:\Documents and Settings\rian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/12/27 16:16:00 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\rian\Local Settings\Application Data\fusioncache.dat [2005/09/09 08:37:03 | 00,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2005/09/09 07:00:46 | 00,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll [2005/09/09 07:00:46 | 00,049,152 | ---- | C] () -- C:\WINDOWS\CNYUSB.dll [2005/09/09 07:00:46 | 00,024,576 | ---- | C] () -- C:\WINDOWS\HKCYDLL.dll [2005/09/09 07:00:46 | 00,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll [2005/09/09 07:00:46 | 00,000,360 | ---- | C] () -- C:\WINDOWS\CNYHKey.ini [2005/09/08 14:46:11 | 00,005,018 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2005/09/08 14:46:11 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\02836ADAB6.sys [2005/08/29 08:15:32 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/08/26 16:55:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/08/26 16:50:40 | 00,000,873 | ---- | C] () -- C:\WINDOWS\orun32.ini [2005/08/26 16:50:12 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/08/26 09:38:26 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2005/08/26 07:32:29 | 00,000,868 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/08/26 07:32:08 | 00,000,826 | ---- | C] () -- C:\WINDOWS\win.ini [2005/08/26 07:32:07 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2005/08/05 10:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/07/15 13:08:09 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2005/07/15 13:08:09 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2005/07/15 13:08:09 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2005/07/15 13:08:09 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2005/07/15 13:08:04 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll [2002/06/05 11:43:58 | 00,282,112 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll [2001/08/23 11:00:00 | 00,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys [1996/04/03 11:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys ========== LOP Check ========== [2009/03/14 06:38:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender [2009/03/14 05:57:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner [2006/03/09 12:48:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA30.tmp [2007/01/05 18:10:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir [2007/03/28 10:08:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound [2008/11/08 16:02:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm [2008/11/04 04:35:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2008/10/15 19:31:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony [2009/11/12 06:10:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2007/02/28 19:17:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar [2008/10/10 17:13:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2006/06/27 21:10:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\.gaim [2006/03/04 00:44:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Aim [2007/01/26 15:58:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Azureus [2007/01/23 06:08:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\BitTorrent [2007/09/05 13:07:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\BonkEnc [2007/05/16 15:03:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Cakewalk [2007/09/17 23:51:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\GetRightToGo [2007/04/18 17:54:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\iShell [2005/12/29 23:51:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Leadertech [2006/03/25 18:46:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Movie Outline [2007/02/28 19:43:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\MSNInstaller [2005/09/08 14:25:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Musicmatch [2006/02/25 00:56:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\My Battle for Middle-earth Files [2007/03/28 10:09:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\NCH Swift Sound [2008/10/17 13:08:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\OpenOffice.org [2006/05/26 13:35:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Opera [2007/03/28 10:08:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\RecordPad [2007/11/13 14:49:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Registry Booster [2008/11/01 05:22:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\SanDisk [2008/10/17 13:39:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\ScanSoft [2006/04/07 14:17:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Seven Zip [2008/11/25 17:58:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Sony [2006/01/31 15:38:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Template [2009/03/14 06:19:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Uniblue [2009/11/11 20:38:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\uTorrent [2008/01/12 00:32:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Viewpoint [2008/10/15 11:50:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\WinPatrol [2009/11/02 16:12:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\YouSendIt [2004/08/10 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/11/12 04:25:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [2009/11/12 06:32:24 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{616B6437-357A-4108-9B1C-68464B844E56}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > [2001/05/24 07:59:30 | 00,162,304 | ---- | M] () -- C:\UNWISE.EXE < %SYSTEMDRIVE%\eventlog.dll /s /md5 > [2004/08/10 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %SYSTEMDRIVE%\scecli.dll /s /md5 > [2004/08/10 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %SYSTEMDRIVE%\netlogon.dll /s /md5 > [2004/08/10 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %SYSTEMDRIVE%\cngaudit.dll /s /md5 > < %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 > < %SYSTEMDRIVE%\nvstor.sys /s /md5 > < %SYSTEMDRIVE%\atapi.sys /s /md5 > [2004/08/10 04:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 > [2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < %SYSTEMDRIVE%\vaxscsi.sys /s /md5 > ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B174FAE @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9 @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF < End of report > OTL EXTRAS: OTL Extras logfile created on: 12/11/2009 6:37:05 AM - Run 1 OTL by OldTimer - Version 3.1.5.0 Folder = C:\Program Files\HIJACKTHIS Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 1023.48 Mb Total Physical Memory | 319.66 Mb Available Physical Memory | 31.23% Memory free 2.40 Gb Paging File | 1.84 Gb Available in Paging File | 76.73% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 330.34 Gb Total Space | 1.70 Gb Free Space | 0.52% Space Free | Partition Type: NTFS Drive D: | 5.00 Gb Total Space | 0.67 Gb Free Space | 13.41% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MAIN Current User Name: rian Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "56363:TCP" = 56363:TCP:*:Disabled:Pando P2P TCP Listening Port "56363:UDP" = 56363:UDP:*:Disabled:Pando P2P UDP Listening Port "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "56276:TCP" = 56276:TCP:*:Disabled:Pando P2P TCP Listening Port "56276:UDP" = 56276:UDP:*:Disabled:Pando P2P UDP Listening Port "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot "1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger -- (Microsoft Corporation) "C:\Program Files\AOL 9.0\AOL.exe" = C:\Program Files\AOL 9.0\AOL.exe:*:enabled:AOL 9.0 -- File not found "C:\Program Files\AOL 9.0\WAOL.exe" = C:\Program Files\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0 -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLACSD.exe" = C:\Program Files\Common Files\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service) -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLDIAL.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer) -- File not found "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat" = C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat:*:Enabled:The Battle for Middle-earth ™ -- () "C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found "C:\Program Files\Blue Coat Systems\WinProxy 6\WinProxy.exe" = C:\Program Files\Blue Coat Systems\WinProxy 6\WinProxy.exe:*:Enabled:WinProxy Application -- File not found "C:\Program Files\Messenger\Msmsgs.exe" = C:\Program Files\Messenger\Msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "C:\Program Files\crap\K-litePro\k-litepro.exe" = C:\Program Files\crap\K-litePro\k-litepro.exe:*:Enabled:K-litePro Ultimate File Sharing -- File not found "C:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe" = C:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe:*:Enabled:dndclient -- File not found "C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation) "C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- File not found "C:\Softimage\XSI_6.01\Application\bin\XSI.exe" = C:\Softimage\XSI_6.01\Application\bin\XSI.exe:*:Enabled:XSI -- (Softimage Co.) "C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- () "C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- () "C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- () "C:\Program Files\AOL 9.0\AOL.exe" = C:\Program Files\AOL 9.0\AOL.exe:*:Disabled:AOL 9.0 -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLDIAL.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDIAL.exe:*:Disabled:AOL 9.0 (Connectivity Service Dialer) -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLACSD.exe" = C:\Program Files\Common Files\AOL\ACS\AOLACSD.exe:*:Disabled:AOL 9.0 (Connectivity Service) -- File not found "C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Disabled:Azureus -- File not found "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent -- File not found "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- File not found "C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- File not found "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Disabled:Microsoft Fax Console -- (Microsoft Corporation) "C:\Program Files\Morpheus\Morpheus.exe" = C:\Program Files\Morpheus\Morpheus.exe:*:Disabled:Morpheus -- File not found "C:\Program Files\Pando Networks\Pando\pando.exe" = C:\Program Files\Pando Networks\Pando\pando.exe:*:Disabled:Pando Application -- File not found "C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver -- File not found "C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Disabled:SopCast Main Application -- File not found "C:\Program Files\SopCast\sopvod.exe" = C:\Program Files\SopCast\sopvod.exe:*:Disabled:sopvod -- File not found "C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Disabled:TVUPlayer Component -- File not found "C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation) "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation) "C:\Program Files\Airlink101\Airlink101 Cardbus & PCI Wireless LAN Utility\RtWLan.exe" = C:\Program Files\Airlink101\Airlink101 Cardbus & PCI Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan -- File not found "C:\Program Files\AOL 9.0\WAOL.exe" = C:\Program Files\AOL 9.0\WAOL.exe:*:Disabled:AOL 9.0 -- File not found "C:\Documents and Settings\rian\Local Settings\Temp\WZSE0.TMP\SymNRT.exe" = C:\Documents and Settings\rian\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Disabled:Norton Removal Tool -- File not found "C:\Program Files\D-Link\DWA-130\D-Link Wizard.exe" = C:\Program Files\D-Link\DWA-130\D-Link Wizard.exe:*:Enabled:Connection Wizard -- () "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0AB149EB-2AE0-466C-9BA4-3A718CF06432}" = Information about your PC "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2A9B719B-DD54-4565-A6A8-B27C26F8338F}" = SOFTIMAGE XSI 6.01 "{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D "{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works "{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4E10E7FC-36CD-4C22-AC20-9E15692E8C2F}" = Virtual Sound Canvas DXi "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7AA86B66-4232-4CCA-9530-51B991301376}" = D-Link Wireless N DWA-130 "{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7D9B77E1-0078-0001-4447-ADD4C0A93D1D}" = Sansa Media Converter "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{8419C98D-6818-443B-9362-156519FE4C6B}" = Windows Messenger 5.1 "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{924EB80F-C2BB-4B9F-8412-88BBA937393F}" = MobileMe Control Panel "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{962E05CF-3394-496D-0091-850CF1762F6B}" = The Battle for Middle-earth ™ "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB19A235-66D4-47F7-9904-BAF84ED25BB6}" = ImageMixer3 "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs "{CC016F21-3970-11DE-B878-005056806466}" = Google Earth "{CD8C45CE-882F-49E1-AC72-784943AFF7EB}" = Phanku eTaxCanada 2008 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1955A3A-EA24-4682-8641-43B5B688B09A}" = USB Wireless Keyboard Driver "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D2975B11-82F4-47D9-A0AC-99E36A0E9ECB}" = SOFTIMAGE Softimage License Server 1.1.11.1414 "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E0472857-5706-4248-978B-C04DCCAD9E47}" = SOFTIMAGE XSI 6.01 "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™ "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support "{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F25B14A1-3863-41B6-9F8A-931DECA6D384}" = D-Link Wireless N DWA-130 "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0 "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard "{FE24D361-A3E8-11DE-88F3-005056806466}" = Google Earth Plug-in "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3 "avast!" = avast! Antivirus "AVS Video Tools 5.1_is1" = AVS Video Tools 5.1 "AVSDiscCreator_is1" = AVS Disc Creator version 2.1 "C-Media Audio" = C-Media 3D Audio "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DVD Decrypter" = DVD Decrypter (Remove Only) "dvdSanta 4.50 - Make your own DVD movies!_is1" = dvdSanta 4.50 "ERUNT_is1" = ERUNT 1.1j "FL Studio 6" = FL Studio 6 "FREE Hi-Q Recorder_is1" = FREE Hi-Q Recorder 1.92 "Google Updater" = Google Updater "GTK 2.0" = GTK+ Runtime 2.6.9 rev a (remove only) "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InFlac" = InFlac 1.1.1 "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™ "KLiteCodecPack_is1" = K-Lite Codec Pack 3.8.0 Standard "MagicDisc 2.6.93" = MagicDisc 2.6.93 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "NeroMultiInstaller!UninstallKey" = Nero Suite "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "ObjectDock" = ObjectDock "RealPlayer 6.0" = RealPlayer "RegistryBooster 2_is1" = Uniblue RegistryBooster 2 "SONAR 3 Producer Edition" = SONAR 3 Producer Edition "SpeedUpMyPC_is1" = Uniblue SpeedUpMyPC 3 "SpywareBlaster_is1" = SpywareBlaster 4.2 "SubDownloader2" = SubDownloader2 "SystemRequirementsLab" = System Requirements Lab "UltimateZip 3.0_is1" = UltimateZip 3.0.3 "Veoh Web Player Beta" = Veoh Web Player Beta "VLC media player" = VideoLAN VLC media player 0.8.6e "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Sansa Updater" = Sansa Updater "uTorrent" = µTorrent "WeatherEye" = WeatherEye ========== Last 10 Event Log Errors ========== [ Antivirus Events ] Error - 07/11/2009 5:26:17 PM | Computer Name = MAIN | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://clients1.google.ca/complete/search?...cavit&cp=13 failed, 0000A413. Error - 07/11/2009 7:31:46 PM | Computer Name = MAIN | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://clients1.google.ca/complete/search?...n%20du&cp=8 failed, 0000A413. Error - 08/11/2009 10:24:01 PM | Computer Name = MAIN | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://clients1.google.ca/complete/search?...v%20t&cp=13 failed, 0000A413. [ Application Events ] Error - 22/05/2008 4:36:16 PM | Computer Name = YOUR-290D819666 | Source = nview_info | ID = 11141121 Description = Error - 22/05/2008 4:36:16 PM | Computer Name = YOUR-290D819666 | Source = nview_info | ID = 11141121 Description = Error - 22/05/2008 4:36:16 PM | Computer Name = YOUR-290D819666 | Source = nview_info | ID = 11141121 Description = Error - 22/05/2008 4:36:16 PM | Computer Name = YOUR-290D819666 | Source = nview_info | ID = 11141121 Description = Error - 22/05/2008 4:36:16 PM | Computer Name = YOUR-290D819666 | Source = nview_info | ID = 11141121 Description = Error - 22/05/2008 4:36:16 PM | Computer Name = YOUR-290D819666 | Source = nview_info | ID = 11141121 Description = Error - 22/05/2008 4:36:16 PM | Computer Name = YOUR-290D819666 | Source = nview_info | ID = 11141121 Description = Error - 22/05/2008 4:36:16 PM | Computer Name = YOUR-290D819666 | Source = nview_info | ID = 11141121 Description = Error - 22/05/2008 4:36:16 PM | Computer Name = YOUR-290D819666 | Source = nview_info | ID = 11141121 Description = Error - 22/05/2008 4:36:16 PM | Computer Name = YOUR-290D819666 | Source = nview_info | ID = 11141121 Description = [ System Events ] Error - 25/06/2008 7:10:59 AM | Computer Name = YOUR-290D819666 | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 25/06/2008 7:10:59 AM | Computer Name = YOUR-290D819666 | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 01/07/2008 3:34:57 PM | Computer Name = YOUR-290D819666 | Source = ipnathlp | ID = 32003 Description = The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code. Error - 02/07/2008 4:58:28 PM | Computer Name = YOUR-290D819666 | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service. Error - 05/07/2008 5:20:18 PM | Computer Name = YOUR-290D819666 | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service. Error - 08/07/2008 3:56:22 PM | Computer Name = YOUR-290D819666 | Source = WPDMTPDriver | ID = 80836 Description = MTP WPD Driver has failed to start. Error 0x80070057. Error - 14/07/2008 2:46:49 PM | Computer Name = YOUR-290D819666 | Source = ipnathlp | ID = 32003 Description = The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code. Error - 23/07/2008 5:39:15 PM | Computer Name = YOUR-290D819666 | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 23/07/2008 5:39:15 PM | Computer Name = YOUR-290D819666 | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 25/07/2008 12:25:49 PM | Computer Name = YOUR-290D819666 | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service. < End of report > |
 |
 
|
Posts in this topic
  |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
 |
0 / 182 | 25th May 2009 - 04:23 PM bcasper916 started - last by bcasper916 |
||||
 |
28 / 372 | 18th November 2009 - 01:55 PM Alikhat68 started - last by Alikhat68 |
|||||
|
4 / 145 | 14th January 2010 - 09:53 AM kden started - last by heir |
|||||
|
2 / 72 | 10th March 2010 - 04:15 PM ellymae started - last by Essexboy |
|||||
|
Time is now: 12th March 2010 - 05:23 AM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising