Going to class but will be checking the forums when I can...Any help is welcome.
The virus will not let me use the internet for any length of time. It will fully freeze my computer after awhile.
Trojan help---Troj/Mbroot-H virus [Solved]
Started by
Kozer
, Apr 01 2010 12:24 PM
-
This topic is locked
#1
Posted 01 April 2010 - 12:24 PM
Kozer
-
- Member
-
- 46 posts
Member
Going to class but will be checking the forums when I can...Any help is welcome.
The virus will not let me use the internet for any length of time. It will fully freeze my computer after awhile.
#2
Posted 01 April 2010 - 12:34 PM
heir
-
- Malware Removal
-
- 5,427 posts
Trusted Helper
Hello Kozer !
My nickname is heir and I'll be helping clean up your computer. 
Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.
Step 1.
GMER-scan:
Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.
Step 2.
OTL-scan:
Step 3.
Things I would like to see in your reply:
My nickname is heir and I'll be helping clean up your computer. Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
- To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Virus, Spyware and Trojan Removal..
- Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
- When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
- Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
- NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
- Make sure you reply to this thread using the Add Reply button:
Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.
Step 1.
GMER-scan:
Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.
- Disconnect from the Internet and close all running programs.
- Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
- Click on this link to see a list of programs that should be disabled.
- Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
- Allow the driver to load if asked.
- You may be prompted to scan immediately if it detects rootkit activity.
- If you are prompted to scan your system click "No", save the log and post back the results.
- If not prompted, click the "Rootkit/Malware" tab.
- On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
- Select all drives that are connected to your system to be scanned.
- Click the Scan button to begin. (Please be patient as it can take some time to complete)
- When the scan is finished, click Save to save the scan results to your Desktop.
- Save the file as Results.log and copy/paste the contents in your next reply.
- Exit the program and re-enable all active protection when done.
Step 2.
OTL-scan:
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Standard Output.
- Underneath the option Extra Registry change it to Use SafeList.
- Underneath the option File Scans check the boxes beside Use Company Name WhiteList, Skip Microsoft Files, LOP Check, Purity Check.
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav - Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
Step 3.
Things I would like to see in your reply:
- The content of Results.log from step 1.
- The content of OTL.txt and Extras.txt from step 2.
- Information on how your computer is running now.
Edited by heir, 01 April 2010 - 12:35 PM.
#3
Posted 01 April 2010 - 03:38 PM
Kozer
- Topic Starter
-
- Member
-
- 46 posts
Member
My computer froze again during the scan so I am running it again. I think I should not mention that the computer I am using is a MAC but with windows XP on it.
#4
Posted 01 April 2010 - 08:09 PM
Kozer
- Topic Starter
-
- Member
-
- 46 posts
Member
This is the GMER report
MER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-01 20:18:12
Windows 5.1.2600 Service Pack 3
Running: hmbtidjw.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\afeyraog.sys
---- System - GMER 1.0.15 ----
SSDT 8A3995C0 ZwAllocateVirtualMemory
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA13887E]
SSDT 8A3A5A08 ZwCreateProcess
SSDT 8A3A5990 ZwCreateProcessEx
SSDT 8A399890 ZwCreateThread
SSDT 8A3A60A8 ZwDeleteKey
SSDT 8A3A5A80 ZwDeleteValueKey
SSDT 8A399638 ZwQueueApcThread
SSDT 8A3994D0 ZwReadVirtualMemory
SSDT 8A3720A8 ZwRenameKey
SSDT 8A399728 ZwSetContextThread
SSDT 8A3A5B70 ZwSetInformationKey
SSDT 8A399980 ZwSetInformationProcess
SSDT 8A3997A0 ZwSetInformationThread
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA138BFE]
SSDT 8A399908 ZwSuspendProcess
SSDT 8A3996B0 ZwSuspendThread
SSDT 8A3A5918 ZwTerminateProcess
SSDT 8A399818 ZwTerminateThread
SSDT 8A399548 ZwWriteVirtualMemory
INT 0x01 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B90EA59A
INT 0x03 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B90EA655
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8F6C000, 0x17D80E, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\wuauclt.exe[788] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02832862
.text C:\WINDOWS\system32\wuauclt.exe[788] WS2_32.dll!send 71AB4C27 5 Bytes JMP 028326EE
.text C:\WINDOWS\system32\wuauclt.exe[788] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 028327E0
.text C:\WINDOWS\system32\wuauclt.exe[788] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02832726
.text C:\WINDOWS\system32\wuauclt.exe[788] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0283275E
.text C:\WINDOWS\Explorer.EXE[928] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F82862
.text C:\WINDOWS\Explorer.EXE[928] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F826EE
.text C:\WINDOWS\Explorer.EXE[928] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F827E0
.text C:\WINDOWS\Explorer.EXE[928] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F82726
.text C:\WINDOWS\Explorer.EXE[928] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F8275E
.text C:\Program Files\iPod\bin\iPodService.exe[936] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BA2862
.text C:\Program Files\iPod\bin\iPodService.exe[936] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BA26EE
.text C:\Program Files\iPod\bin\iPodService.exe[936] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BA27E0
.text C:\Program Files\iPod\bin\iPodService.exe[936] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00BA2726
.text C:\Program Files\iPod\bin\iPodService.exe[936] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00BA275E
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[1188] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01572862
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[1188] WS2_32.dll!send 71AB4C27 5 Bytes JMP 015726EE
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[1188] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 015727E0
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[1188] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01572726
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[1188] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0157275E
.text C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe[1220] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 023C2862
.text C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe[1220] WS2_32.dll!send 71AB4C27 5 Bytes JMP 023C26EE
.text C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe[1220] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 023C27E0
.text C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe[1220] WS2_32.dll!recv 71AB676F 5 Bytes JMP 023C2726
.text C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe[1220] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 023C275E
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[1360] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 03812862
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[1360] WS2_32.dll!send 71AB4C27 5 Bytes JMP 038126EE
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[1360] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 038127E0
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[1360] WS2_32.dll!recv 71AB676F 5 Bytes JMP 03812726
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[1360] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0381275E
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 016D2862
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] WS2_32.dll!send 71AB4C27 5 Bytes JMP 016D26EE
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 016D27E0
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] WS2_32.dll!recv 71AB676F 5 Bytes JMP 016D2726
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 016D275E
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2616] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02472862
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2616] WS2_32.dll!send 71AB4C27 5 Bytes JMP 024726EE
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2616] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 024727E0
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2616] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02472726
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2616] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0247275E
.text c:\Program Files\tbh\base\bin\tbhDaemon.exe[2780] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 015A2862
.text c:\Program Files\tbh\base\bin\tbhDaemon.exe[2780] WS2_32.dll!send 71AB4C27 5 Bytes JMP 015A26EE
.text c:\Program Files\tbh\base\bin\tbhDaemon.exe[2780] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 015A27E0
.text c:\Program Files\tbh\base\bin\tbhDaemon.exe[2780] WS2_32.dll!recv 71AB676F 5 Bytes JMP 015A2726
.text c:\Program Files\tbh\base\bin\tbhDaemon.exe[2780] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 015A275E
.text C:\Program Files\Java\jre6\bin\jusched.exe[3180] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E32862
.text C:\Program Files\Java\jre6\bin\jusched.exe[3180] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E326EE
.text C:\Program Files\Java\jre6\bin\jusched.exe[3180] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E327E0
.text C:\Program Files\Java\jre6\bin\jusched.exe[3180] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E32726
.text C:\Program Files\Java\jre6\bin\jusched.exe[3180] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E3275E
.text C:\Program Files\tbh\base\bin\tbhSystray.exe[3188] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01812862
.text C:\Program Files\tbh\base\bin\tbhSystray.exe[3188] WS2_32.dll!send 71AB4C27 5 Bytes JMP 018126EE
.text C:\Program Files\tbh\base\bin\tbhSystray.exe[3188] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 018127E0
.text C:\Program Files\tbh\base\bin\tbhSystray.exe[3188] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01812726
.text C:\Program Files\tbh\base\bin\tbhSystray.exe[3188] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0181275E
.text C:\Program Files\iTunes\iTunesHelper.exe[3220] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01952862
.text C:\Program Files\iTunes\iTunesHelper.exe[3220] WS2_32.dll!send 71AB4C27 5 Bytes JMP 019526EE
.text C:\Program Files\iTunes\iTunesHelper.exe[3220] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 019527E0
.text C:\Program Files\iTunes\iTunesHelper.exe[3220] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01952726
.text C:\Program Files\iTunes\iTunesHelper.exe[3220] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0195275E
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[3272] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F32862
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[3272] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F326EE
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[3272] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F327E0
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[3272] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F32726
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[3272] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F3275E
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 8A399360
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 8A399458
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 8A399458
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 8A399360
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 8A399360
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 8A399458
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 8A399458
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 8A399360
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 8A399458
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 8A399360
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 8A399458
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] 8A399360
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] 8A399458
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 8A399458
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 8A399360
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
Device \Driver\Tcpip \Device\Ip 8A344598
Device \Driver\Tcpip \Device\Ip 8A2BFA58
Device \Driver\Tcpip \Device\Ip 898696F8
Device \Driver\Tcpip \Device\Ip 8A0BC718
Device \Driver\ACPI \Device\00000052 89F766E8
Device \Driver\ACPI \Device\00000061 89F766E8
Device \Driver\Tcpip \Device\Tcp 8A344598
Device \Driver\Tcpip \Device\Tcp 8A2BFA58
Device \Driver\Tcpip \Device\Tcp 898696F8
Device \Driver\Tcpip \Device\Tcp 8A0BC718
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
Device \Driver\ACPI \Device\00000056 89F766E8
Device \Driver\ACPI \Device\00000062 89F766E8
Device \Driver\ACPI \Device\00000057 89F766E8
Device \Driver\ACPI \Device\00000063 89F766E8
Device \Driver\ACPI \Device\00000058 89F766E8
Device \Driver\ACPI \Device\00000064 89F766E8
Device \Driver\ACPI \Device\00000071 89F766E8
Device \Driver\ACPI \Device\00000059 89F766E8
Device \Driver\ACPI \Device\00000072 89F766E8
Device \Driver\ACPI \Device\00000073 89F766E8
Device \Driver\ACPI \Device\00000067 89F766E8
Device \Driver\ACPI \Device\00000075 89F766E8
Device \Driver\ACPI \Device\00000081 89F766E8
Device \Driver\ACPI \Device\00000076 89F766E8
Device \Driver\ACPI \Device\00000077 89F766E8
Device \Driver\ACPI \Device\00000083 89F766E8
Device \Driver\ACPI \Device\0000004b 89F766E8
Device \Driver\ACPI \Device\0000004c 89F766E8
Device \Driver\ACPI \Device\00000079 89F766E8
Device \Driver\ACPI \Device\0000005a 89F766E8
Device \Driver\ACPI \Device\0000004e 89F766E8
Device \Driver\ACPI \Device\0000005b 89F766E8
Device \Driver\ACPI \Device\00000087 89F766E8
Device \Driver\ACPI \Device\0000005c 89F766E8
Device \Driver\ACPI \Device\0000005d 89F766E8
Device \Driver\ACPI \Device\00000089 89F766E8
Device \Driver\Tcpip \Device\Udp 8A344598
Device \Driver\Tcpip \Device\Udp 8A2BFA58
Device \Driver\Tcpip \Device\Udp 898696F8
Device \Driver\Tcpip \Device\Udp 8A0BC718
Device \Driver\BTHUSB \Device\00000097 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\RawIp 8A344598
Device \Driver\Tcpip \Device\RawIp 8A2BFA58
Device \Driver\Tcpip \Device\RawIp 898696F8
Device \Driver\Tcpip \Device\RawIp 8A0BC718
Device \Driver\BTHUSB \Device\00000099 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\ACPI \Device\0000006e 89F766E8
Device \Driver\ACPI \Device\0000007b 89F766E8
Device \Driver\Tcpip \Device\IPMULTICAST 8A344598
Device \Driver\Tcpip \Device\IPMULTICAST 8A2BFA58
Device \Driver\Tcpip \Device\IPMULTICAST 898696F8
Device \Driver\Tcpip \Device\IPMULTICAST 8A0BC718
Device \Driver\ACPI \Device\0000007d 89F766E8
Device \Driver\ACPI \Device\0000007f 89F766E8
Device \Driver\ACPI \Device\0000008c 89F766E8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001ec296eadd
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001ec296eadd (not active ControlSet)
---- EOF - GMER 1.0.15 ----
MER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-01 20:18:12
Windows 5.1.2600 Service Pack 3
Running: hmbtidjw.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\afeyraog.sys
---- System - GMER 1.0.15 ----
SSDT 8A3995C0 ZwAllocateVirtualMemory
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA13887E]
SSDT 8A3A5A08 ZwCreateProcess
SSDT 8A3A5990 ZwCreateProcessEx
SSDT 8A399890 ZwCreateThread
SSDT 8A3A60A8 ZwDeleteKey
SSDT 8A3A5A80 ZwDeleteValueKey
SSDT 8A399638 ZwQueueApcThread
SSDT 8A3994D0 ZwReadVirtualMemory
SSDT 8A3720A8 ZwRenameKey
SSDT 8A399728 ZwSetContextThread
SSDT 8A3A5B70 ZwSetInformationKey
SSDT 8A399980 ZwSetInformationProcess
SSDT 8A3997A0 ZwSetInformationThread
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA138BFE]
SSDT 8A399908 ZwSuspendProcess
SSDT 8A3996B0 ZwSuspendThread
SSDT 8A3A5918 ZwTerminateProcess
SSDT 8A399818 ZwTerminateThread
SSDT 8A399548 ZwWriteVirtualMemory
INT 0x01 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B90EA59A
INT 0x03 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B90EA655
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8F6C000, 0x17D80E, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\wuauclt.exe[788] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02832862
.text C:\WINDOWS\system32\wuauclt.exe[788] WS2_32.dll!send 71AB4C27 5 Bytes JMP 028326EE
.text C:\WINDOWS\system32\wuauclt.exe[788] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 028327E0
.text C:\WINDOWS\system32\wuauclt.exe[788] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02832726
.text C:\WINDOWS\system32\wuauclt.exe[788] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0283275E
.text C:\WINDOWS\Explorer.EXE[928] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F82862
.text C:\WINDOWS\Explorer.EXE[928] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F826EE
.text C:\WINDOWS\Explorer.EXE[928] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F827E0
.text C:\WINDOWS\Explorer.EXE[928] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F82726
.text C:\WINDOWS\Explorer.EXE[928] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F8275E
.text C:\Program Files\iPod\bin\iPodService.exe[936] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BA2862
.text C:\Program Files\iPod\bin\iPodService.exe[936] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BA26EE
.text C:\Program Files\iPod\bin\iPodService.exe[936] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BA27E0
.text C:\Program Files\iPod\bin\iPodService.exe[936] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00BA2726
.text C:\Program Files\iPod\bin\iPodService.exe[936] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00BA275E
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[1188] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01572862
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[1188] WS2_32.dll!send 71AB4C27 5 Bytes JMP 015726EE
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[1188] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 015727E0
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[1188] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01572726
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[1188] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0157275E
.text C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe[1220] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 023C2862
.text C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe[1220] WS2_32.dll!send 71AB4C27 5 Bytes JMP 023C26EE
.text C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe[1220] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 023C27E0
.text C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe[1220] WS2_32.dll!recv 71AB676F 5 Bytes JMP 023C2726
.text C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe[1220] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 023C275E
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[1360] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 03812862
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[1360] WS2_32.dll!send 71AB4C27 5 Bytes JMP 038126EE
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[1360] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 038127E0
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[1360] WS2_32.dll!recv 71AB676F 5 Bytes JMP 03812726
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[1360] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0381275E
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 016D2862
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] WS2_32.dll!send 71AB4C27 5 Bytes JMP 016D26EE
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 016D27E0
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] WS2_32.dll!recv 71AB676F 5 Bytes JMP 016D2726
.text C:\WINDOWS\system32\Ati2evxx.exe[1864] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 016D275E
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2616] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02472862
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2616] WS2_32.dll!send 71AB4C27 5 Bytes JMP 024726EE
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2616] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 024727E0
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2616] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02472726
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[2616] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0247275E
.text c:\Program Files\tbh\base\bin\tbhDaemon.exe[2780] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 015A2862
.text c:\Program Files\tbh\base\bin\tbhDaemon.exe[2780] WS2_32.dll!send 71AB4C27 5 Bytes JMP 015A26EE
.text c:\Program Files\tbh\base\bin\tbhDaemon.exe[2780] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 015A27E0
.text c:\Program Files\tbh\base\bin\tbhDaemon.exe[2780] WS2_32.dll!recv 71AB676F 5 Bytes JMP 015A2726
.text c:\Program Files\tbh\base\bin\tbhDaemon.exe[2780] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 015A275E
.text C:\Program Files\Java\jre6\bin\jusched.exe[3180] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E32862
.text C:\Program Files\Java\jre6\bin\jusched.exe[3180] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E326EE
.text C:\Program Files\Java\jre6\bin\jusched.exe[3180] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E327E0
.text C:\Program Files\Java\jre6\bin\jusched.exe[3180] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E32726
.text C:\Program Files\Java\jre6\bin\jusched.exe[3180] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E3275E
.text C:\Program Files\tbh\base\bin\tbhSystray.exe[3188] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01812862
.text C:\Program Files\tbh\base\bin\tbhSystray.exe[3188] WS2_32.dll!send 71AB4C27 5 Bytes JMP 018126EE
.text C:\Program Files\tbh\base\bin\tbhSystray.exe[3188] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 018127E0
.text C:\Program Files\tbh\base\bin\tbhSystray.exe[3188] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01812726
.text C:\Program Files\tbh\base\bin\tbhSystray.exe[3188] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0181275E
.text C:\Program Files\iTunes\iTunesHelper.exe[3220] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01952862
.text C:\Program Files\iTunes\iTunesHelper.exe[3220] WS2_32.dll!send 71AB4C27 5 Bytes JMP 019526EE
.text C:\Program Files\iTunes\iTunesHelper.exe[3220] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 019527E0
.text C:\Program Files\iTunes\iTunesHelper.exe[3220] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01952726
.text C:\Program Files\iTunes\iTunesHelper.exe[3220] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0195275E
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[3272] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F32862
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[3272] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F326EE
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[3272] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F327E0
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[3272] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F32726
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[3272] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F3275E
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 8A399360
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 8A399458
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 8A399458
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 8A399360
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 8A399360
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 8A399458
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 8A399458
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 8A399360
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 8A399458
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 8A399360
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 8A399458
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] 8A399360
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] 8A399458
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 8A399458
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 8A399360
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
Device \Driver\Tcpip \Device\Ip 8A344598
Device \Driver\Tcpip \Device\Ip 8A2BFA58
Device \Driver\Tcpip \Device\Ip 898696F8
Device \Driver\Tcpip \Device\Ip 8A0BC718
Device \Driver\ACPI \Device\00000052 89F766E8
Device \Driver\ACPI \Device\00000061 89F766E8
Device \Driver\Tcpip \Device\Tcp 8A344598
Device \Driver\Tcpip \Device\Tcp 8A2BFA58
Device \Driver\Tcpip \Device\Tcp 898696F8
Device \Driver\Tcpip \Device\Tcp 8A0BC718
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
Device \Driver\ACPI \Device\00000056 89F766E8
Device \Driver\ACPI \Device\00000062 89F766E8
Device \Driver\ACPI \Device\00000057 89F766E8
Device \Driver\ACPI \Device\00000063 89F766E8
Device \Driver\ACPI \Device\00000058 89F766E8
Device \Driver\ACPI \Device\00000064 89F766E8
Device \Driver\ACPI \Device\00000071 89F766E8
Device \Driver\ACPI \Device\00000059 89F766E8
Device \Driver\ACPI \Device\00000072 89F766E8
Device \Driver\ACPI \Device\00000073 89F766E8
Device \Driver\ACPI \Device\00000067 89F766E8
Device \Driver\ACPI \Device\00000075 89F766E8
Device \Driver\ACPI \Device\00000081 89F766E8
Device \Driver\ACPI \Device\00000076 89F766E8
Device \Driver\ACPI \Device\00000077 89F766E8
Device \Driver\ACPI \Device\00000083 89F766E8
Device \Driver\ACPI \Device\0000004b 89F766E8
Device \Driver\ACPI \Device\0000004c 89F766E8
Device \Driver\ACPI \Device\00000079 89F766E8
Device \Driver\ACPI \Device\0000005a 89F766E8
Device \Driver\ACPI \Device\0000004e 89F766E8
Device \Driver\ACPI \Device\0000005b 89F766E8
Device \Driver\ACPI \Device\00000087 89F766E8
Device \Driver\ACPI \Device\0000005c 89F766E8
Device \Driver\ACPI \Device\0000005d 89F766E8
Device \Driver\ACPI \Device\00000089 89F766E8
Device \Driver\Tcpip \Device\Udp 8A344598
Device \Driver\Tcpip \Device\Udp 8A2BFA58
Device \Driver\Tcpip \Device\Udp 898696F8
Device \Driver\Tcpip \Device\Udp 8A0BC718
Device \Driver\BTHUSB \Device\00000097 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\RawIp 8A344598
Device \Driver\Tcpip \Device\RawIp 8A2BFA58
Device \Driver\Tcpip \Device\RawIp 898696F8
Device \Driver\Tcpip \Device\RawIp 8A0BC718
Device \Driver\BTHUSB \Device\00000099 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\ACPI \Device\0000006e 89F766E8
Device \Driver\ACPI \Device\0000007b 89F766E8
Device \Driver\Tcpip \Device\IPMULTICAST 8A344598
Device \Driver\Tcpip \Device\IPMULTICAST 8A2BFA58
Device \Driver\Tcpip \Device\IPMULTICAST 898696F8
Device \Driver\Tcpip \Device\IPMULTICAST 8A0BC718
Device \Driver\ACPI \Device\0000007d 89F766E8
Device \Driver\ACPI \Device\0000007f 89F766E8
Device \Driver\ACPI \Device\0000008c 89F766E8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001ec296eadd
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001ec296eadd (not active ControlSet)
---- EOF - GMER 1.0.15 ----
#5
Posted 01 April 2010 - 08:10 PM
Kozer
- Topic Starter
-
- Member
-
- 46 posts
Member
This is the OTL.txt report
OTL logfile created on: 4/1/2010 8:35:24 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.90 Gb Total Space | 18.99 Gb Free Space | 16.97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: OWNER-D55E6E712
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/04/01 20:30:05 | 000,062,760 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe
PRC - [2010/04/01 14:19:06 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/04/01 01:07:56 | 001,265,264 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
PRC - [2009/08/01 17:45:27 | 001,205,760 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/05/13 15:40:08 | 006,345,840 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/04/29 15:30:22 | 000,090,112 | ---- | M] (Parallels Software International, Inc.) -- C:\Program Files\Parallels\Parallels Tools\toolsrv.exe
PRC - [2009/04/21 18:26:52 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/04/21 18:26:50 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/08 11:14:08 | 000,099,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\AppleTimeSrv.exe
PRC - [2008/02/08 11:14:02 | 000,132,400 | ---- | M] () -- C:\WINDOWS\system32\AppleOSSMgr.exe
PRC - [2008/02/08 10:56:41 | 000,147,456 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\IRW.exe
========== Modules (SafeList) ==========
MOD - [2010/04/01 14:19:06 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2010/04/01 01:07:56 | 001,265,264 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () [Auto | Running] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
SRV - [2009/08/01 17:45:27 | 001,205,760 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/04/29 15:30:34 | 000,053,346 | ---- | M] (Parallels Software International, Inc.) [Auto | Stopped] -- C:\Program Files\Parallels\Parallels Tools\cohrence.exe -- (cohrence)
SRV - [2009/04/29 15:30:22 | 000,090,112 | ---- | M] (Parallels Software International, Inc.) [Auto | Running] -- C:\Program Files\Parallels\Parallels Tools\toolsrv.exe -- (toolsrv)
SRV - [2009/04/21 18:26:52 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/04/02 12:47:04 | 000,234,888 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2008/02/08 11:14:08 | 000,099,632 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\WINDOWS\system32\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV - [2008/02/08 11:14:02 | 000,132,400 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\AppleOSSMgr.exe -- (AppleOSSMgr)
========== Driver Services (SafeList) ==========
DRV - [2010/02/04 10:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/04/29 15:37:10 | 000,005,341 | ---- | M] (Parallels Software International, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PrlMouse.sys -- (PrlMouse)
DRV - [2009/04/29 15:37:10 | 000,002,550 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\prltime.sys -- (PrlTime)
DRV - [2009/04/29 15:37:00 | 000,016,384 | ---- | M] (Parallels Software International, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PrlVideo.sys -- (PrlVideo)
DRV - [2009/04/29 15:36:52 | 000,015,232 | ---- | M] (Parallels Software International, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcitg.sys -- (PCITG)
DRV - [2009/04/29 15:36:46 | 000,138,368 | ---- | M] (Parallels Software International, Inc.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\PRLFS.SYS -- (PrlNP)
DRV - [2009/04/29 15:33:58 | 000,006,112 | ---- | M] (Parallels Software International, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\prleth.sys -- (prleth)
DRV - [2009/04/29 15:33:46 | 000,013,933 | ---- | M] (Parallels Software International, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\prl_paravirt_32.sys -- (prl_paravirt_32)
DRV - [2009/04/21 18:27:04 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/04/21 18:27:04 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/04/21 18:27:02 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2008/04/15 15:36:37 | 004,625,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/15 15:30:29 | 000,019,968 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KeyMagic.sys -- (KeyMagic)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/08 10:58:26 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/02/08 10:56:56 | 000,005,504 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KeyAgent.sys -- (KeyAgent)
DRV - [2008/02/08 10:56:41 | 000,016,512 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IRFilter.sys -- (IRRemoteFlt)
DRV - [2008/02/08 10:55:48 | 000,006,528 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV - [2008/02/08 10:54:42 | 002,849,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/12/06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 12:12:40 | 000,019,017 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8029.sys -- (rtl8029) Realtek RTL8029(AS)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.17641
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/20 10:39:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/20 10:39:01 | 000,000,000 | ---D | M]
[2009/08/28 12:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/08/01 23:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions
[2009/08/01 23:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/03/30 21:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\roasmebf.default\extensions
[2009/09/07 00:34:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\roasmebf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/02 23:38:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\roasmebf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/16 23:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\roasmebf.default\extensions\[email protected]
[2010/04/01 20:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\roasmebf.default\extensions\[email protected]
[2010/03/31 21:07:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/08/02 07:47:44 | 000,086,016 | ---- | M] (VBrick Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npvbplayer.dll
O1 HOSTS File: ([2009/08/02 00:01:39 | 000,000,756 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 .psf
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [IRW] C:\WINDOWS\System32\IRW.exe (Apple Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Parallels Tools] C:\Program Files\Parallels\Parallels Tools\ParallelsToolsCenter.exe (Parallels Software International, Inc.)
O4 - HKLM..\Run: [SharedInternetApplication] C:\Program Files\Parallels\Parallels Tools\SIA\sharedintapp.exe (Parallels Software International, Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe (eBay)
O4 - HKCU..\Run: [fsm] File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: .psf ([]file in Trusted sites)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macr...are/awswaxf.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.9.113.cab (CDownloadCtrl Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1249168507530 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (EM\) - File not found
O30 - LSA: Security Packages - (ages settings...) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/01 17:06:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9fd80340-9dbc-11de-84f9-001ec296eadd}\Shell - "" = AutoRun
O33 - MountPoints2\{9fd80340-9dbc-11de-84f9-001ec296eadd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9fd80340-9dbc-11de-84f9-001ec296eadd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/04/01 20:31:51 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)
========== Files/Folders - Created Within 30 Days ==========
[2010/04/01 14:24:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/01 14:19:03 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/04/01 01:08:16 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/04/01 01:08:11 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/01 01:07:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/04/01 01:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/04/01 01:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/03/31 22:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/03/31 22:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/03/31 22:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/03/31 21:55:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/03/31 21:55:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/03/31 21:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Stardock
[2010/03/31 21:54:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ddfeib
[2010/03/31 19:38:07 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/03/30 21:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/03/29 14:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II Beta
[2010/03/29 14:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\StarCraft II Beta
[2010/03/29 10:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\StarCraft II Beta enUS 13891 Installer
[2010/03/17 16:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft
[2010/02/12 19:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/12 19:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/09/09 08:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/08/07 08:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/08/01 17:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/08/01 17:06:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/08/01 17:06:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/04/01 20:35:13 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/01 20:30:05 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/04/01 20:29:57 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/01 20:29:53 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/01 20:29:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/01 20:29:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/01 19:25:07 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/01 14:19:06 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/04/01 14:18:18 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hmbtidjw.exe
[2010/04/01 03:17:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/04/01 01:13:44 | 000,000,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/04/01 01:09:56 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/01 01:08:40 | 008,047,914 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/04/01 01:08:07 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/01 01:08:04 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/01 01:07:04 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/03/31 22:56:29 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/31 22:56:29 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/31 22:56:28 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/31 19:04:23 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\World of Warcraft.lnk
[2010/03/30 21:16:16 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/03/30 20:53:52 | 000,056,778 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20100330_205347.reg
[2010/03/29 14:48:59 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II Beta.lnk
[2010/03/27 23:40:13 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010/03/27 18:49:34 | 000,001,758 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Empire Earth II - The Art of Supremacy.lnk
[2010/03/27 18:49:34 | 000,001,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Empire Earth II.lnk
[2010/03/26 18:00:02 | 000,001,644 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L5CEDFCAAC93143D289A80DD6E80D1DE2.job
[2010/03/19 08:04:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/19 02:43:29 | 000,000,657 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2010/03/17 16:57:54 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft - Brood War.lnk
[2010/03/17 12:57:30 | 000,013,454 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\s8j6OHmJ6C447
[2010/03/17 12:57:29 | 000,013,454 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\s8j6OHmJ6C447
[2010/03/13 18:00:34 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Impulse Now.lnk
[2010/03/07 18:00:30 | 007,861,232 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SkiesofArcadia.p3t
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/04/01 14:18:16 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hmbtidjw.exe
[2010/04/01 02:33:31 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/01 01:13:44 | 000,000,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/04/01 01:09:01 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/01 01:07:04 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/03/30 21:21:34 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/03/30 21:16:16 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/03/30 20:53:48 | 000,056,778 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20100330_205347.reg
[2010/03/29 14:40:42 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II Beta.lnk
[2010/03/27 18:49:34 | 000,001,758 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Empire Earth II - The Art of Supremacy.lnk
[2010/03/27 18:49:34 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Empire Earth II.lnk
[2010/03/17 16:54:50 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft - Brood War.lnk
[2010/03/16 20:41:26 | 000,013,454 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\s8j6OHmJ6C447
[2010/03/16 20:41:26 | 000,013,454 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\s8j6OHmJ6C447
[2010/03/14 18:35:36 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\World of Warcraft.lnk
[2010/03/13 18:00:34 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Impulse Now.lnk
[2010/03/07 18:00:17 | 007,861,232 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SkiesofArcadia.p3t
[2010/02/24 04:19:31 | 000,707,912 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/16 23:13:24 | 000,138,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/02/16 23:13:11 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PnkBstrK.sys
[2009/10/15 10:18:53 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/09/17 22:17:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/06 01:03:24 | 000,105,362 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FASTWiz.log
[2009/08/25 17:06:23 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/08/25 17:06:23 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/08/25 17:06:23 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/08/25 17:01:57 | 000,000,657 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/08/01 23:15:48 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/01 17:52:36 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/01 17:44:33 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2009/08/01 13:58:15 | 000,274,523 | ---- | C] () -- C:\WINDOWS\System32\wined3d.dll
[2009/08/01 13:58:06 | 000,078,848 | ---- | C] () -- C:\WINDOWS\System32\PRLNP.DLL
[2009/08/01 13:58:06 | 000,002,550 | ---- | C] () -- C:\WINDOWS\System32\drivers\prltime.sys
[2009/04/21 18:26:56 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
========== LOP Check ==========
[2010/02/07 22:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/02/08 14:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts Inc
[2010/01/27 17:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2009/08/01 17:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2009/09/03 08:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ironclad Games
[2010/03/31 22:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/09/02 22:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2010/04/01 01:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/10/02 20:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/02 22:45:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0941A14E-3930-437B-8105-52B718F0E5C1}
[2010/04/01 01:07:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/16 17:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/01 17:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/08/10 14:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acreon
[2010/03/13 17:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Command & Conquer 3 Kane's Wrath
[2009/09/07 01:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Command & Conquer 3 Tiberium Wars
[2010/02/08 14:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Command and Conquer 4 Beta
[2009/08/02 12:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Darkfall
[2010/03/19 02:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Darkfall US
[2010/01/23 02:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Datel
[2010/03/31 23:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Free Download Manager
[2009/12/15 21:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2010/03/19 02:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\id Software
[2009/08/02 00:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Parallels
[2010/03/19 02:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RayV
[2009/09/10 00:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sierra
[2009/11/07 21:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SPORE
[2009/09/02 22:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Stardock
[2009/11/04 01:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2010/04/01 20:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2009/12/15 18:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wings3D
[2010/04/01 01:09:56 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/04/01 20:35:13 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/03/26 18:00:02 | 000,001,644 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_L5CEDFCAAC93143D289A80DD6E80D1DE2.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
[2009/08/29 00:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/08/15 23:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/08/01 17:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/08/09 12:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2010/03/31 21:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2010/02/07 22:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/02/08 14:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts Inc
[2010/01/27 17:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2009/08/01 17:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2009/08/01 23:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/08/01 17:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2009/08/01 17:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2009/08/01 17:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2009/08/25 21:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/09/03 08:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ironclad Games
[2010/04/01 01:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/08/01 17:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/03/30 21:16:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/08/29 22:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/03/31 22:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/08/01 23:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/09/02 22:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2010/04/01 01:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/10/02 20:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/25 16:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/08/01 17:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2009/08/01 18:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2009/08/01 18:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/09/02 22:45:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0941A14E-3930-437B-8105-52B718F0E5C1}
[2010/04/01 01:07:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/16 17:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/01 17:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/08/25 10:01:52 | 003,270,552 | ---- | M] (Stardock Corporation & nbsp; ) -- C:\Documents and Settings\All Users\Application Data\{0941A14E-3930-437B-8105-52B718F0E5C1}\Impulse_setup.exe
[2010/02/04 10:53:47 | 002,954,656 | ---- | M] (Lavasoft &nb sp; ) -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
[2009/02/04 15:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DifXInstall32.exe
[2010/01/22 20:51:36 | 000,072,488 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
[2010/02/08 14:01:53 | 000,485,136 | ---- | M] (Microsoft) -- C:\Documents and Settings\All Users\Application Data\Electronic Arts Inc\CNC4BetaPatch\LauncherUpdate_R14.exe
[2010/02/09 19:43:11 | 003,198,224 | ---- | M] (Microsoft) -- C:\Documents and Settings\All Users\Application Data\Electronic Arts Inc\CNC4BetaPatch\LauncherUpdate_R15.exe
[2008/10/21 19:34:05 | 000,049,904 | R--- | M] () -- C:\Documents and Settings\All Users\Application Data\Geek Squad\Customizer\GSRestartSvc.exe
[2010/04/01 01:07:56 | 001,265,264 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
[2010/04/01 01:07:57 | 000,818,256 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
[2010/04/01 01:07:57 | 001,597,952 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
[2010/04/01 01:07:58 | 000,855,864 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
[2010/04/01 01:07:58 | 000,849,744 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
[2010/04/01 01:08:04 | 000,015,880 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
[2010/04/01 01:08:05 | 000,885,736 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
[2009/08/29 00:17:33 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
[2009/08/29 00:19:30 | 001,925,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
[2009/08/01 17:19:35 | 001,962,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
< %APPDATA%\*. >
[2009/08/10 14:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acreon
[2009/08/29 00:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2010/02/18 22:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2010/03/13 17:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Command & Conquer 3 Kane's Wrath
[2009/09/07 01:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Command & Conquer 3 Tiberium Wars
[2010/02/08 14:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Command and Conquer 4 Beta
[2009/08/02 12:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Darkfall
[2010/03/19 02:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Darkfall US
[2010/01/23 02:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Datel
[2010/03/31 23:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Free Download Manager
[2009/08/02 01:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Google
[2009/12/15 21:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2009/08/01 17:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HP
[2010/03/19 02:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\id Software
[2009/08/01 17:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Identities
[2009/09/04 08:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IGN_DLM
[2009/12/15 18:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InstallShield
[2009/08/01 17:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2009/10/11 13:57:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2009/08/28 12:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2009/08/02 00:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Parallels
[2010/03/19 02:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RayV
[2009/09/06 01:45:50 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data\SecuROM
[2009/09/10 00:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sierra
[2010/04/01 01:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skype
[2010/04/01 01:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\skypePM
[2009/11/07 21:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SPORE
[2009/09/02 22:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Stardock
[2009/08/01 17:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sun
[2009/11/04 01:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2009/09/11 01:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\U3
[2010/04/01 20:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2009/09/16 15:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ventrilo
[2009/08/01 17:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Webroot
[2009/12/15 18:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wings3D
[2009/09/14 00:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinRAR
< %APPDATA%\*.exe /s >
[2009/08/10 14:58:52 | 000,272,384 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Acreon\WowMatrix\Modules\curl.exe
[2009/02/12 04:35:52 | 000,038,208 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010/02/01 17:52:36 | 001,291,640 | ---- | M] (EA Digital Illusions CE AB) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\roasmebf.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
[2009/08/01 19:09:09 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Address Book (Mac).exe
[2009/08/01 19:08:45 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\AirPort Utility (Mac).exe
[2009/08/01 19:08:59 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Alerts Daemon (Mac).exe
[2009/08/01 19:09:15 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\AppleScript Utility (Mac).exe
[2009/08/01 19:09:21 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Audio MIDI Setup (Mac).exe
[2009/08/01 19:09:10 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Automator (Mac).exe
[2009/08/01 19:09:15 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Chess (Mac).exe
[2009/08/01 19:09:23 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\ColorSync Utility (Mac).exe
[2009/08/01 19:09:24 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Dashboard (Mac).exe
[2009/08/01 19:09:07 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Dictionary (Mac).exe
[2009/08/01 19:09:23 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\DigitalColor Meter (Mac).exe
[2009/08/01 19:09:06 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Disk Utility (Mac).exe
[2009/08/01 19:09:13 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\DropStuff (Mac).exe
[2009/08/01 19:09:27 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\DVD Player (Mac).exe
[2009/08/01 19:08:43 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Equation Editor (Mac).exe
[2009/08/01 19:09:15 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Exposé (Mac).exe
[2009/08/01 19:09:19 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Folder Actions Setup (Mac).exe
[2009/08/01 19:09:16 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Font Book (Mac).exe
[2009/08/01 19:09:16 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Front Row (Mac).exe
[2009/08/01 19:09:05 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\GarageBand (Mac).exe
[2009/08/01 19:09:24 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Grapher (Mac).exe
[2009/08/01 19:08:57 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP All-in-One Device Chooser (Mac).exe
[2009/08/01 19:08:59 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Copy (Mac).exe
[2009/08/01 19:08:27 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Device Manager (Mac).exe
[2009/08/01 19:08:50 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Message Center (Mac).exe
[2009/08/01 19:08:52 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Network Settings Utility (Mac).exe
[2009/08/01 19:08:55 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Photosmart Create (Mac).exe
[2009/08/01 19:08:53 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Photosmart Print (Mac).exe
[2009/08/01 19:08:54 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Photosmart Share (Mac).exe
[2009/08/01 19:08:54 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Photosmart Stitch (Mac).exe
[2009/08/01 19:08:52 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Photosmart Studio (Mac).exe
[2009/08/01 19:08:56 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Registration Assistant (Mac).exe
[2009/08/01 19:08:57 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Scan Destinations (Mac).exe
[2009/08/01 19:08:30 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Scan Pro (Mac).exe
[2009/08/01 19:08:56 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Setup Assistant (Mac).exe
[2009/08/01 19:08:41 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Software Update (Mac).exe
[2009/08/01 19:09:01 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Uninstaller (Mac).exe
[2009/08/01 19:09:09 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\iCal (Mac).exe
[2009/08/01 19:09:10 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\iChat (Mac).exe
[2009/08/01 19:09:06 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\iDVD (Mac).exe
[2009/08/01 19:09:16 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Image Capture (Mac).exe
[2009/08/01 19:09:12 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\iMovie (Mac).exe
[2009/08/01 19:08:46 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\iPhoto (Mac).exe
[2009/08/01 19:09:08 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\iSync (Mac).exe
[2009/08/01 19:08:47 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\iTunes (Mac).exe
[2009/08/01 19:08:45 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\iWeb (Mac).exe
[2009/08/01 19:09:11 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Java Web Start (Mac).exe
[2009/08/01 19:09:26 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Keychain Access (Mac).exe
[2009/08/01 19:08:44 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Keynote (Mac).exe
[2009/08/01 19:09:08 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Mail (Mac).exe
[2009/08/01 19:09:01 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Cert Manager (Mac).exe
[2009/08/01 19:09:01 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Chart Converter (Mac).exe
[2009/08/01 19:09:02 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Clip Gallery (Mac).exe
[2009/08/01 19:09:02 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Database Daemon (Mac).exe
[2009/08/01 19:09:02 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Database Utility (Mac).exe
[2009/08/01 19:08:34 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Entourage (Mac).exe
[2009/08/01 19:08:30 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Excel (Mac).exe
[2009/08/01 19:08:43 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Graph (Mac).exe
[2009/08/01 19:08:59 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Language Register (Mac).exe
[2009/08/01 19:08:40 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Messenger (Mac).exe
[2009/08/01 19:09:03 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Office Reminders (Mac).exe
[2009/08/01 19:08:42 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Office Setup Assistant (Mac).exe
[2009/08/01 19:08:34 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft PowerPoint (Mac).exe
[2009/08/01 19:09:03 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Project Gallery (Mac).exe
[2009/08/01 19:09:04 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Query (Mac).exe
[2009/08/01 19:09:04 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Sync Services (Mac).exe
[2009/08/01 19:08:29 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Word (Mac).exe
[2009/08/01 19:08:38 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\My Day (Mac).exe
[2009/08/01 19:09:07 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Network Utility (Mac).exe
[2009/08/01 19:08:44 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Numbers (Mac).exe
[2009/08/01 19:09:26 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\ODBC Administrator (Mac).exe
[2009/08/01 19:09:05 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Organization Chart (Mac).exe
[2009/08/01 19:08:44 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Pages (Mac).exe
[2009/08/01 19:08:47 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Parallels Desktop (Mac).exe
[2009/08/01 19:08:48 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Parallels Explorer (Mac).exe
[2009/08/01 19:08:49 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Parallels Image Tool (Mac).exe
[2009/08/01 19:08:50 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Parallels Transporter (Mac).exe
[2009/08/01 19:08:46 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Preview (Mac).exe
[2009/08/01 19:09:08 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\QuickTime Player (Mac).exe
[2009/08/01 19:09:06 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\RAID Utility (Mac).exe
[2009/08/01 19:08:59 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Remove Office (Mac).exe
[2009/08/01 19:09:11 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Safari (Mac).exe
[2009/08/01 19:08:57 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\ScanUtility (Mac).exe
[2009/08/01 19:09:17 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Script Editor (Mac).exe
[2009/08/01 19:09:16 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Spaces (Mac).exe
[2009/08/01 19:09:19 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Stickies (Mac).exe
[2009/08/01 19:09:14 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\StuffIt Expander (Mac).exe
[2009/08/01 19:08:46 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\System Preferences (Mac).exe
[2009/08/01 19:09:14 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\System Profiler (Mac).exe
[2009/08/01 19:09:21 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\TextEdit (Mac).exe
[2009/08/01 19:09:16 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Time Machine (Mac).exe
[2009/08/01 19:09:13 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Windows Media Player (Mac).exe
[2009/08/01 19:09:13 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\WMV Player (Mac).exe
[2009/08/01 19:09:12 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\X11 (Mac).exe
[2007/10/23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\U3\temp\cleanup.exe
[2008/05/02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\i386\atapi.sys
[2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/02/28 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2006/02/28 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/21 18:26:56 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wrLZMA.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009/08/01 16:55:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/08/01 16:55:10 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/08/01 16:55:10 | 000,917,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
========== Alternate Data Streams ==========
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
OTL logfile created on: 4/1/2010 8:35:24 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.90 Gb Total Space | 18.99 Gb Free Space | 16.97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: OWNER-D55E6E712
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/04/01 20:30:05 | 000,062,760 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe
PRC - [2010/04/01 14:19:06 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/04/01 01:07:56 | 001,265,264 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
PRC - [2009/08/01 17:45:27 | 001,205,760 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/05/13 15:40:08 | 006,345,840 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/04/29 15:30:22 | 000,090,112 | ---- | M] (Parallels Software International, Inc.) -- C:\Program Files\Parallels\Parallels Tools\toolsrv.exe
PRC - [2009/04/21 18:26:52 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/04/21 18:26:50 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/08 11:14:08 | 000,099,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\AppleTimeSrv.exe
PRC - [2008/02/08 11:14:02 | 000,132,400 | ---- | M] () -- C:\WINDOWS\system32\AppleOSSMgr.exe
PRC - [2008/02/08 10:56:41 | 000,147,456 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\IRW.exe
========== Modules (SafeList) ==========
MOD - [2010/04/01 14:19:06 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2010/04/01 01:07:56 | 001,265,264 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () [Auto | Running] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
SRV - [2009/08/01 17:45:27 | 001,205,760 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/04/29 15:30:34 | 000,053,346 | ---- | M] (Parallels Software International, Inc.) [Auto | Stopped] -- C:\Program Files\Parallels\Parallels Tools\cohrence.exe -- (cohrence)
SRV - [2009/04/29 15:30:22 | 000,090,112 | ---- | M] (Parallels Software International, Inc.) [Auto | Running] -- C:\Program Files\Parallels\Parallels Tools\toolsrv.exe -- (toolsrv)
SRV - [2009/04/21 18:26:52 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/04/02 12:47:04 | 000,234,888 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2008/02/08 11:14:08 | 000,099,632 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\WINDOWS\system32\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV - [2008/02/08 11:14:02 | 000,132,400 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\AppleOSSMgr.exe -- (AppleOSSMgr)
========== Driver Services (SafeList) ==========
DRV - [2010/02/04 10:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/04/29 15:37:10 | 000,005,341 | ---- | M] (Parallels Software International, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PrlMouse.sys -- (PrlMouse)
DRV - [2009/04/29 15:37:10 | 000,002,550 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\prltime.sys -- (PrlTime)
DRV - [2009/04/29 15:37:00 | 000,016,384 | ---- | M] (Parallels Software International, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PrlVideo.sys -- (PrlVideo)
DRV - [2009/04/29 15:36:52 | 000,015,232 | ---- | M] (Parallels Software International, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcitg.sys -- (PCITG)
DRV - [2009/04/29 15:36:46 | 000,138,368 | ---- | M] (Parallels Software International, Inc.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\PRLFS.SYS -- (PrlNP)
DRV - [2009/04/29 15:33:58 | 000,006,112 | ---- | M] (Parallels Software International, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\prleth.sys -- (prleth)
DRV - [2009/04/29 15:33:46 | 000,013,933 | ---- | M] (Parallels Software International, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\prl_paravirt_32.sys -- (prl_paravirt_32)
DRV - [2009/04/21 18:27:04 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/04/21 18:27:04 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/04/21 18:27:02 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2008/04/15 15:36:37 | 004,625,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/15 15:30:29 | 000,019,968 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KeyMagic.sys -- (KeyMagic)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/08 10:58:26 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/02/08 10:56:56 | 000,005,504 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KeyAgent.sys -- (KeyAgent)
DRV - [2008/02/08 10:56:41 | 000,016,512 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IRFilter.sys -- (IRRemoteFlt)
DRV - [2008/02/08 10:55:48 | 000,006,528 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV - [2008/02/08 10:54:42 | 002,849,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/12/06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 12:12:40 | 000,019,017 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8029.sys -- (rtl8029) Realtek RTL8029(AS)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.17641
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/20 10:39:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/20 10:39:01 | 000,000,000 | ---D | M]
[2009/08/28 12:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/08/01 23:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions
[2009/08/01 23:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/03/30 21:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\roasmebf.default\extensions
[2009/09/07 00:34:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\roasmebf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/02 23:38:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\roasmebf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/16 23:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\roasmebf.default\extensions\[email protected]
[2010/04/01 20:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\roasmebf.default\extensions\[email protected]
[2010/03/31 21:07:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/08/02 07:47:44 | 000,086,016 | ---- | M] (VBrick Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npvbplayer.dll
O1 HOSTS File: ([2009/08/02 00:01:39 | 000,000,756 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 .psf
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [IRW] C:\WINDOWS\System32\IRW.exe (Apple Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Parallels Tools] C:\Program Files\Parallels\Parallels Tools\ParallelsToolsCenter.exe (Parallels Software International, Inc.)
O4 - HKLM..\Run: [SharedInternetApplication] C:\Program Files\Parallels\Parallels Tools\SIA\sharedintapp.exe (Parallels Software International, Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe (eBay)
O4 - HKCU..\Run: [fsm] File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: .psf ([]file in Trusted sites)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macr...are/awswaxf.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.9.113.cab (CDownloadCtrl Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1249168507530 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (EM\) - File not found
O30 - LSA: Security Packages - (ages settings...) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/01 17:06:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9fd80340-9dbc-11de-84f9-001ec296eadd}\Shell - "" = AutoRun
O33 - MountPoints2\{9fd80340-9dbc-11de-84f9-001ec296eadd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9fd80340-9dbc-11de-84f9-001ec296eadd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/04/01 20:31:51 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)
========== Files/Folders - Created Within 30 Days ==========
[2010/04/01 14:24:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/01 14:19:03 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/04/01 01:08:16 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/04/01 01:08:11 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/01 01:07:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/04/01 01:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/04/01 01:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/03/31 22:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/03/31 22:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/03/31 22:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/03/31 21:55:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/03/31 21:55:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/03/31 21:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Stardock
[2010/03/31 21:54:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ddfeib
[2010/03/31 19:38:07 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/03/30 21:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/03/29 14:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II Beta
[2010/03/29 14:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\StarCraft II Beta
[2010/03/29 10:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\StarCraft II Beta enUS 13891 Installer
[2010/03/17 16:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft
[2010/02/12 19:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/12 19:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/09/09 08:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/08/07 08:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/08/01 17:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/08/01 17:06:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/08/01 17:06:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/04/01 20:35:13 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/01 20:30:05 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/04/01 20:29:57 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/01 20:29:53 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/01 20:29:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/01 20:29:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/01 19:25:07 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/01 14:19:06 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/04/01 14:18:18 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hmbtidjw.exe
[2010/04/01 03:17:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/04/01 01:13:44 | 000,000,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/04/01 01:09:56 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/01 01:08:40 | 008,047,914 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/04/01 01:08:07 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/01 01:08:04 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/01 01:07:04 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/03/31 22:56:29 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/31 22:56:29 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/31 22:56:28 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/31 19:04:23 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\World of Warcraft.lnk
[2010/03/30 21:16:16 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/03/30 20:53:52 | 000,056,778 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20100330_205347.reg
[2010/03/29 14:48:59 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II Beta.lnk
[2010/03/27 23:40:13 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010/03/27 18:49:34 | 000,001,758 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Empire Earth II - The Art of Supremacy.lnk
[2010/03/27 18:49:34 | 000,001,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Empire Earth II.lnk
[2010/03/26 18:00:02 | 000,001,644 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L5CEDFCAAC93143D289A80DD6E80D1DE2.job
[2010/03/19 08:04:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/19 02:43:29 | 000,000,657 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2010/03/17 16:57:54 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft - Brood War.lnk
[2010/03/17 12:57:30 | 000,013,454 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\s8j6OHmJ6C447
[2010/03/17 12:57:29 | 000,013,454 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\s8j6OHmJ6C447
[2010/03/13 18:00:34 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Impulse Now.lnk
[2010/03/07 18:00:30 | 007,861,232 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SkiesofArcadia.p3t
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/04/01 14:18:16 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hmbtidjw.exe
[2010/04/01 02:33:31 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/01 01:13:44 | 000,000,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/04/01 01:09:01 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/01 01:07:04 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/03/30 21:21:34 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/03/30 21:16:16 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/03/30 20:53:48 | 000,056,778 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20100330_205347.reg
[2010/03/29 14:40:42 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II Beta.lnk
[2010/03/27 18:49:34 | 000,001,758 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Empire Earth II - The Art of Supremacy.lnk
[2010/03/27 18:49:34 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Empire Earth II.lnk
[2010/03/17 16:54:50 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft - Brood War.lnk
[2010/03/16 20:41:26 | 000,013,454 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\s8j6OHmJ6C447
[2010/03/16 20:41:26 | 000,013,454 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\s8j6OHmJ6C447
[2010/03/14 18:35:36 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\World of Warcraft.lnk
[2010/03/13 18:00:34 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Impulse Now.lnk
[2010/03/07 18:00:17 | 007,861,232 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SkiesofArcadia.p3t
[2010/02/24 04:19:31 | 000,707,912 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/16 23:13:24 | 000,138,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/02/16 23:13:11 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PnkBstrK.sys
[2009/10/15 10:18:53 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/09/17 22:17:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/06 01:03:24 | 000,105,362 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FASTWiz.log
[2009/08/25 17:06:23 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/08/25 17:06:23 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/08/25 17:06:23 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/08/25 17:01:57 | 000,000,657 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/08/01 23:15:48 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/01 17:52:36 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/01 17:44:33 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2009/08/01 13:58:15 | 000,274,523 | ---- | C] () -- C:\WINDOWS\System32\wined3d.dll
[2009/08/01 13:58:06 | 000,078,848 | ---- | C] () -- C:\WINDOWS\System32\PRLNP.DLL
[2009/08/01 13:58:06 | 000,002,550 | ---- | C] () -- C:\WINDOWS\System32\drivers\prltime.sys
[2009/04/21 18:26:56 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
========== LOP Check ==========
[2010/02/07 22:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/02/08 14:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts Inc
[2010/01/27 17:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2009/08/01 17:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2009/09/03 08:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ironclad Games
[2010/03/31 22:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/09/02 22:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2010/04/01 01:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/10/02 20:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/02 22:45:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0941A14E-3930-437B-8105-52B718F0E5C1}
[2010/04/01 01:07:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/16 17:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/01 17:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/08/10 14:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acreon
[2010/03/13 17:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Command & Conquer 3 Kane's Wrath
[2009/09/07 01:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Command & Conquer 3 Tiberium Wars
[2010/02/08 14:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Command and Conquer 4 Beta
[2009/08/02 12:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Darkfall
[2010/03/19 02:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Darkfall US
[2010/01/23 02:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Datel
[2010/03/31 23:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Free Download Manager
[2009/12/15 21:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2010/03/19 02:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\id Software
[2009/08/02 00:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Parallels
[2010/03/19 02:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RayV
[2009/09/10 00:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sierra
[2009/11/07 21:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SPORE
[2009/09/02 22:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Stardock
[2009/11/04 01:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2010/04/01 20:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2009/12/15 18:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wings3D
[2010/04/01 01:09:56 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/04/01 20:35:13 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/03/26 18:00:02 | 000,001,644 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_L5CEDFCAAC93143D289A80DD6E80D1DE2.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
[2009/08/29 00:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/08/15 23:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/08/01 17:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/08/09 12:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2010/03/31 21:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2010/02/07 22:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/02/08 14:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts Inc
[2010/01/27 17:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2009/08/01 17:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2009/08/01 23:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/08/01 17:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2009/08/01 17:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2009/08/01 17:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2009/08/25 21:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/09/03 08:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ironclad Games
[2010/04/01 01:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/08/01 17:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/03/30 21:16:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/08/29 22:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/03/31 22:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/08/01 23:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/09/02 22:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2010/04/01 01:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/10/02 20:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/25 16:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/08/01 17:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2009/08/01 18:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2009/08/01 18:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/09/02 22:45:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0941A14E-3930-437B-8105-52B718F0E5C1}
[2010/04/01 01:07:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/16 17:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/01 17:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/08/25 10:01:52 | 003,270,552 | ---- | M] (Stardock Corporation & nbsp; ) -- C:\Documents and Settings\All Users\Application Data\{0941A14E-3930-437B-8105-52B718F0E5C1}\Impulse_setup.exe
[2010/02/04 10:53:47 | 002,954,656 | ---- | M] (Lavasoft &nb sp; ) -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
[2009/02/04 15:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DifXInstall32.exe
[2010/01/22 20:51:36 | 000,072,488 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
[2010/02/08 14:01:53 | 000,485,136 | ---- | M] (Microsoft) -- C:\Documents and Settings\All Users\Application Data\Electronic Arts Inc\CNC4BetaPatch\LauncherUpdate_R14.exe
[2010/02/09 19:43:11 | 003,198,224 | ---- | M] (Microsoft) -- C:\Documents and Settings\All Users\Application Data\Electronic Arts Inc\CNC4BetaPatch\LauncherUpdate_R15.exe
[2008/10/21 19:34:05 | 000,049,904 | R--- | M] () -- C:\Documents and Settings\All Users\Application Data\Geek Squad\Customizer\GSRestartSvc.exe
[2010/04/01 01:07:56 | 001,265,264 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
[2010/04/01 01:07:57 | 000,818,256 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
[2010/04/01 01:07:57 | 001,597,952 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
[2010/04/01 01:07:58 | 000,855,864 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
[2010/04/01 01:07:58 | 000,849,744 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
[2010/04/01 01:08:04 | 000,015,880 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
[2010/04/01 01:08:05 | 000,885,736 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
[2009/08/29 00:17:33 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
[2009/08/29 00:19:30 | 001,925,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
[2009/08/01 17:19:35 | 001,962,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
< %APPDATA%\*. >
[2009/08/10 14:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acreon
[2009/08/29 00:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2010/02/18 22:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2010/03/13 17:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Command & Conquer 3 Kane's Wrath
[2009/09/07 01:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Command & Conquer 3 Tiberium Wars
[2010/02/08 14:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Command and Conquer 4 Beta
[2009/08/02 12:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Darkfall
[2010/03/19 02:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Darkfall US
[2010/01/23 02:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Datel
[2010/03/31 23:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Free Download Manager
[2009/08/02 01:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Google
[2009/12/15 21:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2009/08/01 17:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HP
[2010/03/19 02:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\id Software
[2009/08/01 17:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Identities
[2009/09/04 08:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IGN_DLM
[2009/12/15 18:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InstallShield
[2009/08/01 17:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2009/10/11 13:57:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2009/08/28 12:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2009/08/02 00:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Parallels
[2010/03/19 02:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RayV
[2009/09/06 01:45:50 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data\SecuROM
[2009/09/10 00:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sierra
[2010/04/01 01:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skype
[2010/04/01 01:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\skypePM
[2009/11/07 21:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SPORE
[2009/09/02 22:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Stardock
[2009/08/01 17:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sun
[2009/11/04 01:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2009/09/11 01:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\U3
[2010/04/01 20:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2009/09/16 15:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ventrilo
[2009/08/01 17:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Webroot
[2009/12/15 18:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wings3D
[2009/09/14 00:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinRAR
< %APPDATA%\*.exe /s >
[2009/08/10 14:58:52 | 000,272,384 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Acreon\WowMatrix\Modules\curl.exe
[2009/02/12 04:35:52 | 000,038,208 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010/02/01 17:52:36 | 001,291,640 | ---- | M] (EA Digital Illusions CE AB) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\roasmebf.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
[2009/08/01 19:09:09 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Address Book (Mac).exe
[2009/08/01 19:08:45 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\AirPort Utility (Mac).exe
[2009/08/01 19:08:59 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Alerts Daemon (Mac).exe
[2009/08/01 19:09:15 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\AppleScript Utility (Mac).exe
[2009/08/01 19:09:21 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Audio MIDI Setup (Mac).exe
[2009/08/01 19:09:10 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Automator (Mac).exe
[2009/08/01 19:09:15 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Chess (Mac).exe
[2009/08/01 19:09:23 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\ColorSync Utility (Mac).exe
[2009/08/01 19:09:24 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Dashboard (Mac).exe
[2009/08/01 19:09:07 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Dictionary (Mac).exe
[2009/08/01 19:09:23 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\DigitalColor Meter (Mac).exe
[2009/08/01 19:09:06 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Disk Utility (Mac).exe
[2009/08/01 19:09:13 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\DropStuff (Mac).exe
[2009/08/01 19:09:27 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\DVD Player (Mac).exe
[2009/08/01 19:08:43 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Equation Editor (Mac).exe
[2009/08/01 19:09:15 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Exposé (Mac).exe
[2009/08/01 19:09:19 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Folder Actions Setup (Mac).exe
[2009/08/01 19:09:16 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Font Book (Mac).exe
[2009/08/01 19:09:16 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Front Row (Mac).exe
[2009/08/01 19:09:05 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\GarageBand (Mac).exe
[2009/08/01 19:09:24 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Grapher (Mac).exe
[2009/08/01 19:08:57 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP All-in-One Device Chooser (Mac).exe
[2009/08/01 19:08:59 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Copy (Mac).exe
[2009/08/01 19:08:27 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Device Manager (Mac).exe
[2009/08/01 19:08:50 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Message Center (Mac).exe
[2009/08/01 19:08:52 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Network Settings Utility (Mac).exe
[2009/08/01 19:08:55 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Photosmart Create (Mac).exe
[2009/08/01 19:08:53 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Photosmart Print (Mac).exe
[2009/08/01 19:08:54 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Photosmart Share (Mac).exe
[2009/08/01 19:08:54 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Photosmart Stitch (Mac).exe
[2009/08/01 19:08:52 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Photosmart Studio (Mac).exe
[2009/08/01 19:08:56 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Registration Assistant (Mac).exe
[2009/08/01 19:08:57 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Scan Destinations (Mac).exe
[2009/08/01 19:08:30 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Scan Pro (Mac).exe
[2009/08/01 19:08:56 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Setup Assistant (Mac).exe
[2009/08/01 19:08:41 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Software Update (Mac).exe
[2009/08/01 19:09:01 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\HP Uninstaller (Mac).exe
[2009/08/01 19:09:09 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\iCal (Mac).exe
[2009/08/01 19:09:10 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\iChat (Mac).exe
[2009/08/01 19:09:06 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\iDVD (Mac).exe
[2009/08/01 19:09:16 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Image Capture (Mac).exe
[2009/08/01 19:09:12 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\iMovie (Mac).exe
[2009/08/01 19:08:46 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\iPhoto (Mac).exe
[2009/08/01 19:09:08 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\iSync (Mac).exe
[2009/08/01 19:08:47 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\iTunes (Mac).exe
[2009/08/01 19:08:45 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\iWeb (Mac).exe
[2009/08/01 19:09:11 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Java Web Start (Mac).exe
[2009/08/01 19:09:26 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Keychain Access (Mac).exe
[2009/08/01 19:08:44 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Keynote (Mac).exe
[2009/08/01 19:09:08 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Mail (Mac).exe
[2009/08/01 19:09:01 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Cert Manager (Mac).exe
[2009/08/01 19:09:01 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Chart Converter (Mac).exe
[2009/08/01 19:09:02 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Clip Gallery (Mac).exe
[2009/08/01 19:09:02 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Database Daemon (Mac).exe
[2009/08/01 19:09:02 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Database Utility (Mac).exe
[2009/08/01 19:08:34 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Entourage (Mac).exe
[2009/08/01 19:08:30 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Excel (Mac).exe
[2009/08/01 19:08:43 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Graph (Mac).exe
[2009/08/01 19:08:59 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Language Register (Mac).exe
[2009/08/01 19:08:40 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Messenger (Mac).exe
[2009/08/01 19:09:03 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Office Reminders (Mac).exe
[2009/08/01 19:08:42 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Office Setup Assistant (Mac).exe
[2009/08/01 19:08:34 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft PowerPoint (Mac).exe
[2009/08/01 19:09:03 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Project Gallery (Mac).exe
[2009/08/01 19:09:04 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Query (Mac).exe
[2009/08/01 19:09:04 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Sync Services (Mac).exe
[2009/08/01 19:08:29 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Microsoft Word (Mac).exe
[2009/08/01 19:08:38 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\My Day (Mac).exe
[2009/08/01 19:09:07 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Network Utility (Mac).exe
[2009/08/01 19:08:44 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Numbers (Mac).exe
[2009/08/01 19:09:26 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\ODBC Administrator (Mac).exe
[2009/08/01 19:09:05 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Organization Chart (Mac).exe
[2009/08/01 19:08:44 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Pages (Mac).exe
[2009/08/01 19:08:47 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Parallels Desktop (Mac).exe
[2009/08/01 19:08:48 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Parallels Explorer (Mac).exe
[2009/08/01 19:08:49 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Parallels Image Tool (Mac).exe
[2009/08/01 19:08:50 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Parallels Transporter (Mac).exe
[2009/08/01 19:08:46 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Preview (Mac).exe
[2009/08/01 19:09:08 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\QuickTime Player (Mac).exe
[2009/08/01 19:09:06 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\RAID Utility (Mac).exe
[2009/08/01 19:08:59 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Remove Office (Mac).exe
[2009/08/01 19:09:11 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Safari (Mac).exe
[2009/08/01 19:08:57 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\ScanUtility (Mac).exe
[2009/08/01 19:09:17 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Script Editor (Mac).exe
[2009/08/01 19:09:16 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Spaces (Mac).exe
[2009/08/01 19:09:19 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Stickies (Mac).exe
[2009/08/01 19:09:14 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\StuffIt Expander (Mac).exe
[2009/08/01 19:08:46 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\System Preferences (Mac).exe
[2009/08/01 19:09:14 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\System Profiler (Mac).exe
[2009/08/01 19:09:21 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\TextEdit (Mac).exe
[2009/08/01 19:09:16 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Time Machine (Mac).exe
[2009/08/01 19:09:13 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\Windows Media Player (Mac).exe
[2009/08/01 19:09:13 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\WMV Player (Mac).exe
[2009/08/01 19:09:12 | 000,290,816 | ---- | M] (Parallels Software International, Inc.) -- C:\Documents and Settings\Owner\Application Data\Parallels\Shared Applications\X11 (Mac).exe
[2007/10/23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\U3\temp\cleanup.exe
[2008/05/02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\i386\atapi.sys
[2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/02/28 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2006/02/28 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/21 18:26:56 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wrLZMA.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009/08/01 16:55:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/08/01 16:55:10 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/08/01 16:55:10 | 000,917,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
========== Alternate Data Streams ==========
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
#6
Posted 01 April 2010 - 08:11 PM
Kozer
- Topic Starter
-
- Member
-
- 46 posts
Member
And this is OTL extras
OTL Extras logfile created on: 4/1/2010 8:35:24 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.90 Gb Total Space | 18.99 Gb Free Space | 16.97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: OWNER-D55E6E712
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = Prls.IntAppFile.Http] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"1800:TCP" = 1800:TCP:*:Enabled:Services
"2100:TCP" = 2100:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3413:TCP" = 3413:TCP:*:Enabled:Services
"5326:TCP" = 5326:TCP:*:Enabled:Services
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"5191:TCP" = 5191:TCP:*:Enabled:The Browser Highlighter XCOM
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"1800:TCP" = 1800:TCP:*:Enabled:Services
"2100:TCP" = 2100:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3413:TCP" = 3413:TCP:*:Enabled:Services
"5326:TCP" = 5326:TCP:*:Enabled:Services
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1164B983-B166-43E6-8E44-8C626DA91E1C}_is1" = EasyMod 2.0
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1AEA033D-04D6-39A5-5C8A-FEDDBFC7EA5D}" = Empire Earth 2 Platinum
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1" = Webroot AntiVirus with AntiSpyware
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 16
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{33BC5F69-0E51-4121-A04A-0868D65CF050}" = VBPlayerMoz
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3a6f8a27-fa78-48a4-bbd1-399b000bcc9a}" = C8100_Help
"{3B62CF95-5E25-4720-A3D6-B4A2B0501961}" = Browser Highlighter - Firefox
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B49C924C-A651-4378-94F6-5D9BF44A959F}" = Empire Earth - The Art of Conquest
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B730E908-1FD5-4170-A0FE-B6AB874344F0}" = Parallels Tools
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DDAC27F9-8293-465f-A4B0-011F1D38BBA1}" = RoxioShim
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E659EB8F-5535-4EB2-B884-0AD1062400BD}" = SOFTIMAGE XSI 6 Mod Tool
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF3F9770-CA7B-4c5d-8A98-49AB97216546}" = C8100
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0E45628-1218-4865-A516-8E8A54272ADC}" = Boot Camp Services
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F596C356-BF35-4ED7-981C-CC791461A8F0}" = Empire Earth II: The Art of Supremacy
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"02FEC2FAAA7DED51CAF15F06DB8B63E735EE735C" = Windows Driver Package - Apple Inc. (applebt) Bluetooth (04/06/2008 2.1.0.1)
"144A90A8644F24BDCA0607CBAE7F90C2F5427DA4" = Windows Driver Package - Apple Inc. Apple Multitouch (12/18/2007 2.0.1.10)
"15749019150B76CBADCF00B88C88E85C16A26FF1" = Windows Driver Package - Apple Inc. (applebt) Bluetooth (11/13/2007 2.0.1.5)
"18BB9B0552BA675902E31409A34F929D9C9AD56C" = Windows Driver Package - Intel (e1express) Net (04/03/2006 9.3.39.0)
"2CA2C2712E3120F27F44A38A6FA5540D9A93CA01" = Windows Driver Package - Apple Inc. Apple IR Receiver (11/01/2007 2.0.1.1)
"5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"6AB59209597E0F6B986EC8E976521FDF0A696C9D" = Windows Driver Package - Marvell (yukonwxp) Net (03/23/2007 10.12.7.3)
"80087CDF19A4CE2FBB535E7DC99A0E50FFA25589" = Windows Driver Package - Intel (E1000) Net (01/06/2006 8.6.17.0)
"82BE89CA9B7493FA05D2D4D32B415CF07EA08B47" = Windows Driver Package - Intel System (07/20/2007 1.2.76.0)
"9324ED54E32F5399037F87E076CA01C6CEB92830" = Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"992615C0D0002C27AA3BB336C66D1E7764047A51" = Windows Driver Package - Apple Inc. Apple Trackpad (10/09/2007 2.0.1.5)
"AD3493E108434977125BBF78F47699626F8AF64B" = Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18)
"AD3F97DB12E1CE21FA0120AB7CE80FADD54FC0AB" = Windows Driver Package - Apple Inc. Apple Keyboard (03/10/2008 2.1.0.0)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ask Toolbar_is1" = Ask Toolbar
"ATI Display Driver" = ATI Display Driver
"C71CD722DD357F78301EAEA028431241C2D91890" = Windows Driver Package - Apple Inc. System (09/12/2007 2.0.1.1)
"CCleaner" = CCleaner (remove only)
"CE031DF97C704035E8B6E570362ABD337ACA4BA5" = Windows Driver Package - Atheros (AR5211) Net (04/05/2007 5.3.0.35)
"Civilization III: Game of the Year" = Civilization III: Game of the Year
"D1E46C4F35C591B14E31349A9EDA8227C5F0E966" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (10/09/2007 2.0.1.5)
"D3BCC671821E117ACD653C1AA146540791143F25" = Windows Driver Package - Apple Inc. Apple Display (12/19/2007 2.0.2.0)
"D66D0ACEFE4E32CCDF30362ACBB3EAEFB97E9FDE" = Windows Driver Package - Atheros (AR5416) Net (06/26/2007 6.0.3.94)
"D922ADD1498E7464ED76231D79D703FC1320C80C" = Windows Driver Package - Broadcom (BCM43XX) Net (09/20/2007 4.170.25.12)
"Download Manager" = Download Manager 2.3.9
"Empire Earth Gold" = Empire Earth Gold
"F5A89004299B5282B8B5D7D9F7253FF13C58628F" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (12/18/2007 2.0.1.10)
"F8438DF02326129F7A78E93130D90DA5C4F3D359" = Windows Driver Package - Apple Inc. Apple Keyboard (12/18/2007 2.0.2.3)
"Free Download Manager_is1" = Free Download Manager 2.5
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Impulse" = Impulse
"InstallShield_{33BC5F69-0E51-4121-A04A-0868D65CF050}" = VBPlayerMoz
"Master of Olympus - Zeus" = Master of Olympus - Zeus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nendo" = Nendo (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PunkBusterSvc" = PunkBuster Services
"Sins of a Solar Empire" = Sins of a Solar Empire
"Sins of a Solar Empire - Diplomacy" = Sins of a Solar Empire - Diplomacy
"Sins of a Solar Empire - Entrenchment" = Sins of a Solar Empire - Entrenchment
"Software Informer_is1" = Software Informer 1.0 BETA
"StarCraft" = StarCraft
"StarCraft II Beta" = StarCraft II Beta
"Submarine Titans" = Subm
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"Wings 3D 1.0.2" = Wings 3D 1.0.2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2/14/2010 12:15:05 PM | Computer Name = OWNER-D55E6E712 | Source = Google Update | ID = 20
Description =
Error - 2/14/2010 1:15:05 PM | Computer Name = OWNER-D55E6E712 | Source = Google Update | ID = 20
Description =
Error - 2/14/2010 2:15:05 PM | Computer Name = OWNER-D55E6E712 | Source = Google Update | ID = 20
Description =
Error - 2/14/2010 3:15:05 PM | Computer Name = OWNER-D55E6E712 | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 4/1/2010 5:33:21 PM | Computer Name = OWNER-D55E6E712 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 4/1/2010 5:33:21 PM | Computer Name = OWNER-D55E6E712 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PrlNP
Error - 4/1/2010 5:33:42 PM | Computer Name = OWNER-D55E6E712 | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {7F366BC0-158C-4C44-94F6-A45B5B148BBD}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.
Error - 4/1/2010 9:30:07 PM | Computer Name = OWNER-D55E6E712 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058
Error - 4/1/2010 9:30:07 PM | Computer Name = OWNER-D55E6E712 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Parallels Coherence Service
service to connect.
Error - 4/1/2010 9:30:07 PM | Computer Name = OWNER-D55E6E712 | Source = Service Control Manager | ID = 7000
Description = The Parallels Coherence Service service failed to start due to the
following error: %%1053
Error - 4/1/2010 9:30:14 PM | Computer Name = OWNER-D55E6E712 | Source = ati2mtag | ID = 46084
Description = CV can't load required graphics object
Error - 4/1/2010 9:31:33 PM | Computer Name = OWNER-D55E6E712 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 4/1/2010 9:31:33 PM | Computer Name = OWNER-D55E6E712 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PrlNP
Error - 4/1/2010 9:31:52 PM | Computer Name = OWNER-D55E6E712 | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {7F366BC0-158C-4C44-94F6-A45B5B148BBD}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.
< End of report >
OTL Extras logfile created on: 4/1/2010 8:35:24 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.90 Gb Total Space | 18.99 Gb Free Space | 16.97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: OWNER-D55E6E712
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = Prls.IntAppFile.Http] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"1800:TCP" = 1800:TCP:*:Enabled:Services
"2100:TCP" = 2100:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3413:TCP" = 3413:TCP:*:Enabled:Services
"5326:TCP" = 5326:TCP:*:Enabled:Services
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"5191:TCP" = 5191:TCP:*:Enabled:The Browser Highlighter XCOM
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"1800:TCP" = 1800:TCP:*:Enabled:Services
"2100:TCP" = 2100:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3413:TCP" = 3413:TCP:*:Enabled:Services
"5326:TCP" = 5326:TCP:*:Enabled:Services
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1164B983-B166-43E6-8E44-8C626DA91E1C}_is1" = EasyMod 2.0
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1AEA033D-04D6-39A5-5C8A-FEDDBFC7EA5D}" = Empire Earth 2 Platinum
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1" = Webroot AntiVirus with AntiSpyware
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 16
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{33BC5F69-0E51-4121-A04A-0868D65CF050}" = VBPlayerMoz
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3a6f8a27-fa78-48a4-bbd1-399b000bcc9a}" = C8100_Help
"{3B62CF95-5E25-4720-A3D6-B4A2B0501961}" = Browser Highlighter - Firefox
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B49C924C-A651-4378-94F6-5D9BF44A959F}" = Empire Earth - The Art of Conquest
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B730E908-1FD5-4170-A0FE-B6AB874344F0}" = Parallels Tools
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DDAC27F9-8293-465f-A4B0-011F1D38BBA1}" = RoxioShim
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E659EB8F-5535-4EB2-B884-0AD1062400BD}" = SOFTIMAGE XSI 6 Mod Tool
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF3F9770-CA7B-4c5d-8A98-49AB97216546}" = C8100
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0E45628-1218-4865-A516-8E8A54272ADC}" = Boot Camp Services
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F596C356-BF35-4ED7-981C-CC791461A8F0}" = Empire Earth II: The Art of Supremacy
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"02FEC2FAAA7DED51CAF15F06DB8B63E735EE735C" = Windows Driver Package - Apple Inc. (applebt) Bluetooth (04/06/2008 2.1.0.1)
"144A90A8644F24BDCA0607CBAE7F90C2F5427DA4" = Windows Driver Package - Apple Inc. Apple Multitouch (12/18/2007 2.0.1.10)
"15749019150B76CBADCF00B88C88E85C16A26FF1" = Windows Driver Package - Apple Inc. (applebt) Bluetooth (11/13/2007 2.0.1.5)
"18BB9B0552BA675902E31409A34F929D9C9AD56C" = Windows Driver Package - Intel (e1express) Net (04/03/2006 9.3.39.0)
"2CA2C2712E3120F27F44A38A6FA5540D9A93CA01" = Windows Driver Package - Apple Inc. Apple IR Receiver (11/01/2007 2.0.1.1)
"5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"6AB59209597E0F6B986EC8E976521FDF0A696C9D" = Windows Driver Package - Marvell (yukonwxp) Net (03/23/2007 10.12.7.3)
"80087CDF19A4CE2FBB535E7DC99A0E50FFA25589" = Windows Driver Package - Intel (E1000) Net (01/06/2006 8.6.17.0)
"82BE89CA9B7493FA05D2D4D32B415CF07EA08B47" = Windows Driver Package - Intel System (07/20/2007 1.2.76.0)
"9324ED54E32F5399037F87E076CA01C6CEB92830" = Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"992615C0D0002C27AA3BB336C66D1E7764047A51" = Windows Driver Package - Apple Inc. Apple Trackpad (10/09/2007 2.0.1.5)
"AD3493E108434977125BBF78F47699626F8AF64B" = Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18)
"AD3F97DB12E1CE21FA0120AB7CE80FADD54FC0AB" = Windows Driver Package - Apple Inc. Apple Keyboard (03/10/2008 2.1.0.0)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ask Toolbar_is1" = Ask Toolbar
"ATI Display Driver" = ATI Display Driver
"C71CD722DD357F78301EAEA028431241C2D91890" = Windows Driver Package - Apple Inc. System (09/12/2007 2.0.1.1)
"CCleaner" = CCleaner (remove only)
"CE031DF97C704035E8B6E570362ABD337ACA4BA5" = Windows Driver Package - Atheros (AR5211) Net (04/05/2007 5.3.0.35)
"Civilization III: Game of the Year" = Civilization III: Game of the Year
"D1E46C4F35C591B14E31349A9EDA8227C5F0E966" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (10/09/2007 2.0.1.5)
"D3BCC671821E117ACD653C1AA146540791143F25" = Windows Driver Package - Apple Inc. Apple Display (12/19/2007 2.0.2.0)
"D66D0ACEFE4E32CCDF30362ACBB3EAEFB97E9FDE" = Windows Driver Package - Atheros (AR5416) Net (06/26/2007 6.0.3.94)
"D922ADD1498E7464ED76231D79D703FC1320C80C" = Windows Driver Package - Broadcom (BCM43XX) Net (09/20/2007 4.170.25.12)
"Download Manager" = Download Manager 2.3.9
"Empire Earth Gold" = Empire Earth Gold
"F5A89004299B5282B8B5D7D9F7253FF13C58628F" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (12/18/2007 2.0.1.10)
"F8438DF02326129F7A78E93130D90DA5C4F3D359" = Windows Driver Package - Apple Inc. Apple Keyboard (12/18/2007 2.0.2.3)
"Free Download Manager_is1" = Free Download Manager 2.5
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Impulse" = Impulse
"InstallShield_{33BC5F69-0E51-4121-A04A-0868D65CF050}" = VBPlayerMoz
"Master of Olympus - Zeus" = Master of Olympus - Zeus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nendo" = Nendo (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PunkBusterSvc" = PunkBuster Services
"Sins of a Solar Empire" = Sins of a Solar Empire
"Sins of a Solar Empire - Diplomacy" = Sins of a Solar Empire - Diplomacy
"Sins of a Solar Empire - Entrenchment" = Sins of a Solar Empire - Entrenchment
"Software Informer_is1" = Software Informer 1.0 BETA
"StarCraft" = StarCraft
"StarCraft II Beta" = StarCraft II Beta
"Submarine Titans" = Subm
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"Wings 3D 1.0.2" = Wings 3D 1.0.2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2/14/2010 12:15:05 PM | Computer Name = OWNER-D55E6E712 | Source = Google Update | ID = 20
Description =
Error - 2/14/2010 1:15:05 PM | Computer Name = OWNER-D55E6E712 | Source = Google Update | ID = 20
Description =
Error - 2/14/2010 2:15:05 PM | Computer Name = OWNER-D55E6E712 | Source = Google Update | ID = 20
Description =
Error - 2/14/2010 3:15:05 PM | Computer Name = OWNER-D55E6E712 | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 4/1/2010 5:33:21 PM | Computer Name = OWNER-D55E6E712 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 4/1/2010 5:33:21 PM | Computer Name = OWNER-D55E6E712 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PrlNP
Error - 4/1/2010 5:33:42 PM | Computer Name = OWNER-D55E6E712 | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {7F366BC0-158C-4C44-94F6-A45B5B148BBD}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.
Error - 4/1/2010 9:30:07 PM | Computer Name = OWNER-D55E6E712 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058
Error - 4/1/2010 9:30:07 PM | Computer Name = OWNER-D55E6E712 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Parallels Coherence Service
service to connect.
Error - 4/1/2010 9:30:07 PM | Computer Name = OWNER-D55E6E712 | Source = Service Control Manager | ID = 7000
Description = The Parallels Coherence Service service failed to start due to the
following error: %%1053
Error - 4/1/2010 9:30:14 PM | Computer Name = OWNER-D55E6E712 | Source = ati2mtag | ID = 46084
Description = CV can't load required graphics object
Error - 4/1/2010 9:31:33 PM | Computer Name = OWNER-D55E6E712 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 4/1/2010 9:31:33 PM | Computer Name = OWNER-D55E6E712 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PrlNP
Error - 4/1/2010 9:31:52 PM | Computer Name = OWNER-D55E6E712 | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {7F366BC0-158C-4C44-94F6-A45B5B148BBD}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.
< End of report >
#7
Posted 01 April 2010 - 08:17 PM
Kozer
- Topic Starter
-
- Member
-
- 46 posts
Member
As to how my computer is now doing...The troj/Mbroot-H virus is still there according to Webroot.
#8
Posted 02 April 2010 - 04:16 AM
heir
-
- Malware Removal
-
- 5,427 posts
Trusted Helper
Never worked with a MAC with windows on it so it might need research. We'll get there though.
Step 1.
Uninstall unwanted software:
Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):
µTorrent
Optional removals
µTorrent and P2P programs in general are legal themselves, but much of the content downloaded with them is downloaded illegally. They are also a great way to infect yourself with malware.
It's up to you if you want to remove the above programs, however I recommend you do.
Step 2.
Filescan:
Step 3.
OTL-fix:
Run OTL.exe
Step 4.
maxhandle:
Download and run maxhandle
Either a log (C:\maxhandle.txt) will open automatically or the message Nothing found! is echoed to the screen - no log is produced.
Post the result in your reply.
Step 5.
Things I would like to see in your reply:
Step 1.
Uninstall unwanted software:
Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):
µTorrent
Optional removals
µTorrent and P2P programs in general are legal themselves, but much of the content downloaded with them is downloaded illegally. They are also a great way to infect yourself with malware.
It's up to you if you want to remove the above programs, however I recommend you do.
Step 2.
Filescan:
- Using Internet Explorer please go to VirSCAN.org FREE on-line scan service
- Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
- C:\WINDOWS\System32\wrLZMA.dll
- Click on the Upload button
- Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
- Paste the contents of the Clipboard in your next reply.
Step 3.
OTL-fix:
Run OTL.exe
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found. [2010/04/01 01:13:44 | 000,000,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg [2010/03/17 12:57:30 | 000,013,454 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\s8j6OHmJ6C447 [2010/03/17 12:57:29 | 000,013,454 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\s8j6OHmJ6C447 :Commands [purity] [emptytemp] [emptyflash] [start explorer] [Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
- Then post the OTL fixlog
Step 4.
maxhandle:
Download and run maxhandle
Either a log (C:\maxhandle.txt) will open automatically or the message Nothing found! is echoed to the screen - no log is produced.
Post the result in your reply.
Step 5.
Things I would like to see in your reply:
- Which P2P programs were uninstalled in step 1.
- The results from the filescan in step 2.
- The content of the fixlog from OTL in step 3.
- The content of maxhandle.txt or information about the message in step 4.
Edited by heir, 02 April 2010 - 09:36 AM.
spelling
#9
Posted 02 April 2010 - 09:03 AM
Kozer
- Topic Starter
-
- Member
-
- 46 posts
Member
It would not let me type or paste anything into the search box so I browsed for C:\WINDOWS\System32\wrLZMA.dll I am pretty sure that I found the right file but when I hit upload it said file not found.
Edit: tried it again and the same thing happened
Edit: tried it again and the same thing happened
Edited by Kozer, 02 April 2010 - 09:05 AM.
#10
Posted 02 April 2010 - 09:06 AM
heir
-
- Malware Removal
-
- 5,427 posts
Trusted Helper
OK I can see why now. The file is locked.
Proceed with the other steps.
Proceed with the other steps.
Edited by heir, 02 April 2010 - 09:06 AM.
typo
#11
Posted 02 April 2010 - 09:24 AM
Kozer
- Topic Starter
-
- Member
-
- 46 posts
Member
I tried to remove Utorrent but it had already been removed at an earlier point.
Could not run the filescan.
Content below.
And maxhandle said "Nothing found!"
OTL report
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.
C:\WINDOWS\system32\drivers\kgpcpy.cfg moved successfully.
C:\Documents and Settings\All Users\Application Data\s8j6OHmJ6C447 moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\s8j6OHmJ6C447 moved successfully.
File rity] not found.
File ptytemp] not found.
File ptyflash] not found.
File art explorer] not found.
File boot] not found.
OTL by OldTimer - Version 3.1.37.3 log created on 04022010_100952
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Could not run the filescan.
Content below.
And maxhandle said "Nothing found!"
OTL report
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.
C:\WINDOWS\system32\drivers\kgpcpy.cfg moved successfully.
C:\Documents and Settings\All Users\Application Data\s8j6OHmJ6C447 moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\s8j6OHmJ6C447 moved successfully.
File rity] not found.
File ptytemp] not found.
File ptyflash] not found.
File art explorer] not found.
File boot] not found.
OTL by OldTimer - Version 3.1.37.3 log created on 04022010_100952
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Edited by Kozer, 02 April 2010 - 09:31 AM.
#12
Posted 02 April 2010 - 11:04 AM
heir
-
- Malware Removal
-
- 5,427 posts
Trusted Helper
What happened in step 4?
#13
Posted 02 April 2010 - 11:27 AM
heir
-
- Malware Removal
-
- 5,427 posts
Trusted Helper
Sorry saw it in your previous post now.
Could have sworn that it wasn't there the first time I read the post.
(In case you edited it in - don't do that as I won't get notified when a post is edited, only when a new post is entered. There is no post-limit.
How is your computer running now?
Could have sworn that it wasn't there the first time I read the post.
(In case you edited it in - don't do that as I won't get notified when a post is edited, only when a new post is entered. There is no post-limit.
How is your computer running now?
#14
Posted 02 April 2010 - 11:38 AM
Kozer
- Topic Starter
-
- Member
-
- 46 posts
Member
Sorry thought about posting it but thought you would prefer it in one post...Uh my computer still has the virus on it so not too well.
#15
Posted 02 April 2010 - 11:42 AM
heir
-
- Malware Removal
-
- 5,427 posts
Trusted Helper
Hm.. let's do this then:
Download ComboFix from one of these locations:
Link 2
Link 3
* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Download ComboFix from one of these locations:
Link 2
Link 3
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. Here is a howto for some of the applications.
They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
