Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

I dont know what is going on

Started by mrav , Feb 21 2009 06:39 AM

Please log in to reply

#1
mrav

Posted 21 February 2009 - 06:39 AM

Member

Member
10 posts

Hello it has been some time since I have been on these forums my problem is not so big....ot at least I think so.
Problem is tht I cant open any folder not even Control Panel or my computer.All of my games or programs are working.And when I use right click>explore I go to internet and there is message tht say u have finnshed donwnloading of some porn I dont know name of it but tht doesn't matter.I just need help right now I rllly dont want to restart windows again.Last time I had some sailty viruses u know those tht destroys .exe files.Help please!

#2
kahdah

Posted 21 February 2009 - 06:42 AM

GeekU Teacher

Retired Staff
15,822 posts

Hello mrav

Welcome to G2Go.

=====================

Download OTListIt2 to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

===========
Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

#3
mrav

Posted 21 February 2009 - 07:05 AM

Member

Topic Starter
Member
10 posts

OTListIt.txt

OTListIt logfile created on: 2/21/2009 2:01:56 PM - Run
OTListIt2 by OldTimer - Version 2.0.1.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.40% Memory free
3.85 Gb Paging File | 3.51 Gb Available in Paging File | 91.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 207.12 Gb Free Space | 88.94% Space Free | Partition Type: NTFS
Drive D: | 688.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAZOR
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
PRC - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe (CA, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe ()
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe ()
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (ASKService [Auto | Running]) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
SRV - (ASKUpgrade [Auto | Running]) -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (CaCCProvSP [On_Demand | Running]) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EhttpSrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1c992a81981e8f8 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (ITMRTSVC [Auto | Running]) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe (CA, Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NOD32FiXTemDono [Auto | Stopped]) -- C:\WINDOWS\system32\regedt32.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (PPCtlPriv [On_Demand | Running]) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (CA, Inc.)
SRV - (ServiceLayer [On_Demand | Running]) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

========== Driver Services (SafeList) ==========

DRV - (Aspi32 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (catchme [On_Demand | Running]) -- File not found
DRV - (eamon [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\eamon.sys (ESET)
DRV - (easdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\easdrv.sys (ESET)
DRV - (epfwtdir [System | Running]) -- C:\WINDOWS\system32\DRIVERS\epfwtdir.sys ()
DRV - (gdrv [On_Demand | Stopped]) -- C:\WINDOWS\gdrv.sys (Windows ® Codename Longhorn DDK provider)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ltmodem5 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys (LT)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (nmwcd [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pccsmcfd [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys (Nokia)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RTLE8023xp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/intl/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll ()
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (WinClick32) - {C79C0828-DBE7-4E19-BA25-F0A178AA81A1} - C:\WINDOWS\system32\fejokt.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" (CA, Inc.)
O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H ()
O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (Nokia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInstrumentation = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMFUprogramsList = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - D:\AUTORUN.INF () - [ CDFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe -- [2008/04/14 11:00:00 | 01,314,816 | R--- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/02/21 14:00:03 | 00,494,080 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/02/21 13:29:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2009/02/21 13:29:34 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2009/02/21 13:29:33 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009/02/21 13:27:11 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/02/21 13:26:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/02/21 13:22:35 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/02/21 13:21:49 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SDFix.exe
[2009/02/21 12:36:00 | 00,000,000 | ---D | C] -- C:\WINDOWS.0
[2009/02/21 11:12:44 | 00,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2009/02/20 21:14:32 | 00,000,728 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to age3.exe.lnk
[2009/02/20 21:14:04 | 01,437,695 | ---- | C] () -- C:\WINDOWS\System32\microsoft.directx.direct3dx.xml
[2009/02/20 21:14:04 | 01,252,798 | ---- | C] () -- C:\WINDOWS\System32\microsoft.directx.directplay.xml
[2009/02/20 21:14:04 | 00,849,122 | ---- | C] () -- C:\WINDOWS\System32\microsoft.directx.direct3d.xml
[2009/02/20 21:14:04 | 00,755,962 | ---- | C] () -- C:\WINDOWS\System32\microsoft.directx.directdraw.xml
[2009/02/20 21:14:04 | 00,576,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.directx.direct3dx.dll
[2009/02/20 21:14:04 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.directx.direct3d.dll
[2009/02/20 21:14:04 | 00,364,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.directx.directplay.dll
[2009/02/20 21:14:04 | 00,348,085 | ---- | C] () -- C:\WINDOWS\System32\microsoft.directx.directsound.xml
[2009/02/20 21:14:04 | 00,345,509 | ---- | C] () -- C:\WINDOWS\System32\microsoft.directx.directinput.xml
[2009/02/20 21:14:04 | 00,265,390 | ---- | C] () -- C:\WINDOWS\System32\microsoft.directx.xml
[2009/02/20 21:14:04 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.directx.dll
[2009/02/20 21:14:04 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.directx.directsound.dll
[2009/02/20 21:14:04 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.directx.directinput.dll
[2009/02/20 21:14:04 | 00,145,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.directx.directdraw.dll
[2009/02/20 21:14:04 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.directx.audiovideoplayback.dll
[2009/02/20 21:14:04 | 00,033,914 | ---- | C] () -- C:\WINDOWS\System32\microsoft.directx.audiovideoplayback.xml
[2009/02/20 21:14:04 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.directx.diagnostics.dll
[2009/02/20 21:14:04 | 00,010,439 | ---- | C] () -- C:\WINDOWS\System32\microsoft.directx.diagnostics.xml
[2009/02/20 21:00:52 | 00,000,593 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Age of Empires III.lnk
[2009/02/20 21:00:31 | 00,000,000 | ---D | C] -- C:\Program Files\Age of Empires III
[2009/02/20 19:11:02 | 00,003,183 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Alcohol_120__-__tried_and_true__no_viruses__no_bullshit_-_Biggy.4730099.TPB.torrent
[2009/02/20 19:08:18 | 00,014,291 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WINDOWS_XP_SP3_2009_ULTRA_EDITION.4611724.TPB.torrent
[2009/02/20 18:32:09 | 00,000,530 | ---- | C] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Administrator at 6 32 PM.job
[2009/02/20 18:31:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2009/02/20 18:31:51 | 00,250,544 | ---- | C] (KeyWorks Software) -- C:\WINDOWS\System32\KeyHelp.ocx
[2009/02/20 18:31:50 | 00,000,000 | -H-D | C] -- C:\Config.msi
[2009/02/20 18:31:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2009/02/20 18:31:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CA
[2009/02/20 18:31:40 | 00,000,000 | ---D | C] -- C:\Program Files\CA
[2009/02/20 18:10:18 | 00,007,657 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CA_Anti-Spyware_2008_v10.0.0.210___Keygen_[RH].4726005.TPB.torrent
[2009/02/20 18:00:49 | 00,001,559 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\IE-Security.lnk
[2009/02/20 18:00:48 | 00,000,000 | ---D | C] -- C:\Program Files\IE-Security
[2009/02/20 17:15:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Age_of_Empires_III_full version
[2009/02/20 13:37:04 | 10,043,1872 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SoulReaver2_WM_By_Liberty.part1.rar
[2009/02/20 13:34:24 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\fejokt.dll
[2009/02/20 13:34:24 | 00,019,214 | ---- | C] () -- C:\WINDOWS\System32\sf.ico
[2009/02/20 13:34:24 | 00,013,942 | ---- | C] () -- C:\WINDOWS\System32\m3.ico
[2009/02/20 13:34:24 | 00,003,182 | ---- | C] () -- C:\WINDOWS\ios.dat
[2009/02/20 10:11:48 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WarezHub.Net Lpk761.nedivx-wjh.avi
[2009/02/20 10:11:46 | 67,834,7808 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WarezHub.Net Lpk761.nedivx-wjh.avi.part
[2009/02/20 09:33:26 | 63,193,024 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SoulReaver2Setup(2).exe
[2009/02/20 08:05:57 | 00,003,459 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\reloaded.nfo
[2009/02/20 08:03:51 | 03,156,026 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\theelderscrolls4_oblivion-nocd-1_0-ENG.zip
[2009/02/20 08:03:13 | 97,280,704 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\T3Setup.exe
[2009/02/19 20:52:04 | 00,033,758 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Soul_Reaver_2_.4060227.TPB.torrent
[2009/02/19 20:50:30 | 00,022,759 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Hitman_-_Blood_Money.3509149.TPB.torrent
[2009/02/19 17:49:02 | 23,625,6544 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SoulReaver2Setup.exe
[2009/02/19 16:40:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Google
[2009/02/19 16:40:36 | 00,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/02/19 16:38:24 | 00,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/02/19 16:38:21 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/02/19 16:38:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2009/02/19 14:42:45 | 36,727,3454 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WarezHub.net.lost.s05e06.hdtv.xvid-xor.avi
[2009/02/19 13:47:59 | 00,000,610 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Wolfenstein (Single Player).lnk
[2009/02/19 13:47:59 | 00,000,610 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Wolfenstein (Multiplayer).lnk
[2009/02/19 13:45:17 | 00,000,000 | ---D | C] -- C:\Return to Castle Wolfenstein
[2009/02/19 09:47:44 | 00,018,361 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\LOST_SEASON_5_Episode_6_by_deathmule.4731146.TPB.torrent
[2009/02/19 08:25:40 | 00,030,791 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\100.jpg
[2009/02/18 21:24:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2009/02/18 20:51:09 | 00,000,919 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Exoddus.exe.lnk
[2009/02/18 17:27:18 | 00,015,470 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Slumdog.Millionaire.DVDSCR.XviD-NoGrp__.4598477.TPB.torrent
[2009/02/18 17:23:47 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/18 17:23:25 | 00,132,788 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Step.Brothers[2008][Unrated.Edition]DvDrip-aXXo.srt
[2009/02/18 16:47:52 | 00,005,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Tutai.nfo
[2009/02/18 16:47:52 | 00,000,102 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rtcw.reg
[2009/02/18 16:46:31 | 00,000,000 | ---D | C] -- C:\Program Files\Return to Castle Wolfenstein
[2009/02/18 16:45:01 | 00,000,765 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2009/02/18 16:44:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
[2009/02/18 16:44:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
[2009/02/18 16:43:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/02/18 16:43:11 | 00,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2009/02/18 16:43:06 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2009/02/18 16:41:21 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/02/18 16:41:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2009/02/18 16:39:29 | 07,321,032 | ---- | C] (DT Soft Ltd.) -- C:\Documents and Settings\Administrator\Desktop\daemon4303-lite.exe
[2009/02/18 14:41:48 | 00,059,248 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Yes Man.srt
[2009/02/18 14:40:14 | 00,000,775 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BS.Player FREE.lnk
[2009/02/18 14:36:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\BSplayer Pro
[2009/02/18 14:36:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\BSplayer
[2009/02/18 14:36:21 | 00,000,000 | ---D | C] -- C:\Program Files\Webteh
[2009/02/18 14:26:26 | 10,724,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\bsplayer2.34.exe
[2009/02/18 14:23:50 | 00,022,800 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\c6d61c09d2cd50eda60e83808ce958093bf68726.zip
[2009/02/18 14:23:14 | 00,053,012 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\379bdbce9e976c1c44ba76b99584a68073ceb9c6.zip
[2009/02/18 13:51:06 | 00,031,861 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Oddworld__Abe_s_Exoddus.3280822.TPB.torrent
[2009/02/18 13:49:43 | 00,000,000 | ---D | C] -- C:\Abe's Oddysee Demo
[2009/02/18 13:27:23 | 00,029,849 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\The_Elder_Scrolls_IV__Oblivion_Soundtrack.4356594.TPB.torrent
[2009/02/18 13:25:49 | 32,219,648 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\abeodd.exe
[2009/02/18 13:08:23 | 70,368,4608 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RTCW.iso
[2009/02/18 12:59:20 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Age_of_Empires_III_full version.rar
[2009/02/18 12:59:19 | 03,101,760 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Age_of_Empires_III_full version.rar.part
[2009/02/18 10:22:45 | 03,651,956 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\legacy.of.kain.soul.reaver.2-fanobliv.rar
[2009/02/18 07:16:11 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2009/02/18 07:16:11 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2009/02/18 07:16:10 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2009/02/18 07:16:09 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2009/02/18 07:16:09 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2009/02/18 07:16:09 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2009/02/18 07:16:08 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2009/02/18 07:16:07 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2009/02/18 07:16:07 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2009/02/18 07:16:06 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2009/02/18 07:16:05 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2009/02/18 07:16:05 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2009/02/18 07:16:05 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2009/02/18 07:16:04 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2009/02/18 07:16:02 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2009/02/18 07:16:02 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2009/02/18 07:16:01 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2009/02/18 07:16:00 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2009/02/18 07:15:59 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2009/02/18 07:15:59 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2009/02/18 07:15:59 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2009/02/18 07:15:58 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2009/02/18 07:15:58 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2009/02/18 07:15:57 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2009/02/18 07:15:57 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2009/02/18 07:15:57 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2009/02/18 07:15:56 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2009/02/18 07:15:54 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2009/02/18 07:15:54 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2009/02/18 07:15:54 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2009/02/18 07:15:54 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2009/02/18 07:15:54 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2009/02/18 07:15:54 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2009/02/18 07:15:53 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2009/02/18 07:15:53 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2009/02/18 07:15:53 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2009/02/18 07:15:53 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2009/02/18 07:15:53 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2009/02/18 07:15:51 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/02/18 07:15:51 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2009/02/18 07:15:51 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2009/02/18 07:15:51 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2009/02/18 07:15:50 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2009/02/18 07:15:50 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2009/02/18 07:15:50 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2009/02/18 07:15:50 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2009/02/18 07:15:50 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2009/02/18 07:15:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2009/02/18 07:14:35 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/02/18 07:12:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/02/18 07:12:14 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/02/18 07:12:05 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2009/02/18 07:11:00 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/02/18 07:10:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/02/18 07:10:21 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2009/02/18 07:10:20 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2009/02/18 07:10:19 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2009/02/18 07:10:17 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2009/02/18 07:10:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive
[2009/02/18 06:20:46 | 03,709,002 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\trydream_fanobliv.rar
[2009/02/17 20:59:38 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/02/17 20:58:48 | 00,001,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Oblivion.lnk
[2009/02/17 20:53:06 | 00,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2009/02/17 20:53:05 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2009/02/17 20:51:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Games
[2009/02/17 20:51:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Oblivion
[2009/02/17 08:12:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/02/16 22:01:10 | 06,210,728 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\amxmodx-installer-1.76d.exe
[2009/02/16 21:58:01 | 00,013,830 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\no-won-steam.zip
[2009/02/16 21:15:19 | 00,000,000 | ---D | C] -- C:\HLDS
[2009/02/16 20:03:26 | 00,000,000 | ---D | C] -- C:\Program Files\GIGABYTE
[2009/02/16 20:02:37 | 00,014,656 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\gdrv.sys
[2009/02/16 19:04:10 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Super_Simple_Wall_v3.8.rar
[2009/02/16 19:02:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ESET
[2009/02/16 19:01:08 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Super_Simple_Wallhack_v2.6.exe
[2009/02/16 18:57:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
[2009/02/16 18:52:32 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SSWv5.7(2).rar
[2009/02/16 18:51:53 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SSWv5.7.rar
[2009/02/16 18:48:48 | 00,000,553 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CS_1.6_Super_Simple_Wall_v4.7.4261133.TPB.torrent
[2009/02/16 18:42:41 | 00,000,812 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to timm3h.exe.lnk
[2009/02/16 18:41:19 | 00,097,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\timm3h.dll
[2009/02/16 18:41:19 | 00,011,776 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\timm3h.exe
[2009/02/16 18:40:45 | 00,107,209 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MPH Timm3h v1.4.zip
[2009/02/16 18:31:58 | 00,589,776 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\_Fkn0wned.com__Inspirate_v_1.1_2009_02_14(3).zip
[2009/02/16 18:28:42 | 00,225,280 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\cool.dll
[2009/02/16 18:28:39 | 00,319,488 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\cool.exe
[2009/02/16 18:28:39 | 00,002,060 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\vecs.cfg
[2009/02/16 18:28:39 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\startup.cfg
[2009/02/16 18:28:33 | 00,148,988 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\hypnotick_hookv1_3_4.zip
[2009/02/16 18:27:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Hypnotick Hook v2.4.2
[2009/02/16 18:27:10 | 00,151,171 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Hypnotick Hook v2.4.2.rar
[2009/02/16 18:20:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\hack
[2009/02/16 18:20:33 | 00,202,749 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AbsoHack_9.0.0.7.zip
[2009/02/16 18:18:20 | 00,589,776 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\_Fkn0wned.com__Inspirate_v_1.1_2009_02_14(2).zip
[2009/02/16 18:07:59 | 00,589,776 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\_Fkn0wned.com__Inspirate_v_1.1_2009_02_14.zip
[2009/02/16 18:07:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\TeP Public 1.0
[2009/02/16 17:30:31 | 00,004,846 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\l.jpeg
[2009/02/16 17:29:06 | 00,004,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\images.jpeg
[2009/02/16 17:28:39 | 00,003,634 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\LOPOv.jpeg
[2009/02/16 14:20:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Thinstall
[2009/02/16 14:20:04 | 81,283,375 | ---- | C] (exosyphen studios) -- C:\Documents and Settings\Administrator\Desktop\Evolution.exe
[2009/02/16 14:20:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Hacker Evolution
[2009/02/16 13:54:26 | 76,783,846 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Hacker_Evolution_fanobliv.rar
[2009/02/16 10:24:13 | 00,000,639 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Icy Tower.lnk
[2009/02/16 10:24:11 | 00,000,000 | ---D | C] -- C:\games
[2009/02/16 10:23:21 | 02,644,788 | ---- | C] (Free Lunch Design ) -- C:\Documents and Settings\Administrator\Desktop\icytower13_install.exe
[2009/02/16 09:43:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/02/16 09:43:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2009/02/16 09:43:13 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/02/16 09:43:11 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/02/16 09:42:55 | 07,521,112 | ---- | C] (Mozilla) -- C:\Documents and Settings\Administrator\Desktop\Firefox Setup 3.0.6.exe
[2009/02/16 01:01:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2009/02/16 01:01:34 | 00,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2009/02/16 01:01:34 | 00,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2009/02/16 01:01:20 | 00,083,200 | R--- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys
[2009/02/16 01:01:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2009/02/16 01:00:55 | 02,808,832 | R--- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2009/02/16 01:00:55 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2009/02/16 01:00:52 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/02/16 01:00:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2009/02/16 01:00:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/02/16 00:59:23 | 04,265,204 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/02/16 00:59:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009/02/16 00:59:00 | 00,000,000 | ---D | C] -- C:\Program Files\Intel
[2009/02/16 00:56:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2009/02/16 00:56:31 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009/02/16 00:56:28 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Administrator\My Documents\desktop.ini
[2009/02/16 00:56:28 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2009/02/16 00:56:28 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2009/02/16 00:56:25 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
[2009/02/16 00:56:25 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2009/02/16 00:56:25 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2009/02/16 00:56:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2009/02/16 00:56:24 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/02/16 00:56:09 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/16 00:56:09 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2009/02/16 00:56:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/02/16 00:56:07 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2009/02/16 00:55:14 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/02/16 00:54:53 | 00,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/02/16 00:54:53 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/02/16 00:54:53 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/02/16 00:54:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2009/02/16 00:54:53 | 00,000,000 | ---- | C] () -- C:&

#4
mrav

Posted 21 February 2009 - 07:07 AM

Member

Topic Starter
Member
10 posts

#5
mrav

Posted 21 February 2009 - 07:09 AM

Member

Topic Starter
Member
10 posts

OTListIt Extras logfile created on: 2/21/2009 2:01:56 PM - Run
OTListIt2 by OldTimer - Version 2.0.1.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.40% Memory free
3.85 Gb Paging File | 3.51 Gb Available in Paging File | 91.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 207.12 Gb Free Space | 88.94% Space Free | Partition Type: NTFS
Drive D: | 688.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAZOR
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus (Vuze Inc.)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher (Valve)
C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare (MusicLab, LLC)
C:\HLDS\hlds.exe:*:Enabled:HLDS Launcher (Valve)
C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe:*:Enabled:WolfMP File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{28184E01-D57A-4933-A09B-F65403F16D82}" = i-Cool
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7D974ACA-4EE5-412C-8E6A-A5B57B305727}" = ESET NOD32 Antivirus
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AEAD18F3-6481-4ef4-96B5-A24D5ADAC30D}" = CA Anti-Spyware
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Windows Driver Package - Nokia Modem (10/27/2008 3.9)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AMX Mod X Installer" = AMX Mod X Installer 1.76d
"Ask Toolbar_is1" = Vuze Toolbar
"BearShare" = BearShare
"BearShare MediaBar" = MediaBar 2.0
"BSPlayerf" = BS.Player FREE
"cciss_pp" = CA Anti-Spyware
"CS16 Full v32.1 Non-Steam" = CS16 Full v32.1 Non-Steam
"Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1" = NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"Icy Tower_is1" = Icy Tower v1.3
"IE-Security" = IE Security
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Return to Castle Wolfenstein" = Return to Castle Wolfenstein
"Vuze" = Vuze
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 2/21/2009 8:33:26 AM | Computer Name = RAZOR | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 2/21/2009 8:33:26 AM | Computer Name = RAZOR | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 2/21/2009 8:33:26 AM | Computer Name = RAZOR | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 2/21/2009 8:33:26 AM | Computer Name = RAZOR | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 2/21/2009 8:33:26 AM | Computer Name = RAZOR | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 2/21/2009 8:33:27 AM | Computer Name = RAZOR | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 2/21/2009 8:33:27 AM | Computer Name = RAZOR | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 2/21/2009 8:33:27 AM | Computer Name = RAZOR | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 2/21/2009 8:33:28 AM | Computer Name = RAZOR | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 2/21/2009 8:33:28 AM | Computer Name = RAZOR | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

< End of report >

extras.txt

#6
mrav

Posted 21 February 2009 - 07:13 AM

Member

Topic Starter
Member
10 posts

GMER.txt

OTListIt Extras logfile created on: 2/21/2009 2:01:56 PM - Run
OTListIt2 by OldTimer - Version 2.0.1.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.40% Memory free
3.85 Gb Paging File | 3.51 Gb Available in Paging File | 91.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 207.12 Gb Free Space | 88.94% Space Free | Partition Type: NTFS
Drive D: | 688.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAZOR
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus (Vuze Inc.)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher (Valve)
C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare (MusicLab, LLC)
C:\HLDS\hlds.exe:*:Enabled:HLDS Launcher (Valve)
C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe:*:Enabled:WolfMP File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{28184E01-D57A-4933-A09B-F65403F16D82}" = i-Cool
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7D974ACA-4EE5-412C-8E6A-A5B57B305727}" = ESET NOD32 Antivirus
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AEAD18F3-6481-4ef4-96B5-A24D5ADAC30D}" = CA Anti-Spyware
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Windows Driver Package - Nokia Modem (10/27/2008 3.9)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AMX Mod X Installer" = AMX Mod X Installer 1.76d
"Ask Toolbar_is1" = Vuze Toolbar
"BearShare" = BearShare
"BearShare MediaBar" = MediaBar 2.0
"BSPlayerf" = BS.Player FREE
"cciss_pp" = CA Anti-Spyware
"CS16 Full v32.1 Non-Steam" = CS16 Full v32.1 Non-Steam
"Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1" = NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"Icy Tower_is1" = Icy Tower v1.3
"IE-Security" = IE Security
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Return to Castle Wolfenstein" = Return to Castle Wolfenstein
"Vuze" = Vuze
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 2/21/2009 8:33:26 AM | Computer Name = RAZOR | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 2/21/2009 8:33:26 AM | Computer Name = RAZOR | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 2/21/2009 8:33:26 AM | Computer Name = RAZOR | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 2/21/2009 8:33:26 AM | Computer Name = RAZOR | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 2/21/2009 8:33:26 AM | Computer Name = RAZOR | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 2/21/2009 8:33:27 AM | Computer Name = RAZOR | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 2/21/2009 8:33:27 AM | Computer Name = RAZOR | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 2/21/2009 8:33:27 AM | Computer Name = RAZOR | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 2/21/2009 8:33:28 AM | Computer Name = RAZOR | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 2/21/2009 8:33:28 AM | Computer Name = RAZOR | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

< End of report >

#7
kahdah

Posted 21 February 2009 - 07:15 AM

GeekU Teacher

Retired Staff
15,822 posts

You have posted the same log 3 times.
I need to see the gmer log no more Ot list it logs.

#8
mrav

Posted 21 February 2009 - 07:17 AM

Member

Topic Starter
Member
10 posts

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-21 14:12:51
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT spum.sys ZwEnumerateKey [0xF74F5CA2]
SSDT spum.sys ZwEnumerateValueKey [0xF74F6030]

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 89C121F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

---- EOF - GMER 1.0.14 ----

#9
mrav

Posted 21 February 2009 - 07:21 AM

Member

Topic Starter
Member
10 posts

Need anything else?

#10
mrav

Posted 21 February 2009 - 07:43 AM

Member

Topic Starter
Member
10 posts

do you need anything else.Srry for 3 times same log tought I was posting something else

#11
kahdah

Posted 21 February 2009 - 07:46 AM

GeekU Teacher

Retired Staff
15,822 posts

With the amount of torrents on your computer it is no wonder that you are infected I recommend to discontinue the use of these types of programs.
===========

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

#12
mrav

Posted 21 February 2009 - 10:28 AM

Member

Topic Starter
Member
10 posts

Malwarebytes' Anti-Malware 1.34
Database version: 1784
Windows 5.1.2600 Service Pack 3

2/21/2009 5:14:29 PM
mbam-log-2009-02-21 (17-14-29).txt

Scan type: Full Scan (C:\|)
Objects scanned: 90295
Time elapsed: 11 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\fejokt.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c79c0828-dbe7-4e19-ba25-f0a178aa81a1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c79c0828-dbe7-4e19-ba25-f0a178aa81a1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c79c0828-dbe7-4e19-ba25-f0a178aa81a1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\binimikini (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\binimikini.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{038df718-b2c5-42ec-a768-a1729acc2d5b} (Rogue.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e922682d-cacf-4b09-a572-be014255bd6f} (Rogue.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie-security (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IE-Security (Rogue.IE-Security) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\IE-Security (Rogue.IE-Security) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\fejokt.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Program Files\IE-Security\uninstall.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\IE-Security\ies.s1 (Rogue.IE-Security) -> Quarantined and deleted successfully.
C:\Program Files\IE-Security\ies.s2 (Rogue.IE-Security) -> Quarantined and deleted successfully.
C:\Program Files\IE-Security\ies.s3 (Rogue.IE-Security) -> Quarantined and deleted successfully.
C:\Program Files\IE-Security\ies.s4 (Rogue.IE-Security) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\IE-Security.lnk (Rogue.IE-Security) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Favorites\Cheap Software.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Cheap Software.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sf.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Favorites\MP3 Download.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\MP3 Download.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\m3.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ios.dat (Malware.Trace) -> Quarantined and deleted successfully.

THANK YOU it works!!