Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Firefox/IE : Jump/Redirects to random sites [Solved]

Started by HELP.ME , Mar 20 2009 01:53 AM

  • This topic is locked This topic is locked

#1
HELP.ME
Posted 20 March 2009 - 01:53 AM

HELP.ME

    Member

  • Member
  • PipPip
  • 29 posts
Hi, :)

Well, after a previous reply i received from a helper, they directed me to Malware and Spyware Cleaning Guide. I followed the guide only to find that it didn't work and i needed more assitance, so i've posted my logs/problems here.

For a few days now, when i try to use the internet through browsers like Firefox or Internet Explorer, when i try to access a specific page or URL it redirects or "Jump" to another unrelevant page.

Also, after a while it fails, to connect to the internet [Says "Error Lander" when trying to load a page] (other programs like MSN still works though) and it sometimes doesn't allow AVG Free to update properly. I usually reset the internet by unplugging and plugging it back in only to find that this issue occurs again after a while of surfing on the net. :)

Some Logs :



Malwarebytes' Anti-Malware 1.34


Database version: 1749
Windows 6.0.6001 Service Pack 1

3/20/2009 6:15:00 PM
mbam-log-2009-03-20 (18-15-00).txt

Scan type: Quick Scan
Objects scanned: 71508
Time elapsed: 8 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
_____________________________________________________________________________________

Rooter Rootkit Detector


Microsoft Windows XP Home Edition (5.1.2600) Service Pack 2

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:76316 Mo/Free:2434 Mo)
D:\ [Fixed] - NTFS - (Total:305242 Mo/Free:3861 Mo)
E:\ [CD-Rom] (Total:4464 Mo/Free:0 Mo)
H:\ [CD-Rom] (Total:778 Mo/Free:0 Mo)
I:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
L:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
P:\ [Removable] (Total:7649 Mo/Free:3553 Mo)

Fri 03/20/2009|18:33

----------------------\\ Processes..

--Locked-- [System Process]
--Locked-- System
---------- \SystemRoot\System32\smss.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\wininit.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\services.exe
---------- C:\Windows\system32\lsass.exe
---------- C:\Windows\system32\lsm.exe
---------- C:\Windows\system32\winlogon.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\nvvsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\svchost.exe
--Locked-- audiodg.exe
---------- C:\Windows\system32\SLsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\rundll32.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\spoolsv.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\system32\AEADISRV.EXE
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
---------- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
---------- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
---------- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
---------- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
---------- C:\Windows\system32\IoctlSvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\SearchIndexer.exe
---------- C:\Windows\system32\WUDFHost.exe
---------- C:\Windows\system32\Dwm.exe
---------- C:\Windows\Explorer.EXE
---------- C:\Program Files\Windows Defender\MSASCui.exe
---------- C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
---------- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
---------- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
---------- C:\Program Files\Analog Devices\Core\smax4pnp.exe
---------- C:\Windows\System32\wpcumi.exe
---------- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
---------- C:\Program Files\Logitech\QuickCam\Quickcam.exe
---------- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
---------- C:\Windows\system32\wbem\wmiprvse.exe
---------- C:\Windows\System32\rundll32.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\Program Files\Windows Media Player\wmpnscfg.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Windows Media Player\wmpnetwk.exe
---------- C:\Program Files\Windows Sidebar\sidebar.exe
---------- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
---------- C:\Windows\ehome\ehtray.exe
---------- C:\Windows\ehome\ehmsas.exe
---------- C:\Windows\system32\wbem\unsecapp.exe
---------- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
---------- C:\Program Files\Registry Mechanic\RMTray.exe
---------- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
---------- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
---------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
---------- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
---------- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
---------- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
---------- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\Windows\system32\WgaTray.exe
---------- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
---------- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
---------- C:\Windows\explorer.exe
---------- C:\Windows\system32\cmd.exe
---------- C:\Rooter$\RK.exe
---------- ??

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RJFUF8FF\The%20Treasures%20Of%20Mystery%20Island%20(Precracked).rar-draggonking[1].htm
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\User\Desktop\Ambient.Design.ArtRage.v2.5.19.Multilingual.Retail.Incl.Keymaker-ZWT\keygen.exe
C:\Users\User\AppData\Roaming\uTorrent\Adobe Photoshop CS3 Extended + Crack.rar.torrent
C:\Users\User\AppData\Roaming\uTorrent\BlueSoleil 3.2.2.8 - PC Bluetooth Software + Crack - vLcB.rar.torrent


1 - "C:\Rooter$\Rooter_1.txt" - Fri 03/20/2009|18:33

----------------------\\ Scan completed at 18:33
_____________________________________________________________________________________

OTListIt logfile

 created on: 3/20/2009 6:40:02 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.0 Folder = D:\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 94.83% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 22.28 Gb Free Space | 29.89% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 67.77 Gb Free Space | 22.73% Space Free | Partition Type: NTFS
Drive E: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 778.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded
Drive P: | 7.47 Gb Total Space | 7.47 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: ANNIE
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe (AzureWave.com)
PRC - C:\Windows\system32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
PRC - C:\Windows\system32\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Windows\system32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe (Sonic Focus, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\system32\WgaTray.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe (Microsoft Corp.)
PRC - c:\program files\windows defender\MpCmdRun.exe (Microsoft Corporation)
PRC - D:\Downloads\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AEADIFilters [Auto | Running]) -- C:\Windows\system32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (BlueSoleilCS [Auto | Stopped]) -- File not found
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (BsHelpCS [On_Demand | Stopped]) -- File not found
SRV - (BsMobileCS [Auto | Stopped]) -- File not found
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LVCOMSer [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 3 [Auto | Running]) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (nvsvc [Auto | Running]) -- C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service [Auto | Running]) -- C:\Windows\system32\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (RelevantKnowledge [Auto | Stopped]) -- File not found
SRV - (sdAuxService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ADIHdAudAddService [On_Demand | Running]) -- C:\Windows\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AFS [Boot | Running]) -- C:\Windows\System32\drivers\AFS.SYS (Oak Technology Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (ASPI [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ASPI32.sys (Adaptec)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BtHidBus [Boot | Running]) -- C:\Windows\System32\Drivers\BtHidBus.sys (IVT Corporation.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (DVDRIVER [Auto | Stopped]) -- C:\Windows\system32\DRIVERS\dvdriver.sys (Eagletron Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (GEARAspiWDM [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (Iviaspi [On_Demand | Stopped]) -- C:\Windows\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (IvtBtBUs [On_Demand | Running]) -- C:\Windows\System32\Drivers\IvtBtBus.sys (IVT Corporation.)
DRV - (JGOGO [Boot | Running]) -- C:\Windows\system32\DRIVERS\JGOGO.sys (JMicron )
DRV - (JRAID [Boot | Running]) -- C:\Windows\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\LVUSBSta.sys (Logitech Inc.)
DRV - (LVUVC [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\lvuvc.sys (Logitech Inc.)
DRV - (mcdbus [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (MTsensor [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\ASACPI.sys ()
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (P16X [On_Demand | Running]) -- C:\Windows\system32\drivers\P16X.sys (Creative Technology Ltd.)
DRV - (Pcouffin [On_Demand | Running]) -- C:\Windows\System32\Drivers\Pcouffin.sys (VSO Software)
DRV - (PCTCore [Boot | Running]) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RTL8187 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\RTL8187.sys (Realtek Semiconductor Corporation )
DRV - (RtlProt [System | Running]) -- C:\Windows\system32\DRIVERS\rtlprot.sys (Windows ® Codename Longhorn DDK provider)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SCDEmu [System | Running]) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (sptd [Boot | Running]) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (yukonwlh [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\yk60x86.sys (Marvell)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {40a1f5d7-afc2-498f-b264-02668d616ff6}:1.1
FF - prefs.js..extensions.enabledItems: {991A772A-BA13-4c1d-A9EF-F897F31DEC7D}:3.1
FF - prefs.js..extensions.enabledItems: {DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B}:1.2.211
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7
FF - prefs.js..keyword.URL: "http://au.search.yah...8&fr=megaup&p="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/15 20:48:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/15 20:48:36 | 00,000,000 | ---D | M]

[2008/07/10 00:17:53 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2008/07/10 00:17:53 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/20 18:29:31 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vwy69tg9.default\extensions
[2009/01/28 19:00:00 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vwy69tg9.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/01/13 21:55:56 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vwy69tg9.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2009/01/13 15:29:24 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vwy69tg9.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2008/11/28 21:10:21 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vwy69tg9.default\extensions\{DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B}
[2009/03/20 18:12:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/07/19 00:02:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{231D7D17-4F1B-4933-AB61-E502DB82FD11}
[2009/03/15 20:48:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/24 14:57:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008/07/24 20:54:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/10 14:53:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/02/20 12:43:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/02/20 12:43:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/20 06:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/20 06:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/20 06:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/20 06:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/20 06:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/20 06:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/20 06:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (736 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe (Sonic Focus, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (Hewlett-Packard Company)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H (PC Tools)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {26E6B759-DEEB-42A1-A21C-78CD29098411} http://games.bigfish...eb.1.0.0.11.cab (CPlayFirstFitnessDasControl Object)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...SS.cab69309.cab ()
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....NPUplden-au.cab (MSN Photo Upload Tool)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\autoexec.bat () - [ NTFS ]
O32 - Autorun File - D:\autorun.inf () - [ NTFS ]
O32 - Autorun File - H:\AutoRun.exe (Electronic Arts Inc.) - [ CDFS ]
O32 - Autorun File - H:\AutoRun.exe (Electronic Arts Inc.) - [ CDFS ]
O32 - Autorun File - H:\AutoRunGUI.dll (Electronic Arts Inc.) - [ CDFS ]
O32 - Autorun File - H:\autorun.inf () - [ CDFS ]
O33 - MountPoints2\{011c0107-5598-11dd-a6f4-0011675c3e06}\Shell - "" = AutoRun
O33 - MountPoints2\{011c0107-5598-11dd-a6f4-0011675c3e06}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{250a4e78-7baf-11dd-a9cb-002215031222}\Shell - "" = AutoRun
O33 - MountPoints2\{250a4e78-7baf-11dd-a9cb-002215031222}\Shell\AutoRun\command - "" = H:\Autorun.exe -- [2007/08/05 02:54:31 | 00,700,416 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\{4bd6a791-4a34-11dd-ab26-0015af841d69}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Launcher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/03/20 18:32:12 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/20 18:04:55 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/03/20 18:04:10 | 00,000,693 | ---- | C] () -- C:\Users\User\Desktop\NTREGOPT.lnk
[2009/03/20 18:04:09 | 00,000,674 | ---- | C] () -- C:\Users\User\Desktop\ERUNT.lnk
[2009/03/20 18:04:07 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/18 18:25:54 | 04,096,764 | -H-- | C] () -- C:\Users\User\AppData\Local\IconCache.db
[2009/03/18 18:09:46 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2009/03/18 18:09:45 | 00,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/18 18:09:44 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/03/18 18:09:42 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/03/18 18:09:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/03/18 18:09:41 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/18 17:44:23 | 00,232,025 | ---- | C] () -- C:\Users\User\Desktop\AVGTHREAT_IE.jpg
[2009/03/18 17:35:16 | 00,234,782 | ---- | C] () -- C:\Users\User\Desktop\AVGThreatNotif.jpg
[2009/03/18 15:52:45 | 34,887,35232 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/17 22:51:04 | 00,000,000 | ---D | C] -- C:\Users\User\Desktop\New Folder
[2009/03/16 20:00:16 | 00,363,180 | ---- | C] () -- C:\Users\User\Desktop\Vitamin C in Different Types of Juices.docx
[2009/03/16 17:22:28 | 00,131,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSADODC.ocx
[2009/03/16 17:22:27 | 00,512,688 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\Windows\System32\XceedCry.dll
[2009/03/16 17:22:27 | 00,423,784 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\Windows\System32\XceedBkp.dll
[2009/03/16 17:22:26 | 00,389,120 | ---- | C] () -- C:\Windows\System32\ACTSKN43.OCX
[2009/03/16 17:22:26 | 00,089,088 | ---- | C] (Ariad Software) -- C:\Windows\System32\ProgressBar4.ocx
[2009/03/16 17:22:26 | 00,011,012 | ---- | C] () -- C:\Windows\System32\threadapi.tlb
[2009/03/16 16:23:45 | 00,000,878 | ---- | C] () -- C:\Users\User\Desktop\Exterminate It!.lnk
[2009/03/16 16:23:43 | 00,000,000 | ---D | C] -- C:\Program Files\Exterminate It!
[2009/03/16 16:18:12 | 00,159,600 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2009/03/16 16:18:03 | 00,130,424 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2009/03/16 16:18:03 | 00,073,840 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2009/03/16 16:17:55 | 00,001,759 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2009/03/16 16:17:54 | 00,064,392 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2009/03/16 16:17:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/03/16 16:17:50 | 00,000,860 | ---- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2009/03/16 16:17:50 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PC Tools
[2009/03/16 16:17:50 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/03/16 16:17:50 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/03/16 16:17:47 | 00,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll
[2009/03/16 16:17:47 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\STKIT432.DLL
[2009/03/16 16:17:46 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/03/16 15:30:52 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2009/03/16 15:19:35 | 00,000,000 | ---D | C] -- C:\fixwareout
[2009/03/15 20:48:39 | 00,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/03/15 12:58:14 | 00,104,511 | ---- | C] () -- C:\Users\User\Desktop\The_Sims_2_-_Free_Time_Expansion_Pack_[mininova].torrent
[2009/03/15 00:06:32 | 00,000,000 | ---D | C] -- C:\Program Files\RMVB Converter
[2009/03/15 00:03:41 | 00,000,282 | ---- | C] () -- C:\Windows\System32\temporary.eth
[2009/03/15 00:03:41 | 00,000,000 | ---D | C] -- C:\mp4 video
[2009/03/15 00:03:24 | 00,000,067 | ---- | C] () -- C:\Windows\Easy Video to MP4 Converter.INI
[2009/03/15 00:03:22 | 00,000,000 | ---D | C] -- C:\Program Files\Easy Video to MP4 Converter
[2009/03/14 23:59:46 | 00,495,104 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTVideoCoreM.dll
[2009/03/14 23:59:46 | 00,249,856 | ---- | C] (Online Media Technologies Company Ltd.) -- C:\Windows\System32\NCTQuickTimeFile.dll
[2009/03/14 23:59:46 | 00,090,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioFormatSettings3.dll
[2009/03/14 23:59:45 | 02,846,720 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioCompress3.dll
[2009/03/14 23:59:44 | 00,856,064 | ---- | C] (Essien Research & Development) -- C:\Windows\System32\mpgfiltr.ax
[2009/03/14 23:59:44 | 00,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009/03/14 23:59:44 | 00,139,264 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\Windows\System32\viscomqtde.dll
[2009/03/14 23:59:44 | 00,000,000 | ---D | C] -- C:\Windows\System32\RMBin
[2009/03/14 23:59:43 | 00,421,888 | ---- | C] (Gabest) -- C:\Windows\System32\RealMediaSplitter.ax
[2009/03/14 23:59:42 | 00,147,456 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\Windows\System32\viscomqtenc.dll
[2009/03/14 23:17:40 | 00,000,000 | ---D | C] -- C:\RECYCLER
[2009/03/14 23:12:40 | 00,000,000 | ---D | C] -- C:\temp
[2009/03/14 23:08:17 | 00,000,000 | ---D | C] -- C:\Program Files\Xilisoft
[2009/03/11 15:32:29 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/03/11 15:32:26 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/03/10 16:52:39 | 01,360,679 | ---- | C] () -- C:\Users\User\Desktop\Shopping_Parramatta Westfield.xlsx
[2009/03/10 16:40:26 | 02,140,828 | ---- | C] () -- C:\Users\User\Desktop\JAYJAYS CATALOGUE.pdf
[2009/03/09 22:11:43 | 00,013,261 | ---- | C] () -- C:\Users\User\Desktop\Anastasia.docx
[2009/03/09 19:13:17 | 00,034,324 | ---- | C] () -- C:\Users\User\Desktop\changmin_jaejoong.jpg
[2009/03/09 17:41:03 | 00,297,000 | ---- | C] () -- C:\Users\User\Desktop\LOLbigbang.gif
[2009/03/07 11:57:54 | 01,657,946 | ---- | C] () -- C:\Users\User\Desktop\SHOPPING_PARRAMATTA WESTFIELD.docx
[2009/03/06 00:27:32 | 00,016,484 | ---- | C] () -- C:\Users\User\Desktop\ESSAY_HISTORY.docx
[2009/03/05 21:11:06 | 00,014,550 | ---- | C] () -- C:\Users\User\Desktop\HISTORY ASSESSMENT.docx
[2009/03/03 15:29:05 | 00,034,097 | ---- | C] () -- C:\Users\User\Desktop\I Do Stupid Things 44% Of the Time.docx
[2009/03/02 21:59:30 | 00,087,631 | ---- | C] () -- C:\Users\User\Desktop\SHORT STORIES.docx
[2009/03/02 17:14:38 | 00,071,914 | ---- | C] () -- C:\Users\User\Desktop\ANALYSING SHORT STORIES.docx
[2009/03/01 18:17:44 | 00,000,000 | ---D | C] -- C:\Program Files\Musicnotes
[2009/03/01 12:21:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/03/01 12:20:50 | 00,001,037 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2009/03/01 12:19:14 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/02/28 20:47:45 | 00,000,000 | ---D | C] -- C:\Program Files\Essentials Codec Pack
[2009/02/28 20:44:56 | 00,000,000 | ---D | C] -- C:\ConverterOutput
[2009/02/28 20:44:43 | 00,001,018 | ---- | C] () -- C:\Users\User\Desktop\Cucusoft Zune Video Converter Suite.lnk
[2009/02/28 20:44:42 | 03,049,984 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/02/28 20:44:42 | 02,174,976 | ---- | C] () -- C:\Windows\System32\ffdshow.ax
[2009/02/28 20:44:42 | 00,404,480 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/02/28 20:44:42 | 00,372,736 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2009/02/28 20:44:42 | 00,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/02/28 20:44:42 | 00,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/02/28 20:44:42 | 00,098,304 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\L3CODECX.AX
[2009/02/28 20:44:42 | 00,034,820 | ---- | C] () -- C:\Windows\System32\ffdshow.reg
[2009/02/28 20:44:41 | 00,364,544 | ---- | C] (Cucusoft Inc.) -- C:\Windows\System32\cdg.dll
[2009/02/28 20:44:41 | 00,348,160 | ---- | C] () -- C:\Windows\System32\cdga.dll
[2009/02/28 20:44:41 | 00,114,688 | ---- | C] (Cucusoft Inc.) -- C:\Windows\System32\PropListCtrl.ocx
[2009/02/28 20:44:41 | 00,014,909 | ---- | C] () -- C:\Windows\System32\A_reg.reg
[2009/02/28 20:44:40 | 00,000,000 | ---D | C] -- C:\Program Files\Cucusoft
[2009/02/28 20:42:01 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AVS4YOU
[2009/02/28 20:42:00 | 00,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2009/02/28 20:41:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2009/02/28 20:41:18 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70.dll
[2009/02/28 20:41:18 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp70.dll
[2009/02/28 20:41:17 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2009/02/28 20:41:17 | 00,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2009/02/27 23:00:33 | 00,000,000 | ---D | C] -- C:\Users\User\Desktop\FileSJ
[2009/02/26 16:54:58 | 10,622,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/02/26 16:54:58 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/02/26 16:54:58 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/02/26 16:54:58 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/02/26 16:54:58 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/02/25 17:37:14 | 00,000,000 | ---D | C] -- C:\Program Files\AoA Audio Extractor
[2009/02/25 17:32:45 | 00,966,144 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioInformation2.dll
[2009/02/25 17:32:45 | 00,877,568 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTAudioFile2.dll
[2009/02/25 17:32:45 | 00,196,608 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTWMAFile2.dll
[2009/02/25 17:32:42 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msvcr70.dll
[2009/02/23 17:34:45 | 00,001,670 | ---- | C] () -- C:\Users\Public\Desktop\Readiris.lnk
[2009/02/23 17:21:08 | 00,001,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
[2009/02/23 17:21:08 | 00,001,009 | ---- | C] () -- C:\Users\Public\Desktop\HP Director.lnk
[2009/02/23 17:21:08 | 00,000,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\officejet 6100.lnk
[2009/02/23 17:18:11 | 00,007,765 | ---- | C] () -- C:\Windows\hpomdl01.dat
[2009/02/22 21:41:27 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2009/02/22 21:41:20 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Downloaded Installations
[2009/02/21 18:05:23 | 00,002,250 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2009/02/21 18:05:03 | 00,130,208 | R--- | C] (BackWeb Technologies Inc. ) -- C:\Windows\bwUnin-8.1.1.87-8876480SL.exe
[2009/02/21 11:15:46 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Leadertech
[2009/02/21 11:15:27 | 00,001,921 | ---- | C] () -- C:\Users\Public\Desktop\Logitech QuickCam.lnk
[2009/02/21 10:43:02 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/02/21 10:42:55 | 00,000,000 | ---- | C] () -- C:\Windows\System32\drivers\lvuvc.hs
[2009/02/20 21:01:04 | 00,009,415 | ---- | C] () -- C:\Users\User\Desktop\Straddle_Glomp_by_Rebel2206.gif
[2009/02/20 19:14:57 | 00,127,034 | R--- | C] (BackWeb Technologies Inc. ) -- C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
[2009/02/20 19:12:46 | 00,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2009/02/20 19:12:45 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2009/02/20 19:12:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2009/02/20 19:12:40 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2009/02/20 19:01:36 | 00,000,000 | ---D | C] -- C:\Users\User\Desktop\Notes
[2009/02/20 19:00:49 | 00,000,000 | ---D | C] -- C:\Users\User\Desktop\MCF
[2009/02/20 18:58:53 | 00,000,000 | ---D | C] -- C:\Users\User\Desktop\HP Printer
[2009/02/20 18:57:04 | 00,000,000 | ---D | C] -- C:\Users\User\Desktop\D V D
[2009/02/20 18:41:43 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/02/20 17:58:09 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/02/20 17:58:08 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/02/20 17:58:08 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/02/20 17:58:08 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/02/20 17:58:08 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/02/20 17:58:08 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/02/20 17:58:06 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/02/20 17:58:05 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/02/20 17:48:37 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/02/20 17:48:34 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/02/20 17:48:33 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/02/20 17:48:19 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/02/20 17:48:14 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/02/19 22:13:25 | 00,013,993 | ---- | C] () -- C:\Users\User\Desktop\Proposal_SRP.docx

========== Files - Modified Within 30 Days ==========

[2009/03/20 18:18:22 | 00,000,250 | ---- | M] () -- C:\Windows\tasks\RtlVistaStart.job
[2009/03/20 18:18:16 | 00,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/03/20 18:18:16 | 00,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/03/20 18:18:14 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/03/20 18:18:11 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/03/20 18:18:08 | 34,887,35232 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/20 18:16:32 | 04,096,764 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
[2009/03/20 18:04:10 | 00,000,693 | ---- | M] () -- C:\Users\User\Desktop\NTREGOPT.lnk
[2009/03/20 18:04:09 | 00,000,674 | ---- | M] () -- C:\Users\User\Desktop\ERUNT.lnk
[2009/03/18 18:34:00 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/03/18 18:34:00 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/03/18 18:34:00 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/03/18 18:09:45 | 00,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/18 17:45:24 | 00,232,025 | ---- | M] () -- C:\Users\User\Desktop\AVGTHREAT_IE.jpg
[2009/03/18 17:38:00 | 00,234,782 | ---- | M] () -- C:\Users\User\Desktop\AVGThreatNotif.jpg
[2009/03/18 17:26:48 | 00,004,182 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/03/18 17:26:44 | 00,000,088 | RHS- | M] () -- C:\Windows\System32\2859EE8E6A.sys
[2009/03/18 15:36:25 | 12,153,4840 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/03/18 01:53:24 | 00,363,180 | ---- | M] () -- C:\Users\User\Desktop\Vitamin C in Different Types of Juices.docx
[2009/03/16 16:23:45 | 00,000,878 | ---- | M] () -- C:\Users\User\Desktop\Exterminate It!.lnk
[2009/03/16 16:17:55 | 00,001,759 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2009/03/16 16:17:50 | 00,000,860 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2009/03/15 20:48:39 | 00,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/03/15 12:58:15 | 00,104,511 | ---- | M] () -- C:\Users\User\Desktop\The_Sims_2_-_Free_Time_Expansion_Pack_[mininova].torrent
[2009/03/15 00:04:17 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009/03/15 00:04:09 | 00,000,282 | ---- | M] () -- C:\Windows\System32\temporary.eth
[2009/03/15 00:03:28 | 00,000,067 | ---- | M] () -- C:\Windows\Easy Video to MP4 Converter.INI
[2009/03/14 21:12:46 | 00,034,097 | ---- | M] () -- C:\Users\User\Desktop\I Do Stupid Things 44% Of the Time.docx
[2009/03/13 15:38:58 | 01,778,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/03/11 21:40:07 | 00,013,261 | ---- | M] () -- C:\Users\User\Desktop\Anastasia.docx
[2009/03/11 19:35:44 | 01,360,679 | ---- | M] () -- C:\Users\User\Desktop\Shopping_Parramatta Westfield.xlsx
[2009/03/10 17:12:59 | 01,657,946 | ---- | M] () -- C:\Users\User\Desktop\SHOPPING_PARRAMATTA WESTFIELD.docx
[2009/03/10 16:40:26 | 02,140,828 | ---- | M] () -- C:\Users\User\Desktop\JAYJAYS CATALOGUE.pdf
[2009/03/09 19:13:21 | 00,034,324 | ---- | M] () -- C:\Users\User\Desktop\changmin_jaejoong.jpg
[2009/03/09 17:41:16 | 00,297,000 | ---- | M] () -- C:\Users\User\Desktop\LOLbigbang.gif
[2009/03/07 11:43:46 | 00,002,627 | ---- | M] () -- C:\Users\User\Desktop\Microsoft Office Word 2007.lnk
[2009/03/06 16:45:06 | 00,130,424 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2009/03/06 01:54:56 | 00,014,550 | ---- | M] () -- C:\Users\User\Desktop\HISTORY ASSESSMENT.docx
[2009/03/06 01:54:35 | 00,016,484 | ---- | M] () -- C:\Users\User\Desktop\ESSAY_HISTORY.docx
[2009/03/04 17:33:51 | 00,001,685 | ---- | M] () -- C:\Users\User\Desktop\DQ Tycoon.lnk
[2009/03/02 22:09:40 | 00,087,631 | ---- | M] () -- C:\Users\User\Desktop\SHORT STORIES.docx
[2009/03/02 17:14:39 | 00,071,914 | ---- | M] () -- C:\Users\User\Desktop\ANALYSING SHORT STORIES.docx
[2009/03/02 14:46:34 | 00,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2009/03/01 18:50:12 | 00,134,952 | ---- | M] () -- C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/03/01 18:02:53 | 00,111,104 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/01 12:30:43 | 00,000,050 | ---- | M] () -- C:\Windows\cdplayer.ini
[2009/03/01 12:20:50 | 00,001,037 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2009/03/01 12:19:14 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/02/28 20:44:43 | 00,001,018 | ---- | M] () -- C:\Users\User\Desktop\Cucusoft Zune Video Converter Suite.lnk
[2009/02/27 19:32:02 | 00,000,752 | ---- | M] () -- C:\Users\User\Desktop\µTorrent.lnk
[2009/02/25 18:29:21 | 00,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2009/02/23 17:34:50 | 00,000,431 | ---- | M] () -- C:\Windows\win.ini
[2009/02/23 17:34:45 | 00,001,670 | ---- | M] () -- C:\Users\Public\Desktop\Readiris.lnk
[2009/02/23 17:34:45 | 00,000,158 | ---- | M] () -- C:\Windows\pagesuit.ini
[2009/02/23 17:21:08 | 00,001,027 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
[2009/02/23 17:21:08 | 00,001,009 | ---- | M] () -- C:\Users\Public\Desktop\HP Director.lnk
[2009/02/23 17:21:08 | 00,000,903 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\officejet 6100.lnk
[2009/02/21 18:05:23 | 00,002,250 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2009/02/21 18:05:02 | 00,130,208 | R--- | M] (BackWeb Technologies Inc. ) -- C:\Windows\bwUnin-8.1.1.87-8876480SL.exe
[2009/02/21 11:15:28 | 00,001,921 | ---- | M] () -- C:\Users\Public\Desktop\Logitech QuickCam.lnk
[2009/02/20 21:01:53 | 00,009,415 | ---- | M] () -- C:\Users\User\Desktop\Straddle_Glomp_by_Rebel2206.gif
[2009/02/20 19:14:57 | 00,127,034 | R--- | M] (BackWeb Technologies Inc. ) -- C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
[2009/02/19 23:21:04 | 00,013,993 | ---- | M] () -- C:\Users\User\Desktop\Proposal_SRP.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:417B6FAC
< End of report >

_____________________________________________________________________________________

]OTListIt Extras logfile

created on: 3/20/2009 6:40:02 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.0 Folder = D:\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 94.83% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 22.28 Gb Free Space | 29.89% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 67.77 Gb Free Space | 22.73% Space Free | Partition Type: NTFS
Drive E: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 778.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded
Drive P: | 7.47 Gb Total Space | 7.47 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: ANNIE
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications" = 0
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\River Past\Video Cleaner\VideoCleaner.exe:*:Enabled:River Past Video Cleaner (River Past Corporation)
C:\Program Files\River Past\Crazi Video\CraziVideo.exe:*:Enabled:River Past Crazi Video File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{13CB54D3-A7C9-4B23-89A4-6331368AFD30}" = ArtRage 2
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3C5F1B30-B10B-4579-86DD-D00F662E1033}" = Nero 8
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82DFB852-9594-4668-9C66-28BB6E94BCB2}" = HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}" = Readiris 7.5
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A4E0BB92-F9B3-4610-BDD7-4344DAFB0A4F}" = Mystery Case Files - Return to Ravenhearst
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = ASUS WiFi-AP Solo
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3BDF1C8-66EF-4A0F-B427-A99E39706F45}_is1" = RMVB Converter 1.8
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86A0E7-818D-43EC-A181-59BA9BD3EF2E}" = LightScribe 1.8.13.1
"{d08d9f98-1c78-4704-87e6-368b0023d831}" = RelevantKnowledge
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = The Sims™ 2 Celebration! Stuff
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ED93995E-8BF2-480F-8EA4-7D29E29A7052}" = HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet Drivers
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"AC3Filter" = AC3Filter (remove only)
"ActiveXControlPad" = Microsoft ActiveX Control Pad
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AMIP" = AMIP (remove only)
"AMIPConfigurator" = AMIPConfigurator (remove only)
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"AviSynth" = AviSynth 2.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"Cucusoft DVD to Zune + Zune Video Converter Suite_is1" = Cucusoft DVD to Zune + Zune Video Converter Suite 7.15.7.8
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivXLand Media Subtitler" = DivXLand Media Subtitler
"DQ Tycoon1.0.0" = DQ Tycoon
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Exterminate It!" = Exterminate It!
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"gen_msn_adv" = gen_msn_adv 1.1
"GOM Player" = GOM Player
"Graboid Video" = Graboid Video 1.3
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.4 (Standard)
"LimeWire" = LimeWire PRO 4.18.2
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Megaupload Downloader" = Megaupload Downloader
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"NVIDIA Drivers" = NVIDIA Drivers
"PowerISO" = PowerISO
"PSC 2000 Series" = HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet
"Reader Rabbit 2nd Grade" = Reader Rabbit 2nd Grade
"RealAlt_is1" = Real Alternative 1.9.0
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Sibelius Scorch Plugin_is1" = Sibelius Scorch Plugin 5.2.5.30
"Spyware Doctor" = Spyware Doctor 6.0
"StepMania" = StepMania (remove only)
"SUPER ©" = SUPER © Version 2008.bld.30 (Mar 22, 2008)
"Super DVD Creator_is1" = Super DVD Creator 9.20
"Video Cleaner" = River Past Video Cleaner
"Videora iPod Converter" = Videora iPod Converter 4.04
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"YouTube Downloader App" = YouTube Downloader App 1.01

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/17/2009 1:48:11 AM | Computer Name = Annie | Source = Windows Search Service | ID = 3038
Description =

Error - 3/17/2009 1:48:14 AM | Computer Name = Annie | Source = Windows Search Service | ID = 3028
Description =

Error - 3/17/2009 1:48:14 AM | Computer Name = Annie | Source = Windows Search Service | ID = 3058
Description =

Error - 3/17/2009 7:18:04 AM | Computer Name = Annie | Source = Windows Search Service | ID = 3038
Description =

Error - 3/17/2009 7:18:09 AM | Computer Name = Annie | Source = Windows Search Service | ID = 3028
Description =

Error - 3/17/2009 7:18:09 AM | Computer Name = Annie | Source = Windows Search Service | ID = 3058
Description =

Error - 3/18/2009 12:47:46 AM | Computer Name = Annie | Source = EventSystem | ID = 4609
Description =

Error - 3/18/2009 3:27:30 AM | Computer Name = Annie | Source = Windows Search Service | ID = 3038
Description =

Error - 3/18/2009 3:27:32 AM | Computer Name = Annie | Source = Windows Search Service | ID = 3028
Description =

Error - 3/18/2009 3:27:32 AM | Computer Name = Annie | Source = Windows Search Service | ID = 3058
Description =

[ Media Center Events ]
Error - 12/17/2008 4:51:04 AM | Computer Name = Annie | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/12/2009 12:51:14 AM | Computer Name = Annie | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 3/20/2009 2:34:26 AM | Computer Name = Annie | Source = HTTP | ID = 15016
Description =

Error - 3/20/2009 2:34:59 AM | Computer Name = Annie | Source = Service Control Manager | ID = 7000
Description =

Error - 3/20/2009 2:34:59 AM | Computer Name = Annie | Source = Service Control Manager | ID = 7000
Description =

Error - 3/20/2009 2:34:59 AM | Computer Name = Annie | Source = Service Control Manager | ID = 7000
Description =

Error - 3/20/2009 2:34:59 AM | Computer Name = Annie | Source = Service Control Manager | ID = 7000
Description =

Error - 3/20/2009 3:18:14 AM | Computer Name = Annie | Source = HTTP | ID = 15016
Description =

Error - 3/20/2009 3:18:41 AM | Computer Name = Annie | Source = Service Control Manager | ID = 7000
Description =

Error - 3/20/2009 3:18:41 AM | Computer Name = Annie | Source = Service Control Manager | ID = 7000
Description =

Error - 3/20/2009 3:18:41 AM | Computer Name = Annie | Source = Service Control Manager | ID = 7000
Description =

Error - 3/20/2009 3:18:41 AM | Computer Name = Annie | Source = Service Control Manager | ID = 7000
Description =


< End of report >

_____________________________________________________________________
Please help me with this problem, it’s been driving me nuts! :)
Thanks in Advance.
  • 0

Advertisements

#2
handhfan
Posted 20 March 2009 - 10:13 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Hello, HELP.ME, and welcome to GeeksToGo!

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
HELP.ME
Posted 21 March 2009 - 03:49 AM

HELP.ME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
hello again and thanks for trying to give me a hand.

well, i downloaded combofix and ran it, but after the scan rebooted my computer for me, windows failed to start.

It said that windows failed to load because the system registry file is missing or corrupt.

it gave me the usual options to start windows normally or in safe mode etc but when i selected them, they all failed to start up windows.

what to do now? :)
  • 0

#4
handhfan
Posted 21 March 2009 - 06:44 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Please choose the appropriate set of instructions that pertain to you:

If Recovery Console is already installed:

1. Restart your computer
2. Before Windows loads, you will be prompted to choose which Operating System to start (Windows Recovery Console, or Windows XP).
3. Use the up and down arrow key to select Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press enter.
5. At the C:\Windows prompt, type the following bolded text, and press Enter:

cd erdnt\subs

6. At the next prompt, type the following bolded text, and press Enter:

batch erdnt.con

7. The erunt backups will begin copying.
8. At the next prompt, type the following bolded text, and press Enter:

exit

Your computer will now reboot, and try booting into Windows again.

Let me know if you have any issues.

-------------------- OR ------------------------


If booting from Windows Install disc:

1. Insert Windows Install disc to boot from CD.
2. Press any key on the keyboard when prompted.
3. Press R to load the Recovery Console.
4. Enter your password when prompted.
5. You must enter which Windows installation to log onto. Type 1 and press enter.
6. At the C:\Windows prompt, type the following bolded text, and press Enter:

cd erdnt\subs

7. At the next prompt, type the following bolded text, and press Enter:

batch erdnt.con

8. The erunt backups will begin copying.
9. At the next prompt, type the following bolded text, and press Enter:

exit

Your computer will now reboot, and try booting into Windows again.

Let me know if you have any issues.
  • 0

#5
HELP.ME
Posted 21 March 2009 - 07:09 PM

HELP.ME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
what if i do not have a windows installation disk? =\
  • 0

#6
handhfan
Posted 21 March 2009 - 07:20 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Do you have the Recovery Console, as described in the first part?

Are you able to borrow an XP CD from someone, if you don't have the Recovery Console?
  • 0

#7
HELP.ME
Posted 21 March 2009 - 07:25 PM

HELP.ME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
=\ No to both, but i think i have Windows Memory Diagnostics Tool.. what's that do ?
  • 0

#8
handhfan
Posted 21 March 2009 - 07:46 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Did you see these screens when you ran ComboFix?

Posted Image


Posted Image
  • 0

#9
HELP.ME
Posted 21 March 2009 - 08:10 PM

HELP.ME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
no i did not
  • 0

#10
handhfan
Posted 21 March 2009 - 08:22 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Are you sure when you reboot your computer you are not able to choose between the Microsoft Windows Recovery Console?

If not, our last resort is the following, otherwise, we will need you to get a CD for Windows XP. Wish I had better news.

Restart your computer. Before the Windows logo appears, tap the F8 key. A list of options will appear. Select "Last Known Good Configuration".
  • 0

Advertisements

#11
HELP.ME
Posted 21 March 2009 - 08:30 PM

HELP.ME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I'm not sure, but when i pressed F8 a list of options appeared :

Choose advanced options for : microsoft windows Vista

Safe Mode
Safe mode with networking
safe mode with command prompt

enable boot logging
enable low-resolution video (640x480)
last known good configuration (advance)
directory services restore mode
debugging mode
disable automatic restart on system failure
disable driver signature enforcement

start windows normally

I tried selecting safe mode, start windows normally and last known good configuration but they all said they couldn't load windows because the registry file was missing/corrupt.

=/
  • 0

#12
HELP.ME
Posted 21 March 2009 - 08:40 PM

HELP.ME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Oh and i did find the CD with the help of a relative :)

now i'm just wondering how to repair my computer if i can't load windows =/

Edited by HELP.ME, 21 March 2009 - 08:57 PM.

  • 0

#13
handhfan
Posted 23 March 2009 - 09:41 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Great. You will just need to boot to your CD, not to Windows. All the information you need is here in this topic.

Let me know if you have any questions or issues.
  • 0

#14
HELP.ME
Posted 24 March 2009 - 12:54 AM

HELP.ME

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
hmm, well now my browsers don't connect to the internet at all and i reinstalled mozilla..once again programs like msn only work so i don't think it's the internet connection.. =\
help? :S
  • 0

#15
handhfan
Posted 24 March 2009 - 04:15 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
This is after you have done a repair install?

You may need to set up your Windows Connection settings again, depending on the type of connection you use. Do you use a router, a wireless connection, a direct connection?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP