Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bah, Vimax Ads.

Started by Raolan , May 09 2009 08:00 AM

  • Please log in to reply

#1
Raolan
Posted 09 May 2009 - 08:00 AM

Raolan

    New Member

  • Member
  • Pip
  • 6 posts
Well, I fixed the problem with Vimax ads on my Mac and my sister's, but as always, Windows is a problem child. I really need some help. Apparently, a good idea was to post a log file after a scan here. Hope you can help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:52 PM, on 5/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\WINDOWS\system32\WTClient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Raolan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Raolan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [amsn] C:\Program Files\aMSN\amsn.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7BEC962-AA51-4B55-AE56-75FA7F1CAA5E}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

--
End of file - 10095 bytes


Cheers, Nick.
  • 0

Advertisements

#2
kahdah
Posted 09 May 2009 - 09:33 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Raolan

Welcome to G2Go. :)
=====================
  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#3
Raolan
Posted 11 May 2009 - 05:59 AM

Raolan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts 
OTListIt logfile created on: 5/11/2009 9:44:30 PM - Run 3OTListIt2 by OldTimer - Version 2.0.15.5     Folder = E:\Downloads & Transfers\DownloadsWindows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.2180)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1023.48 Mb Total Physical Memory | 356.14 Mb Available Physical Memory | 34.80% Memory free2.40 Gb Paging File | 1.86 Gb Available in Paging File | 77.53% Paging File freePaging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 74.52 Gb Total Space | 47.21 Gb Free Space | 63.35% Space Free | Partition Type: NTFSD: Drive not present or media not loadedDrive E: | 596.17 Gb Total Space | 469.79 Gb Free Space | 78.80% Space Free | Partition Type: NTFSF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: RAOLANCurrent User Name: RaolanLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userOutput = MinimalFile Age = 30 DaysCompany Name Whitelist: On ========== Processes (SafeList) ========== PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)PRC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)PRC - C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe ()PRC - C:\WINDOWS\system32\WTClient.exe (Tablet Driver)PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)PRC - C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)PRC - C:\Documents and Settings\Raolan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)PRC - C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)PRC - C:\WINDOWS\System32\Drivers\WTSRV.EXE (Tablet Driver)PRC - C:\WINDOWS\system32\WISPTIS.EXE (Microsoft Corporation)PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)PRC - C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe (Sun Microsystems, Inc.)PRC - E:\Downloads & Transfers\Downloads\OTListIt2.exe (OldTimer Tools)PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Adobe Version Cue CS4 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\system32\ati2sgag.exe ()SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)SRV - (GoogleDesktopManager-022208-143751 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)SRV - (Macromedia Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)SRV - (npggsvc [On_Demand | Stopped]) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)SRV - (rpcapd [On_Demand | Stopped]) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)SRV - (WinTabService [Auto | Running]) -- C:\WINDOWS\System32\Drivers\WTSRV.EXE (Tablet Driver) ========== Driver Services (SafeList) ========== DRV - (adfs [Auto | Running]) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys (Advanced Micro Devices)DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)DRV - (DgiVecp [Auto | Running]) -- C:\WINDOWS\system32\Drivers\DgiVecp.sys (Samsung Electronics Co., Ltd.)DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)DRV - (hamachi [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys (LogMeIn, Inc.)DRV - (ms_mpu401 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)DRV - (MTsensor [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys ()DRV - (nm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys (Microsoft Corporation)DRV - (NPF [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)DRV - (nvata [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\nvata.sys (NVIDIA Corporation)DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)DRV - (PTSimBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PTSimBus.sys (PenTablet Driver)DRV - (PTSimHid [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\PTSimHid.sys (PenTablet Driver)DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)DRV - (RT61 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RT61.sys (Ralink Technology Inc.)DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys ()DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()DRV - (Tablet2k [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\Tablet2k.sys (Windows ® Server 2003 DDK provider)DRV - (TClass2k [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\TClass2k.sys (Tablet Driver)DRV - (UCTblHid [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\UCTblHid.sys (Tablet Driver)DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.) ========== Standard Registry (All) ==========  ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"]http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome[/url]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://www.google.com/ie"]http://www.google.com/ie[/url]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"]http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch[/url]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"]http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home[/url]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [url="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"]http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm[/url]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [url="http://www.google.com/ie"]http://www.google.com/ie[/url]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.gaiaonline.com/"]http://www.gaiaonline.com/[/url]IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://www.google.com/ie"]http://www.google.com/ie[/url]IE - URLSearchHook:  - Reg Error: Key error. File not foundIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "GoogleCOM"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: ""FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5FF - prefs.js..extensions.enabledItems: {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.1.0.7FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.2FF - prefs.js..extensions.enabledItems: [email protected]:2.22bFF - prefs.js..extensions.enabledItems: [email protected]:1.3.3FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.11FF - prefs.js..extensions.enabledItems: [email protected]:6.0FF - prefs.js..extensions.enabledItems: {2e768a0b-9ee3-4e60-babc-9ff4bc4aacfb}:1.300.66FF - prefs.js..extensions.enabledItems: [email protected]:4.1.0.077FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07FF - prefs.js..extensions.enabledItems: {15756614-ffb8-498b-b961-bce537ea94fe}:0.4FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.3.8FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0FF - prefs.js..extensions.enabledItems: {F645A8C9-E969-42D9-B3F3-F325537222FD}:1.1.4FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.0.0FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.1FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.94FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:0.5.9FF - prefs.js..extensions.enabledItems: {75623d5d-4683-402a-b610-ac4bab767c86}:2.0.3FF - prefs.js..extensions.enabledItems: {0df7b3bb-9581-44bb-835f-061a29ec8a46}:2.1.20090406FF - prefs.js..extensions.enabledItems: [email protected]:1.2.4FF - prefs.js..extensions.enabledItems: {0fa2149e-bb2c-4ac2-a8d3-479599819475}:1.5FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10FF - prefs.js..extensions.enabledItems: {6542b200-4374-11dd-ae16-0800200c9a66}:2.0b2FF - prefs.js..extensions.enabledItems: [email protected]:2.028FF - prefs.js..keyword.URL: "http://www.google-searchbar.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - user.js..browser.search.selectedEngine: "GoogleCOM"FF - user.js..keyword.URL: "http://www.google-searchbar.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/05/05 09:15:24 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\PROGRAM FILES\AVG\AVG8\TOOLBARFF [2009/05/05 09:15:24 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/01/08 07:11:54 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2009/03/29 17:19:27 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/05 10:42:44 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/05 10:42:44 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2009/04/04 14:48:35 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS [2009/04/03 18:38:02 | 00,000,000 | ---D | M] [2008/10/08 16:40:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\mozilla\Extensions[2008/10/08 16:40:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}[2009/05/11 21:33:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\mozilla\Firefox\Profiles\ab58v0xl.default\extensions[2009/03/09 17:00:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\mozilla\Firefox\Profiles\ab58v0xl.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}[2009/04/08 07:07:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\mozilla\Firefox\Profiles\ab58v0xl.default\extensions\{0df7b3bb-9581-44bb-835f-061a29ec8a46}[2008/11/22 23:10:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\mozilla\Firefox\Profiles\ab58v0xl.default\extensions\{0fa2149e-bb2c-4ac2-a8d3-479599819475}[2009/04/05 06:01:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\mozilla\Firefox\Profiles\ab58v0xl.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}[2008/12/01 17:23:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\mozilla\Firefox\Profiles\ab58v0xl.default\extensions\{15756614-ffb8-498b-b961-bce537ea94fe}[2008/10/22 21:38:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\mozilla\Firefox\Profiles\ab58v0xl.default\extensions\{2e768a0b-9ee3-4e60-babc-9ff4bc4aacfb}[2009/04/15 09:34:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\mozilla\Firefox\Profiles\ab58v0xl.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}[2009/04/07 18:04:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\mozilla\Firefox\Profiles\ab58v0xl.default\extensions\{6542b200-4374-11dd-ae16-0800200c9a66}[2009/02/20 07:57:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\mozilla\Firefox\Profiles\ab58v0xl.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}[2009/04/05 06:01:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\mozilla\Firefox\Profiles\ab58v0xl.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}[2008/10/09 09:49:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\mozilla\Firefox\Profiles\ab58v0xl.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}[2008/10/08 18:22:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\mozilla\Firefox\Profiles\ab58v0xl.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}[2009/02/20 07:57:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\mozilla\Firefox\Profiles\ab58v0xl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}[2009/04/05 06:01:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\mozilla\Firefox\Profiles\ab58v0xl.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}[2008/10/09 09:49:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\mozilla\Firefox\Profiles\ab58v0xl.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}[2009/02/20 07:57:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\mozilla\Firefox\Profiles\ab58v0xl.default\extensions\[email protected][2009/03/09 17:00:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\mozilla\Firefox\Profiles\ab58v0xl.default\extensions\[email protected][2008/10/23 21:08:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\mozilla\Firefox\Profiles\ab58v0xl.default\extensions\[email protected][2009/04/07 17:42:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\mozilla\Firefox\Profiles\ab58v0xl.default\extensions\[email protected][2008/10/09 09:49:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\mozilla\Firefox\Profiles\ab58v0xl.default\extensions\[email protected][2008/11/22 23:10:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\mozilla\Firefox\Profiles\ab58v0xl.default\extensions\[email protected][2008/10/08 17:08:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\mozilla\Firefox\Profiles\ab58v0xl.default\extensions\[email protected][2008/10/09 20:48:28 | 00,000,523 | ---- | M] () -- C:\Documents and Settings\Raolan\Application Data\Mozilla\FireFox\Profiles\ab58v0xl.default\searchplugins\daemon-search.xml[2009/03/09 17:01:49 | 00,001,898 | ---- | M] () -- C:\Documents and Settings\Raolan\Application Data\Mozilla\FireFox\Profiles\ab58v0xl.default\searchplugins\surf-canyon.xml[2009/05/11 21:33:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions[2009/05/05 10:42:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2008/10/08 11:36:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}[2008/10/08 21:16:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[2009/05/05 10:42:35 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll[2009/05/05 10:42:35 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll[2008/09/25 11:21:16 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml[2008/09/25 11:21:16 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml[2008/09/25 11:21:16 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml[2008/11/16 14:13:18 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml[2009/01/21 20:58:26 | 00,001,307 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-com.xml[2008/09/25 11:21:16 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml[2008/09/25 11:21:16 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml[2008/09/25 11:21:16 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\HostsO1 - Hosts: 127.0.0.1       localhostO2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe [2009/04/03 19:25:11 | 00,000,000 | ---D | M]O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not foundO2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe [2009/04/03 19:25:11 | 00,000,000 | ---D | M]O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {B3535C18-0E70-4D4B-B36B-BBFE139BB144} - Reg Error: Key error. File not foundO3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - Reg Error: Key error. File not foundO3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)O4 - HKLM..\Run: []  File not foundO4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" (Adobe Systems Incorporated)O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)O4 - HKLM..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin (Adobe Systems Incorporated)O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (ATI Technologies Inc.)O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)O4 - HKLM..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" (CyberLink Corp.)O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)O4 - HKLM..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" (CyberLink Corp.)O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun ()O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot (RealNetworks, Inc.)O4 - HKLM..\Run: [WTClient] WTClient.exe (Tablet Driver)O4 - HKCU..\Run: [amsn] C:\Program Files\aMSN\amsn.exe File not foundO4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)O4 - HKCU..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe File not foundO4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\Raolan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)O4 - HKCU..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" File not foundO4 - HKCU..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html (Adobe Systems Incorporated)O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html (Adobe Systems Incorporated)O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_07)O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_07)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_07)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab"]http://download.macromedia.com/pub/shockwa...ash/swflash.cab[/url] (Shockwave Flash Object)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{C7BEC962-AA51-4B55-AE56-75FA7F1CAA5E}\\NameServer = 192.168.1.1O18 - Protocol\Filter:  - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter:  - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter:  - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter:  - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter:  - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter:  - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter:  - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter:  - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)O18 - Protocol\Filter:  - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)O20 - AppInit_DLLs: (avgrsstx.dll) - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)O24 - Desktop Components:0 (My Current Home Page) - About:HomeO27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)O31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009/04/05 10:03:16 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O33 - MountPoints2\{73fecbfa-944d-11dd-81f3-0015f2574cda}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\restor.exeO33 - MountPoints2\{73fecbfa-944d-11dd-81f3-0015f2574cda}\Shell\open\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\restor.exeO34 - HKLM BootExecute: (autocheck) -  File not foundO34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)O34 - HKLM BootExecute: (*) -  File not found ========== Files/Folders - Created Within 30 Days ========== [2009/05/11 07:21:38 | 00,004,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\._8science_4assignment_periodictable.doc[2009/05/11 07:21:37 | 00,004,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\._assignment5_science.doc[2009/05/11 07:21:07 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\8science_4assignment_periodictable.doc[2009/05/11 07:20:53 | 00,039,936 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\assignment5_science.doc[2009/05/11 07:12:21 | 00,006,148 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\.DS_Store[2009/05/11 07:11:51 | 00,004,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\._assignment5_science.docx[2009/05/11 07:11:51 | 00,004,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\._8science_4assignment_periodictable.docx[2009/05/10 07:02:04 | 00,286,208 | ---- | C] () -- C:\micxs1bm.exe[2009/05/09 23:47:36 | 00,001,739 | ---- | C] () -- C:\Documents and Settings\Raolan\Desktop\HijackThis.lnk[2009/05/09 23:47:34 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro[2009/05/08 16:05:13 | 00,102,995 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\assignment5_science.docx[2009/05/08 15:46:31 | 00,002,211 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pirates of the Caribbean Online's Desktop Galleon.lnk[2009/05/07 10:25:10 | 00,000,605 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pirates of the Caribbean.lnk[2009/05/03 16:36:08 | 00,000,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pirates of the Caribbean Online.lnk[2009/05/03 16:36:05 | 00,000,000 | ---D | C] -- C:\Program Files\Disney[2009/05/02 21:04:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games[2009/05/02 21:04:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Raolan\Desktop\Tradewinds 2[2009/05/02 21:04:00 | 92,003,866 | ---- | C] () -- C:\Documents and Settings\Raolan\Desktop\Tradewinds 2.zip[2009/04/29 13:12:01 | 00,098,294 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\8science_4assignment_periodictable.docx[2009/04/24 18:48:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Raolan\Desktop\USB Backup[2009/04/19 07:42:59 | 00,000,122 | ---- | C] () -- C:\WINDOWS\WA.INI[2009/04/19 07:42:23 | 00,000,814 | ---- | C] () -- C:\Documents and Settings\Raolan\Desktop\Worms Armageddon New Edition .lnk[2009/04/14 20:56:11 | 00,000,000 | ---D | C] -- C:\Program Files\Persona[2009/04/14 20:53:15 | 00,000,000 | ---D | C] -- C:\Program Files\FlashGet[2009/04/14 07:11:25 | 02,788,381 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des[2009/04/05 10:03:54 | 00,000,040 | ---- | C] () -- C:\WINDOWS\wininit.ini[2009/03/29 17:50:46 | 00,000,014 | ---- | C] () -- C:\WINDOWS\System32\Systemdrv.sys[2009/03/21 08:25:02 | 00,041,808 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll[2008/12/25 08:25:00 | 00,000,081 | ---- | C] () -- C:\WINDOWS\HUMANJAP.INI[2008/12/21 05:16:58 | 00,000,026 | ---- | C] () -- C:\WINDOWS\gale.ini[2008/12/14 13:24:38 | 00,000,325 | ---- | C] () -- C:\WINDOWS\BeatBox.INI[2008/12/14 13:24:37 | 00,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI[2008/12/14 13:22:21 | 00,000,273 | ---- | C] () -- C:\WINDOWS\musicmaker.INI[2008/12/14 13:13:33 | 00,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini[2008/12/14 13:13:32 | 00,000,919 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini[2008/10/31 19:51:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2008/10/17 17:24:22 | 00,000,009 | ---- | C] () -- C:\WINDOWS\WINHELP.INI[2008/10/16 15:19:59 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll[2008/10/10 07:15:26 | 00,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll[2008/10/09 20:19:30 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys[2008/10/09 20:07:12 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll[2008/10/09 10:41:53 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll[2008/10/08 16:31:45 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Install6x.dll[2008/10/07 18:49:42 | 00,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI[2008/10/01 19:44:59 | 00,000,067 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini[2008/10/01 19:39:34 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll[2008/10/01 19:28:45 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini[2008/10/01 19:28:43 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll[2008/10/01 19:23:36 | 00,000,266 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini[2008/10/01 19:23:33 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys[2008/10/01 19:23:28 | 00,005,700 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini[2008/10/01 19:23:25 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS[2007/04/25 05:31:12 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\ucinst32.dll[2005/08/03 07:24:01 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI[2002/10/30 05:53:26 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\PcHook.DLL[2001/08/23 22:00:00 | 00,011,376 | R--- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys[2001/08/23 22:00:00 | 00,000,801 | ---- | C] () -- C:\WINDOWS\win.ini[2001/08/23 22:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI ========== Files - Modified Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files][3 C:\WINDOWS\*.tmp files][2009/05/11 21:30:24 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Raolan\Local Settings\desktop.ini[2009/05/11 21:30:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2009/05/11 21:30:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2009/05/11 12:42:12 | 00,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1220945662-682003330-1003.job[2009/05/11 12:30:29 | 35,961,689 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm[2009/05/11 12:30:29 | 00,052,945 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg[2009/05/11 07:21:38 | 00,004,096 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\._assignment5_science.doc[2009/05/11 07:21:38 | 00,004,096 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\._8science_4assignment_periodictable.doc[2009/05/11 07:21:07 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\8science_4assignment_periodictable.doc[2009/05/11 07:20:53 | 00,039,936 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\assignment5_science.doc[2009/05/11 07:12:21 | 00,006,148 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\.DS_Store[2009/05/11 07:11:52 | 00,004,096 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\._assignment5_science.docx[2009/05/11 07:11:52 | 00,004,096 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\._8science_4assignment_periodictable.docx[2009/05/10 19:49:11 | 00,102,995 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\assignment5_science.docx[2009/05/10 07:02:04 | 00,286,208 | ---- | M] () -- C:\micxs1bm.exe[2009/05/09 23:47:36 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\Raolan\Desktop\HijackThis.lnk[2009/05/08 15:46:31 | 00,002,211 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pirates of the Caribbean Online's Desktop Galleon.lnk[2009/05/07 10:33:52 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2009/05/07 10:25:10 | 00,000,605 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pirates of the Caribbean.lnk[2009/05/04 16:20:16 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll[2009/05/04 16:20:15 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys[2009/05/04 16:20:15 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys[2009/05/04 16:20:11 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys[2009/05/03 16:36:08 | 00,000,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pirates of the Caribbean Online.lnk[2009/05/02 20:47:54 | 92,003,866 | ---- | M] () -- C:\Documents and Settings\Raolan\Desktop\Tradewinds 2.zip[2009/04/29 13:12:02 | 00,098,294 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\8science_4assignment_periodictable.docx[2009/04/28 13:37:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job[2009/04/21 15:08:22 | 00,000,801 | ---- | M] () -- C:\WINDOWS\win.ini[2009/04/20 18:07:24 | 00,000,122 | ---- | M] () -- C:\WINDOWS\WA.INI[2009/04/19 07:42:24 | 00,000,814 | ---- | M] () -- C:\Documents and Settings\Raolan\Desktop\Worms Armageddon New Edition .lnk[2009/04/18 08:45:49 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg[2009/04/13 14:49:33 | 00,013,312 | ---- | M] () -- C:\WINDOWS\System32\BASSMOD.dll ========== LOP Check ========== [2009/05/02 21:04:31 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data[2008/10/09 20:22:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}[2009/04/03 18:42:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe[2009/04/03 19:13:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALM[2009/04/20 07:24:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL[2009/04/11 08:21:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP[2008/10/09 20:21:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple[2008/10/09 20:22:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer[2009/02/08 07:01:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8[2008/10/08 17:27:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus[2009/03/29 18:25:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink[2008/10/11 15:12:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet[2008/10/09 14:52:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision[2009/04/11 13:24:49 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft[2008/12/16 17:27:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS[2008/11/07 14:52:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS[2009/05/02 21:04:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games[2008/10/08 11:36:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype[2009/03/29 18:14:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp[2009/04/11 08:20:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint[2009/04/20 07:23:57 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Raolan\Application Data[2009/04/04 17:13:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\Adobe[2008/12/05 19:45:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\Ambient Design[2008/10/09 20:22:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\Apple Computer[2008/10/10 07:18:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\Atari[2008/10/01 19:42:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\ATI[2008/10/10 21:20:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\AVGTOOLBAR[2009/05/10 22:00:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\Azureus[2009/03/10 07:04:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1[2009/03/29 18:25:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\CyberLink[2008/10/09 20:19:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\DAEMON Tools[2008/10/09 20:31:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1[2009/01/28 06:57:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\Download Manager[2009/04/06 19:05:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\dvdcss[2009/04/04 07:15:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\FileZilla[2008/10/09 10:42:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\GlobalSCAPE[2009/04/12 18:23:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\Hamachi[2008/12/21 05:16:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\Humanbalance[2008/10/01 16:55:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\Identities[2008/10/10 07:15:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\Leadertech[2009/04/05 10:05:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\Macromedia[2009/04/11 13:24:49 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Raolan\Application Data\Microsoft[2009/03/19 21:40:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\Mozilla[2008/10/28 16:13:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\Multi-Note[2008/10/29 06:52:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\OpenOffice.org[2008/10/08 21:31:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\Opera[2008/10/09 14:21:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\PSpad[2009/03/29 17:21:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\Real[2009/03/20 19:40:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\Safer Networking[2009/05/11 21:42:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\Skype[2009/05/11 21:31:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\skypePM[2008/10/17 17:57:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\Subversion[2008/10/30 19:46:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\Sun[2008/12/13 12:40:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\Talkback[2008/12/13 12:40:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\Thunderbird[2008/10/17 17:57:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\TortoiseSVN[2008/10/19 10:49:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\vlc[2008/12/27 13:57:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\Winamp[2008/10/08 16:32:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\WinRAR[2008/11/10 20:33:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raolan\Application Data\yoclient[2009/04/28 13:37:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job[2001/08/23 22:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini[2009/05/11 12:42:12 | 00,000,930 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1220945662-682003330-1003.job[2009/05/11 21:30:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== < End of report >
OTListIt Extras logfile created on: 5/11/2009 9:44:30 PM - Run 3OTListIt2 by OldTimer - Version 2.0.15.5     Folder = E:\Downloads & Transfers\DownloadsWindows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.2180)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1023.48 Mb Total Physical Memory | 356.14 Mb Available Physical Memory | 34.80% Memory free2.40 Gb Paging File | 1.86 Gb Available in Paging File | 77.53% Paging File freePaging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 74.52 Gb Total Space | 47.21 Gb Free Space | 63.35% Space Free | Partition Type: NTFSD: Drive not present or media not loadedDrive E: | 596.17 Gb Total Space | 469.79 Gb Free Space | 78.80% Space Free | Partition Type: NTFSF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: RAOLANCurrent User Name: RaolanLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userOutput = MinimalFile Age = 30 DaysCompany Name Whitelist: On ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation).cpl [@ = cplfile] -- C:\WINDOWS\system32\shell32.DLL (Microsoft Corporation).hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation).hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation).inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation).ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation).url [@ = InternetShortcut] -- C:\WINDOWS\system32\shdocvw.DLL (Microsoft Corporation).js [@ = jsfile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation).jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation).reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation).txt [@ = txtfile] -- C:\WINDOWS\system32\NOTEPAD.EXE (Microsoft Corporation).vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation).vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation).wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation).wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile"DoNotAllowExceptions" = 0"EnableFirewall" = 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe File not foundC:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe File not foundC:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 (CyberLink Corp.)C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]C:\Documents and Settings\Raolan\Local Settings\Temp\IXP000.TMP\vcstas.exe:*:Enabled:Windows Messanger File not found%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe (AVG Technologies CZ, s.r.o.)C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus (Aelitis)C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)E:\Program Files\VUGames\Tribes Vengeance\Program\Bin\TV_CD_DVD.exe:*:Enabled:TV_CD_DVD File not foundC:\Program Files\aMSN\bin\wish.exe:*:Enabled:Wish Application File not foundC:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire File not foundC:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server (Microsoft Corporation)H:\BS2-20080413\BurningSand2.exe:*:Enabled:BurningSand2 File not foundC:\Documents and Settings\Raolan\Desktop\BS2-20080413\BurningSand2.exe:*:Enabled:BurningSand2 File not foundC:\Ntreev\Grand Chase\main.exe:*:Enabled:GrandChase ()H:\Counter Strike\hl.exe:*:Enabled:Half-Life Launcher File not foundE:\Program Files\Counter Strike\hl.exe:*:Enabled:Half-Life Launcher File not foundH:\Nick's Stuff\Counter Strike\hl.exe:*:Enabled:Half-Life Launcher File not foundC:\Documents and Settings\Raolan\Desktop\HaloCE\haloce.exe:*:Enabled:Halo File not foundC:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager (Nexon)C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe File not foundC:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe File not foundC:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core File not foundE:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade File not foundE:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III (Blizzard Entertainment)E:\Program Files\Warcraft III\War3.exe:*:Enabled:Warcraft III (Blizzard Entertainment)C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:*:Enabled:CyberLink PowerDVD 9.0 (CyberLink Corp.)C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 (CyberLink Corp.)C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 (Adobe Systems Incorporated)C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server (Adobe Systems Incorporated)C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader File not foundC:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget File not foundC:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server"{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}" = CuteFTP 8 Professional"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer (OpenSBI Edition)"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(tm) 6 Update 7"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update"{697159AA-CB93-9F0F-6628-45EED03562F4}" = twhirl"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4"{830D40F7-7092-4418-BE17-F7F7899F2B41}" = e-Sword"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3"{91F34319-08DE-457A-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional"{92B79901-C57D-409F-8D2F-4E5337383569}" = OpenOffice.org 3.0"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9"{A936F875-DFD2-4224-96AF-4A37D744963B}" = ATI Catalyst Control Center"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{C1157104-1574-4BD2-99C7-0AAB5DF4275F}" = Pirates of the Caribbean"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{D0C04904-ED13-4DB3-ACCA-A41079EBA23C}" = Opera 9.60"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1" = WC3Banlist"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4"{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}" = The Simpsons Hit & Run(tm)"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Ralink Wireless LAN Card"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"Adobe Shockwave Player" = Adobe Shockwave Player 11"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection"All ATI Software" = ATI - Software Uninstall Utility"ATI Display Driver" = ATI Display Driver"AVG8Uninstall" = AVG 8.5"Azureus" = Azureus"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com"Disney Pirates of the Caribbean Online" = Disney Pirates of the Caribbean Online"FileZilla Client" = FileZilla Client 3.1.3.1"Google Desktop" = Google Desktop"Grand Chase" = Grand Chase"GraphicsGale_is1" = GraphicsGale version 1.93.04"HijackThis" = HijackThis 2.0.2"Human Japanese" = Human Japanese"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9"MAGIX music maker 2005 deLuxe" = MAGIX music maker 2005 deLuxe"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)"Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21)"NVIDIA Drivers" = NVIDIA Drivers"Pirates of the Caribbean Online's Desktop Galleon" = Pirates of the Caribbean Online's Desktop Galleon"PSPad editor_is1" = PSPad editor"RealPlayer 6.0" = RealPlayer"Samsung CLP-300 Series" = Samsung CLP-300 Series"Tales of Pirates Online_is1" = Tales of Pirates Online"ViewpointMediaPlayer" = Viewpoint Media Player"VLC media player" = VLC media player 0.9.4"WIC" = Windows Imaging Component"Winamp" = Winamp"Windows XP Service Pack" = Windows XP Service Pack 2"WinLiveSuite_Wave3" = Windows Live Essentials"WinPcapInst" = WinPcap 3.1"WinRAR archiver" = WinRAR archiver ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Google Chrome" = Google Chrome"Puzzle Pirates" = Puzzle Pirates"Warcraft III" = Warcraft III: All Products ========== Last 10 Event Log Errors ========== [ Application Events ]Error - 4/22/2009 6:13:28 PM | Computer Name = RAOLAN | Source = Application Hang | ID = 1002Description = Hanging application PowerDVD9.exe, version 9.0.1428.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 5/1/2009 5:31:12 AM | Computer Name = RAOLAN | Source = Application Hang | ID = 1002Description = Hanging application BurningSand2.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 5/4/2009 2:22:31 AM | Computer Name = RAOLAN | Source = Application Hang | ID = 1002Description = Hanging application Pirates.exe, version 1.0.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 5/6/2009 8:37:52 PM | Computer Name = RAOLAN | Source = Application Error | ID = 1000Description = Faulting application engine.exe, version 1.0.0.1, faulting module dx8render.dll, version 0.0.0.0, fault address 0x00008e38. Error - 5/10/2009 3:48:23 AM | Computer Name = RAOLAN | Source = Google Update | ID = 20Description =  Error - 5/10/2009 8:09:16 AM | Computer Name = RAOLAN | Source = Google Update | ID = 20Description =  Error - 5/10/2009 9:09:15 AM | Computer Name = RAOLAN | Source = Google Update | ID = 20Description =  Error - 5/10/2009 10:09:16 AM | Computer Name = RAOLAN | Source = Google Update | ID = 20Description =  Error - 5/10/2009 11:09:16 AM | Computer Name = RAOLAN | Source = Google Update | ID = 20Description =  Error - 5/10/2009 5:18:28 PM | Computer Name = RAOLAN | Source = Application Hang | ID = 1002Description = Hanging application soffice.bin, version 3.0.9357.500, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ]Error - 4/29/2009 4:50:06 PM | Computer Name = RAOLAN | Source = W32Time | ID = 39452701Description = The time provider NtpClient is configured to acquire time from one or more  time sources, however none of the sources are currently accessible.   No attempt to contact a source will be made for 14 minutes.  NtpClient has no source of accurate time.  Error - 4/29/2009 5:05:07 PM | Computer Name = RAOLAN | Source = W32Time | ID = 39452689Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30  minutes.  The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 4/29/2009 5:05:07 PM | Computer Name = RAOLAN | Source = W32Time | ID = 39452701Description = The time provider NtpClient is configured to acquire time from one or more  time sources, however none of the sources are currently accessible.   No attempt to contact a source will be made for 29 minutes.  NtpClient has no source of accurate time.  Error - 5/5/2009 10:07:15 PM | Computer Name = RAOLAN | Source = MRxSmb | ID = 8003Description = The master browser has received a server announcement from the computer MEDIAPC  that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C7BEC962-AA51-4B55-A.  The master browser is stopping or an election is being forced. Error - 5/7/2009 3:20:01 AM | Computer Name = RAOLAN | Source = BROWSER | ID = 8032Description = The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{C7BEC962-AA51-4B55-AE56-75FA7F1CAA5E}.  The backup browser is stopping. Error - 5/7/2009 11:55:00 PM | Computer Name = RAOLAN | Source = BROWSER | ID = 8032Description = The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{C7BEC962-AA51-4B55-AE56-75FA7F1CAA5E}.  The backup browser is stopping. Error - 5/9/2009 8:03:43 AM | Computer Name = RAOLAN | Source = MRxSmb | ID = 8003Description = The master browser has received a server announcement from the computer MEDIAPC  that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C7BEC962-AA51-4B55-A.  The master browser is stopping or an election is being forced. Error - 5/10/2009 3:31:37 AM | Computer Name = RAOLAN | Source = SideBySide | ID = 16842811Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.Reference error message: Insufficient system resources exist to complete the requested service.. Error - 5/10/2009 3:31:37 AM | Computer Name = RAOLAN | Source = SideBySide | ID = 16842811Description = Generate Activation Context failed for C:\WINDOWS\System32\cscui.dll.Reference error message: The operation completed successfully.  . Error - 5/10/2009 4:27:53 AM | Computer Name = RAOLAN | Source = NetBT | ID = 4321Description = The name "FEDERATION     :1d" could not be registered on the Interface with IP address 192.168.1.210.  The machine with the IP address 192.168.1.2 did not allow the name to be claimed by  this machine.  < End of report >

  • 0

#4
kahdah
Posted 11 May 2009 - 06:07 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#5
Raolan
Posted 11 May 2009 - 06:09 AM

Raolan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Now I have no idea why, but in the next scan it only scanned one main directory in the file scan, my pirates of the caribbean online folder. It doesn't fit into the post so I just got rid of it. I did exactly what you said though so it makes little sense to me.

GMER 1.0.15.14972 - [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2009-05-11 07:05:08Windows 5.1.2600 Service Pack 2---- System - GMER 1.0.15 ----SSDT            spjy.sys                                                                                                                                               ZwCreateKey [0xF73DC0E0]SSDT            spjy.sys                                                                                                                                               ZwEnumerateKey [0xF73FACA2]SSDT            spjy.sys                                                                                                                                               ZwEnumerateValueKey [0xF73FB030]SSDT            spjy.sys                                                                                                                                               ZwOpenKey [0xF73DC0C0]SSDT            spjy.sys                                                                                                                                               ZwQueryKey [0xF73FB108]SSDT            spjy.sys                                                                                                                                               ZwQueryValueKey [0xF73FAF88]SSDT            spjy.sys                                                                                                                                               ZwSetValueKey [0xF73FB19A]INT 0x62        ?                                                                                                                                                      867D9BF8INT 0x63        ?                                                                                                                                                      8654BBF8INT 0x73        ?                                                                                                                                                      867D9BF8INT 0x82        ?                                                                                                                                                      867D9BF8INT 0x83        ?                                                                                                                                                      867D9BF8---- Kernel code sections - GMER 1.0.15 ----?               spjy.sys                                                                                                                                               The system cannot find the file specified. !.text           USBPORT.SYS!DllUnload                                                                                                                                  F662262C 5 Bytes  JMP 8654B1D8 .text           azu2moc7.SYS                                                                                                                                           F6138386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...].text           azu2moc7.SYS                                                                                                                                           F61383AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...].text           azu2moc7.SYS                                                                                                                                           F61383C4 3 Bytes  [00, 70, 02] {ADD [EAX+0x2], DH}.text           azu2moc7.SYS                                                                                                                                           F61383C9 1 Byte  [2E].text           azu2moc7.SYS                                                                                                                                           F61383C9 11 Bytes  [2E, 00, 00, 00, 5A, 02, 00, ...].text           ...                                                                                                                                                    ---- Kernel IAT/EAT - GMER 1.0.15 ----IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                                                     [F73DD040] spjy.sysIAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                                                             [F73DD13C] spjy.sysIAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                                                    [F73DD0BE] spjy.sysIAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                                                            [F73DD7FC] spjy.sysIAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                                                    [F73DD6D2] spjy.sysIAT             \SystemRoot\System32\Drivers\azu2moc7.SYS[HAL.dll!KfAcquireSpinLock]                                                                                   4B8BDF8BIAT             \SystemRoot\System32\Drivers\azu2moc7.SYS[HAL.dll!READ_PORT_UCHAR]                                                                                     8D3F0304IAT             \SystemRoot\System32\Drivers\azu2moc7.SYS[HAL.dll!KeGetCurrentIrql]                                                                                    CB033043IAT             \SystemRoot\System32\Drivers\azu2moc7.SYS[HAL.dll!KfRaiseIrql]                                                                                         0673C13BIAT             \SystemRoot\System32\Drivers\azu2moc7.SYS[HAL.dll!KfLowerIrql]                                                                                         C13B0003IAT             \SystemRoot\System32\Drivers\azu2moc7.SYS[HAL.dll!HalGetInterruptVector]                                                                               8366FA72IAT             \SystemRoot\System32\Drivers\azu2moc7.SYS[HAL.dll!HalTranslateBusAddress]                                                                              75000E7BIAT             \SystemRoot\System32\Drivers\azu2moc7.SYS[HAL.dll!KeStallExecutionProcessor]                                                                           0B7D80E3IAT             \SystemRoot\System32\Drivers\azu2moc7.SYS[HAL.dll!KfReleaseSpinLock]                                                                                   307B8D00IAT             \SystemRoot\System32\Drivers\azu2moc7.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                             00AA840FIAT             \SystemRoot\System32\Drivers\azu2moc7.SYS[HAL.dll!READ_PORT_USHORT]                                                                                    83660000IAT             \SystemRoot\System32\Drivers\azu2moc7.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                            6A000E7AIAT             \SystemRoot\System32\Drivers\azu2moc7.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                                                    C6647400IAT             \SystemRoot\System32\Drivers\azu2moc7.SYS[WMILIB.SYS!WmiSystemControl]                                                                                 4F8B0200IAT             \SystemRoot\System32\Drivers\azu2moc7.SYS[WMILIB.SYS!WmiCompleteRequest]                                                                               968D5140IAT             \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                                                     [F73ED048] spjy.sys---- Devices - GMER 1.0.15 ----Device          \FileSystem\Ntfs \Ntfs                                                                                                                                 867D81F8AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                               avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)Device          \Driver\usbohci \Device\USBPDO-0                                                                                                                       865831F8Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                                                              867DA1F8Device          \Driver\dmio \Device\DmControl\DmConfig                                                                                                                867DA1F8Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                                                   867DA1F8Device          \Driver\dmio \Device\DmControl\DmInfo                                                                                                                  867DA1F8AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                              avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                                                                 8676E1F8Device          \Driver\nvata \Device\00000071                                                                                                                         867D91F8Device          \Driver\Cdrom \Device\CdRom0                                                                                                                           8657F1F8Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                                                                 8676E1F8Device          \Driver\Cdrom \Device\CdRom1                                                                                                                           8657F1F8Device          \Driver\nvata \Device\00000073                                                                                                                         867D91F8Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                                864731F8Device          \Driver\NetBT \Device\NetbiosSmb                                                                                                                       864731F8Device          \Driver\PCI_PNP2082 \Device\0000004d                                                                                                                   spjy.sysDevice          \Driver\PCI_PNP2082 \Device\0000004d                                                                                                                   spjy.sysDevice          \Driver\sptd \Device\700267082                                                                                                                         spjy.sysDevice          \Driver\NetBT \Device\NetBT_Tcpip_{5600C81A-0EE2-42BC-8BA9-C95D6FC0E124}                                                                               864731F8AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                              avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                            avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)Device          \Driver\usbohci \Device\USBFDO-0                                                                                                                       865831F8Device          \Driver\nvata \Device\NvAta0                                                                                                                           867D91F8Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                                                      858731F8Device          \Driver\nvata \Device\NvAta1                                                                                                                           867D91F8Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                                                            858731F8Device          \Driver\nvata \Device\0000006f                                                                                                                         867D91F8Device          \Driver\nvata \Device\NvAta2                                                                                                                           867D91F8Device          \Driver\Ftdisk \Device\FtControl                                                                                                                       8676E1F8Device          \Driver\azu2moc7 \Device\Scsi\azu2moc71                                                                                                                864941F8Device          \Driver\azu2moc7 \Device\Scsi\azu2moc71Port3Path0Target0Lun0                                                                                           864941F8Device          \FileSystem\Cdfs \Cdfs                                                                                                                                 85933500---- Registry - GMER 1.0.15 ----Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]                                                                                                     771343423Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]                                                                                                     285507792Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]                                                                                                     1Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                                       Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected]                                                                    C:\Program Files\DAEMON Tools Lite\Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected]                                                                    0Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected]                                                                 0x62 0x7C 0x85 0x9B ...Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                                              Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected]                                                           0x20 0x01 0x00 0x00 ...Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected]                                                        0xFC 0xD4 0x33 0x06 ...Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                                                        Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected]                                                  0xB7 0xB1 0xA1 0xC2 ...Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                                           Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected]                                                                        C:\Program Files\DAEMON Tools Lite\Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected]                                                                        0Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected]                                                                     0x62 0x7C 0x85 0x9B ...Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                                                  Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected]                                                               0x20 0x01 0x00 0x00 ...Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected]                                                            0xFC 0xD4 0x33 0x06 ...Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                                                            Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected]                                                      0xB7 0xB1 0xA1 0xC2 ...---- Files - GMER 1.0.15 ----{[{--Loads of pirates of the caribbean online files that don't fit--}]}---- EOF - GMER 1.0.15 ----

  • 0

#6
kahdah
Posted 11 May 2009 - 06:11 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok go ahead with my previous instructions that is fine.
  • 0

#7
Raolan
Posted 18 May 2009 - 06:14 AM

Raolan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Combofix doesn't like my computer for some reason and won't work.
  • 0

#8
kahdah
Posted 18 May 2009 - 06:40 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please delete the version you have and then do the following:

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP