Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected with win32.vitro, tried many methods with limited success

Started by unproz , May 21 2009 07:33 AM

  • Please log in to reply

#1
unproz
Posted 21 May 2009 - 07:33 AM

unproz

    New Member

  • Member
  • Pip
  • 3 posts
Hi, I got myself infected with win32.vitro(as reported by avast AV) unfortunately and have been so far unsuccessful at removing it. I ran a boot-time avast AV scan after the infection and deleted many infected files, including several that were in system32 folder(files shown in another thread). Predictably, windows couldn't startup. I managed to grab those files off another windows xp computer and put it in with the help of BartPE.

Now, windows can start but explorer gets shutdowned by DEP(Data Execution Prevention) each time. Ctrl alt del works and I am using it to run programs such as firefox and the various tools. MBAM can't be ran as the registerservice or something gets DEP-ed near the end of installation. Running the resulting program gives execution errors. Running the boot-time Avast AV scan a second time results in infected temp files as shown below.

Avast AV:

05/19/2009 20:30
Scan of all local drives

File C:\Program Files\IrfanView\i_view32.exe is infected by Win32:JunkPoly [Cryp], Repair: Error 42060 {The file was not repaired.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Deleted
File C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe is infected by Win32:Vitro, Moved to chest
File C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe is infected by Win32:Vitro, Moved to chest
File C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe is infected by Win32:Vitro, Moved to chest
File C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe is infected by Win32:Vitro, Moved to chest
File C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe is infected by Win32:Vitro, Moved to chest
File C:\Program Files\Trend Micro\HijackThis\HijackThis.exe is infected by Win32:JunkPoly [Cryp], Moved to chest
File C:\Program Files\Warcraft III\yawle.exe is infected by Win32:JunkPoly [Cryp], Moved to chest
File C:\Program Files\Windows NT\hypertrm.exe is infected by Win32:Vitro, Moved to chest
File C:\System Volume Information\_restore{EA4EDB77-78D9-44C9-ABC9-3669E6E2234D}\RP86\A0036481.exe is infected by Win32:Vitro, Moved to chest
File C:\System Volume Information\_restore{EA4EDB77-78D9-44C9-ABC9-3669E6E2234D}\RP86\A0036484.exe is infected by Win32:JunkPoly [Cryp], Moved to chest
File C:\System Volume Information\_restore{EA4EDB77-78D9-44C9-ABC9-3669E6E2234D}\RP86\A0036485.exe is infected by Win32:Vitro, Moved to chest
File C:\System Volume Information\_restore{EA4EDB77-78D9-44C9-ABC9-3669E6E2234D}\RP86\A0036486.exe is infected by Win32:Vitro, Moved to chest
File C:\System Volume Information\_restore{EA4EDB77-78D9-44C9-ABC9-3669E6E2234D}\RP86\A0036487.exe is infected by Win32:Vitro, Moved to chest
File C:\System Volume Information\_restore{EA4EDB77-78D9-44C9-ABC9-3669E6E2234D}\RP86\A0036488.exe is infected by Win32:Vitro, Moved to chest
File C:\System Volume Information\_restore{EA4EDB77-78D9-44C9-ABC9-3669E6E2234D}\RP86\A0036489.exe is infected by Win32:Vitro, Moved to chest
File C:\System Volume Information\_restore{EA4EDB77-78D9-44C9-ABC9-3669E6E2234D}\RP86\A0036490.exe is infected by Win32:JunkPoly [Cryp], Moved to chest
File C:\System Volume Information\_restore{EA4EDB77-78D9-44C9-ABC9-3669E6E2234D}\RP86\A0036491.exe is infected by Win32:JunkPoly [Cryp], Moved to chest
File C:\System Volume Information\_restore{EA4EDB77-78D9-44C9-ABC9-3669E6E2234D}\RP86\A0036492.exe is infected by Win32:Vitro, Moved to chest
File C:\WINDOWS\system32\charmap.exe is infected by Win32:Vitro, Moved to chest
File C:\WINDOWS\system32\clipsrv.exe is infected by Win32:Vitro, Moved to chest
File C:\WINDOWS\system32\cmd.exe is infected by Win32:Vitro, Moved to chest
File C:\WINDOWS\system32\dllhost.exe is infected by Win32:Vitro, Moved to chest
File C:\WINDOWS\system32\freecell.exe is infected by Win32:Vitro, Moved to chest
File C:\WINDOWS\system32\mnmsrvc.exe is infected by Win32:Vitro, Moved to chest
File C:\WINDOWS\system32\odbcad32.exe is infected by Win32:Vitro, Moved to chest
File C:\WINDOWS\system32\sol.exe is infected by Win32:Vitro, Moved to chest
File C:\WINDOWS\system32\tourstart.exe is infected by Win32:Vitro, Moved to chest
File C:\WINDOWS\system32\ups.exe is infected by Win32:Vitro, Moved to chest
File C:\WINDOWS\system32\userinit.exe is infected by Win32:Vitro, Moved to chest
File C:\WINDOWS\system32\winmine.exe is infected by Win32:Vitro, Moved to chest
File C:\WINDOWS\system32\write.exe is infected by Win32:Vitro, Moved to chest
File C:\WINDOWS\system32\wupdmgr.exe is infected by Win32:Vitro, Moved to chest
Number of searched folders: 16506
Number of tested files: 160243
Number of infected files: 33

----------------------------------------
05/21/2009 20:10
Scan of all local drives

File C:\Documents and Settings\unpro\Local Settings\Temp\VRT3.tmp is infected by Win32:Trojan-gen {Other}, Repair: Error 42060 {The file was not repaired.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Deleted
File C:\System Volume Information\_restore{EA4EDB77-78D9-44C9-ABC9-3669E6E2234D}\RP86\A0036493.exe is infected by Win32:Vitro, Moved to chest
File C:\System Volume Information\_restore{EA4EDB77-78D9-44C9-ABC9-3669E6E2234D}\RP86\A0036494.exe is infected by Win32:Vitro, Moved to chest
File C:\System Volume Information\_restore{EA4EDB77-78D9-44C9-ABC9-3669E6E2234D}\RP86\A0036495.exe is infected by Win32:Vitro, Moved to chest
File C:\System Volume Information\_restore{EA4EDB77-78D9-44C9-ABC9-3669E6E2234D}\RP86\A0036496.exe is infected by Win32:Vitro, Moved to chest
File C:\System Volume Information\_restore{EA4EDB77-78D9-44C9-ABC9-3669E6E2234D}\RP86\A0036497.exe is infected by Win32:Vitro, Moved to chest
File C:\System Volume Information\_restore{EA4EDB77-78D9-44C9-ABC9-3669E6E2234D}\RP86\A0036498.exe is infected by Win32:Vitro, Moved to chest
File C:\System Volume Information\_restore{EA4EDB77-78D9-44C9-ABC9-3669E6E2234D}\RP86\A0036499.exe is infected by Win32:Vitro, Moved to chest
File C:\System Volume Information\_restore{EA4EDB77-78D9-44C9-ABC9-3669E6E2234D}\RP86\A0036500.exe is infected by Win32:Vitro, Moved to chest
File C:\System Volume Information\_restore{EA4EDB77-78D9-44C9-ABC9-3669E6E2234D}\RP86\A0036501.exe is infected by Win32:Vitro, Moved to chest
File C:\System Volume Information\_restore{EA4EDB77-78D9-44C9-ABC9-3669E6E2234D}\RP86\A0036502.exe is infected by Win32:Vitro, Moved to chest
File C:\System Volume Information\_restore{EA4EDB77-78D9-44C9-ABC9-3669E6E2234D}\RP86\A0036503.exe is infected by Win32:Vitro, Moved to chest
File C:\System Volume Information\_restore{EA4EDB77-78D9-44C9-ABC9-3669E6E2234D}\RP86\A0036504.exe is infected by Win32:Vitro, Moved to chest
File C:\System Volume Information\_restore{EA4EDB77-78D9-44C9-ABC9-3669E6E2234D}\RP86\A0036505.exe is infected by Win32:Vitro, Moved to chest
File C:\System Volume Information\_restore{EA4EDB77-78D9-44C9-ABC9-3669E6E2234D}\RP86\A0036506.exe is infected by Win32:Vitro, Moved to chest
File F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sdcvhost.exe is infected by Win32:AutoRun-AVA [Wrm], Moved to chest
File F:\autorun.inf is infected by BV:AutoRun-G [Wrm], Moved to chest
Number of searched folders: 16553
Number of tested files: 160855
Number of infected files: 17


OTlist:

OTListIt logfile created on: 21/5/2009 9:26:12 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\unpro\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: d/M/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 49.66 Gb Free Space | 33.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 4.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.86 Gb Total Space | 1.85 Gb Free Space | 99.83% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOBBY-HFDUY8GS8
Current User Name: unpro
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\PnkBstrA.exe ()
PRC - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe (Sunbelt Software, Inc.)
PRC - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe (Sunbelt Software, Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe (Sunbelt Software, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\unpro\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMSAccessU [Auto | Running]) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PnkBstrA [Auto | Running]) -- C:\WINDOWS\system32\PnkBstrA.exe ()
SRV - (SbPF.Launcher [Auto | Running]) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe (Sunbelt Software, Inc.)
SRV - (SPF4 [Auto | Running]) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe (Sunbelt Software, Inc.)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AmdPPM [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdPPM.sys (Advanced Micro Devices)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (Cardex [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\TBPANEL.SYS (Windows ® 2000 DDK provider)
DRV - (DAdderFltr [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\dadder.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (ENTECH [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ENTECH.sys (EnTech Taiwan)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (hamachi [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (SbFw [System | Running]) -- C:\WINDOWS\system32\drivers\SbFw.sys (Sunbelt Software, Inc.)
DRV - (SBFWIMCL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\sbfwim.sys (Sunbelt Software, Inc.)
DRV - (sbhips [System | Running]) -- C:\WINDOWS\system32\drivers\sbhips.sys (Sunbelt Software, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (TBPanel [Auto | Running]) -- C:\WINDOWS\System32\drivers\TBPanel.sys (Windows ® 2000 DDK provider)
DRV - (truecrypt [System | Running]) -- C:\WINDOWS\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (VBoxDrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys ()
DRV - (VBoxNetFlt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys (Windows ® Server 2003 DDK provider)
DRV - (VBoxUSBMon [System | Running]) -- C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys (Sun Microsystems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.sg/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.2.48
FF - prefs.js..extensions.enabledItems: [email protected]:1.19
FF - prefs.js..extensions.enabledItems: [email protected]:0.8.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.3.11
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207
FF - prefs.js..extensions.enabledItems: {1a333147-8720-4f31-948e-b790af516d49}:0.3.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.3.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.2.8
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.2.0.0
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.7.3
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.6.11
FF - prefs.js..extensions.enabledItems: {C1273352-9340-4d54-A6D7-17DC157EC0B9}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/04/15 20:40:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/30 17:59:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/30 17:59:57 | 00,000,000 | ---D | M]

[2008/11/30 13:08:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Extensions
[2008/11/30 13:08:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/20 21:29:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Firefox\Profiles\0jhdipt3.default\extensions
[2009/03/25 19:27:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Firefox\Profiles\0jhdipt3.default\extensions\{1a333147-8720-4f31-948e-b790af516d49}
[2008/11/30 14:05:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Firefox\Profiles\0jhdipt3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/05/15 09:38:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Firefox\Profiles\0jhdipt3.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/02/11 18:45:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Firefox\Profiles\0jhdipt3.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2008/11/30 14:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Firefox\Profiles\0jhdipt3.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}(2)
[2008/11/30 14:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Firefox\Profiles\0jhdipt3.default\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23}
[2009/05/15 09:38:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Firefox\Profiles\0jhdipt3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/12/19 16:48:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Firefox\Profiles\0jhdipt3.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
[2009/02/11 18:46:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Firefox\Profiles\0jhdipt3.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/11/30 14:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Firefox\Profiles\0jhdipt3.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009/03/27 09:22:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Firefox\Profiles\0jhdipt3.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2009/01/31 08:59:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Firefox\Profiles\0jhdipt3.default\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}
[2008/11/30 14:05:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Firefox\Profiles\0jhdipt3.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2008/12/12 21:43:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Firefox\Profiles\0jhdipt3.default\extensions\{C1273352-9340-4d54-A6D7-17DC157EC0B9}
[2009/04/25 08:24:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Firefox\Profiles\0jhdipt3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/05/03 09:52:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Firefox\Profiles\0jhdipt3.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2008/11/30 14:05:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Firefox\Profiles\0jhdipt3.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2008/11/30 14:05:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Firefox\Profiles\0jhdipt3.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(2)
[2008/11/30 14:05:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Firefox\Profiles\0jhdipt3.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2008/11/30 14:05:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Firefox\Profiles\0jhdipt3.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}(2)
[2008/11/30 14:05:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Firefox\Profiles\0jhdipt3.default\extensions\[email protected]
[2009/02/20 13:53:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Firefox\Profiles\0jhdipt3.default\extensions\[email protected]
[2008/11/30 14:05:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Firefox\Profiles\0jhdipt3.default\extensions\[email protected]
[2008/11/30 14:05:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\unpro\Application Data\mozilla\Firefox\Profiles\0jhdipt3.default\extensions\[email protected](2).net
[2009/05/20 21:29:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/30 17:59:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/15 20:40:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/30 17:59:51 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/30 17:59:51 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/10/30 14:00:50 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/10/30 14:00:50 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/30 14:00:50 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/10/30 14:00:50 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/10/30 14:00:50 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/10/30 14:00:50 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/10/30 14:00:50 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 jL.chura.pl
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKLM..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i (Microsoft Corporation)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-1SORC.exe" /REG ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1227966337828 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell -
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/15 02:15:03 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/08/24 13:43:12 | 00,000,224 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{b7f0b2d8-df8a-11dd-8651-001b22074787}\Shell - "" = AutoRun
O33 - MountPoints2\{b7f0b2d8-df8a-11dd-8651-001b22074787}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b7f0b2d8-df8a-11dd-8651-001b22074787}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/05/24 18:36:40 | 00,950,272 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/15 15:10:35 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2009/05/21 21:19:56 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\unpro\Desktop\OTListIt2.exe
[2009/05/21 21:19:20 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/21 21:19:06 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\unpro\Desktop\Rooter.exe
[2009/05/21 20:00:21 | 00,687,104 | ---- | C] () -- C:\WINDOWS\is-1SORC.exe
[2009/05/21 20:00:21 | 00,010,498 | ---- | C] () -- C:\WINDOWS\is-1SORC.msg
[2009/05/21 20:00:21 | 00,000,407 | ---- | C] () -- C:\WINDOWS\is-1SORC.lst
[2009/05/21 19:59:07 | 00,000,000 | ---D | C] -- C:\DOCUME~1\unpro\Desktop\[bleep]
[2009/05/21 19:58:14 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/21 19:58:13 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/21 19:58:10 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/21 19:58:09 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/21 19:58:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/21 19:57:45 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\DOCUME~1\unpro\Desktop\mbsm-setup.exe
[2009/05/21 19:56:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/21 19:56:19 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\unpro\Desktop\NTREGOPT.lnk
[2009/05/21 19:56:19 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\unpro\Desktop\ERUNT.lnk
[2009/05/21 19:56:18 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/21 19:56:01 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\DOCUME~1\unpro\Desktop\erunt_setup.exe
[2009/05/21 19:53:54 | 00,021,504 | ---- | C] (Doug Knox) -- C:\DOCUME~1\unpro\Desktop\SysRestorePoint(2).exe
[2009/05/21 19:53:47 | 00,021,504 | ---- | C] (Doug Knox) -- C:\DOCUME~1\unpro\Desktop\SysRestorePoint.exe
[2009/05/21 19:35:02 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wupdmgr.exe
[2009/05/21 19:34:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2009/05/21 19:34:41 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ups.exe
[2009/05/21 19:34:41 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ups.exe
[2009/05/21 19:34:19 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmsrvc.exe
[2009/05/21 19:34:19 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmsrvc.exe
[2009/05/21 19:33:30 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2009/05/21 05:10:34 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllhost.exe
[2009/05/21 05:10:34 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dllhost.exe
[2009/05/21 05:09:49 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcad32.exe
[2009/05/21 05:09:49 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\odbcad32.exe
[2009/05/21 05:06:15 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clipsrv.exe
[2009/05/21 05:06:15 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipsrv.exe
[2009/05/19 20:13:35 | 00,001,734 | ---- | C] () -- C:\DOCUME~1\unpro\Desktop\HijackThis.lnk
[2009/05/19 20:13:35 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/19 20:13:28 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\DOCUME~1\unpro\Desktop\HJTInstall.exe
[2009/05/19 20:12:22 | 00,028,475 | ---- | C] () -- C:\DOCUME~1\unpro\Desktop\CAKE.MANIA.PLUS3TRN.PWZ.ZIP
[2009/05/19 18:54:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/19 18:54:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/05/19 18:54:40 | 00,000,000 | ---D | C] -- C:\Program Files\Cake Mania
[2009/05/19 18:53:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Sandlot Shared
[2009/05/19 18:53:29 | 00,000,000 | ---D | C] -- C:\Program Files\Cake Mania 3
[2009/05/16 14:40:41 | 00,427,434 | ---- | C] () -- C:\DOCUME~1\unpro\Desktop\mmsource-1.7.1(2).zip
[2009/05/16 14:40:26 | 05,370,878 | ---- | C] () -- C:\DOCUME~1\unpro\Desktop\sourcemod-1.2.0(2).zip
[2009/05/16 14:20:40 | 00,427,434 | ---- | C] () -- C:\DOCUME~1\unpro\Desktop\mmsource-1.7.1.zip
[2009/05/16 14:09:07 | 05,370,878 | ---- | C] () -- C:\DOCUME~1\unpro\Desktop\sourcemod-1.2.0.zip
[2009/05/15 19:45:04 | 00,031,002 | ---- | C] () -- C:\DOCUME~1\unpro\Desktop\elecom1.jpg
[2009/05/15 19:06:04 | 00,361,837 | ---- | C] () -- C:\DOCUME~1\unpro\Desktop\elecom1.png
[2009/05/15 19:05:46 | 00,027,469 | ---- | C] () -- C:\DOCUME~1\unpro\Desktop\fiio.jpg
[2009/05/15 18:30:11 | 00,033,607 | ---- | C] () -- C:\DOCUME~1\unpro\Desktop\PL30_2.jpg
[2009/05/15 14:56:07 | 00,000,000 | ---D | C] -- C:\Python30
[2009/05/15 10:19:31 | 00,004,620 | ---- | C] () -- C:\WINDOWS\XChange.dat
[2009/05/11 21:10:23 | 00,148,605 | ---- | C] () -- C:\DOCUME~1\unpro\Desktop\LOLEPICWININC.JPG
[2009/05/11 19:08:23 | 00,275,827 | ---- | C] () -- C:\DOCUME~1\unpro\Desktop\WoWScrnShot_051109_190823.jpg
[2009/05/11 19:07:56 | 00,276,788 | ---- | C] () -- C:\DOCUME~1\unpro\Desktop\WoWScrnShot_051109_190756.jpg
[2009/05/11 17:46:49 | 01,758,551 | ---- | C] () -- C:\DOCUME~1\unpro\Desktop\SystemCheck_enUS.exe
[2009/05/06 19:54:15 | 00,000,000 | ---D | C] -- C:\Program Files\Syncplicity
[2009/05/06 19:53:26 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/05/06 19:51:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/05/06 19:50:25 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/05/06 19:49:59 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2009/05/06 19:47:37 | 02,125,848 | ---- | C] (Syncplicity, Inc.) -- C:\DOCUME~1\unpro\Desktop\Syncplicity_Setup.exe
[2009/05/05 21:09:40 | 00,000,000 | ---D | C] -- C:\DOCUME~1\unpro\Desktop\elecom
[2009/05/02 17:17:19 | 00,004,824 | ---- | C] () -- C:\DOCUME~1\unpro\Desktop\chocolate earphone.jpg
[2009/05/02 17:16:21 | 00,324,591 | ---- | C] () -- C:\DOCUME~1\unpro\Desktop\elecom-sample.png
[2009/05/02 14:36:23 | 00,012,469 | ---- | C] () -- C:\DOCUME~1\unpro\Desktop\Treoo Expansion 2_new.docx
[2009/04/26 21:53:06 | 00,000,000 | ---- | C] () -- C:\DOCUME~1\unpro\Desktop\[L4D]+Standalone+1.18+RC2.exe
[2009/04/25 23:26:58 | 00,012,658 | ---- | C] () -- C:\DOCUME~1\unpro\Desktop\Treoo Expansion.docx
[2009/01/10 19:28:41 | 00,100,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\VBoxDrv.sys
[2008/12/20 00:28:00 | 00,138,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/12/08 15:32:23 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/11/30 15:34:55 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008/11/30 14:47:04 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/11/30 14:39:14 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/11/12 14:54:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/11/12 14:54:00 | 01,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/11/12 14:54:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/11/12 14:54:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/15 02:19:48 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/07/17 04:51:23 | 00,000,578 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/07/17 04:47:28 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2009/05/21 21:20:06 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/21 21:19:57 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\unpro\Desktop\OTListIt2.exe
[2009/05/21 21:19:07 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\unpro\Desktop\Rooter.exe
[2009/05/21 21:17:41 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/21 21:16:05 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\unpro\Local Settings\desktop.ini
[2009/05/21 21:16:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/21 21:16:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/21 20:00:21 | 00,687,104 | ---- | M] () -- C:\WINDOWS\is-1SORC.exe
[2009/05/21 20:00:21 | 00,010,498 | ---- | M] () -- C:\WINDOWS\is-1SORC.msg
[2009/05/21 20:00:21 | 00,000,407 | ---- | M] () -- C:\WINDOWS\is-1SORC.lst
[2009/05/21 19:57:56 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\DOCUME~1\unpro\Desktop\mbsm-setup.exe
[2009/05/21 19:56:19 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\unpro\Desktop\NTREGOPT.lnk
[2009/05/21 19:56:19 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\unpro\Desktop\ERUNT.lnk
[2009/05/21 19:56:05 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\DOCUME~1\unpro\Desktop\erunt_setup.exe
[2009/05/21 19:53:55 | 00,021,504 | ---- | M] (Doug Knox) -- C:\DOCUME~1\unpro\Desktop\SysRestorePoint(2).exe
[2009/05/21 19:53:47 | 00,021,504 | ---- | M] (Doug Knox) -- C:\DOCUME~1\unpro\Desktop\SysRestorePoint.exe
[2009/05/20 21:21:04 | 00,000,568 | ---- | M] () -- C:\Documents and Settings\unpro\My Documents\My Sharing Folders.lnk
[2009/05/20 20:40:29 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2009/05/20 20:31:48 | 00,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2009/05/19 20:29:56 | 00,000,578 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/19 20:29:56 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/19 20:29:56 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/05/19 20:13:35 | 00,001,734 | ---- | M] () -- C:\DOCUME~1\unpro\Desktop\HijackThis.lnk
[2009/05/19 20:13:28 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\DOCUME~1\unpro\Desktop\HJTInstall.exe
[2009/05/19 20:12:22 | 00,028,475 | ---- | M] () -- C:\DOCUME~1\unpro\Desktop\CAKE.MANIA.PLUS3TRN.PWZ.ZIP
[2009/05/19 18:26:45 | 00,208,477 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/18 19:08:46 | 00,002,137 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\iTunes.lnk
[2009/05/16 14:40:42 | 00,427,434 | ---- | M] () -- C:\DOCUME~1\unpro\Desktop\mmsource-1.7.1(2).zip
[2009/05/16 14:40:31 | 05,370,878 | ---- | M] () -- C:\DOCUME~1\unpro\Desktop\sourcemod-1.2.0(2).zip
[2009/05/16 14:20:40 | 00,427,434 | ---- | M] () -- C:\DOCUME~1\unpro\Desktop\mmsource-1.7.1.zip
[2009/05/16 14:09:13 | 05,370,878 | ---- | M] () -- C:\DOCUME~1\unpro\Desktop\sourcemod-1.2.0.zip
[2009/05/16 10:29:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/15 19:45:04 | 00,031,002 | ---- | M] () -- C:\DOCUME~1\unpro\Desktop\elecom1.jpg
[2009/05/15 19:06:05 | 00,361,837 | ---- | M] () -- C:\DOCUME~1\unpro\Desktop\elecom1.png
[2009/05/15 19:05:48 | 00,027,469 | ---- | M] () -- C:\DOCUME~1\unpro\Desktop\fiio.jpg
[2009/05/15 18:30:13 | 00,033,607 | ---- | M] () -- C:\DOCUME~1\unpro\Desktop\PL30_2.jpg
[2009/05/15 10:22:52 | 00,004,620 | ---- | M] () -- C:\WINDOWS\XChange.dat
[2009/05/11 21:10:49 | 00,148,605 | ---- | M] () -- C:\DOCUME~1\unpro\Desktop\LOLEPICWININC.JPG
[2009/05/11 19:13:01 | 00,275,827 | ---- | M] () -- C:\DOCUME~1\unpro\Desktop\WoWScrnShot_051109_190823.jpg
[2009/05/11 19:12:37 | 00,276,788 | ---- | M] () -- C:\DOCUME~1\unpro\Desktop\WoWScrnShot_051109_190756.jpg
[2009/05/11 17:46:49 | 01,758,551 | ---- | M] () -- C:\DOCUME~1\unpro\Desktop\SystemCheck_enUS.exe
[2009/05/08 17:38:20 | 00,002,489 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\WoWInterface UI Manager.lnk
[2009/05/07 15:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/07 06:06:02 | 01,532,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/06 19:53:46 | 00,500,372 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/06 19:53:46 | 00,427,592 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/06 19:53:46 | 00,066,376 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/06 19:47:51 | 02,125,848 | ---- | M] (Syncplicity, Inc.) -- C:\DOCUME~1\unpro\Desktop\Syncplicity_Setup.exe
[2009/05/02 17:17:15 | 00,004,824 | ---- | M] () -- C:\DOCUME~1\unpro\Desktop\chocolate earphone.jpg
[2009/05/02 17:15:56 | 00,324,591 | ---- | M] () -- C:\DOCUME~1\unpro\Desktop\elecom-sample.png
[2009/05/02 14:36:35 | 00,012,469 | ---- | M] () -- C:\DOCUME~1\unpro\Desktop\Treoo Expansion 2_new.docx
[2009/04/27 14:20:14 | 21,453,86496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/04/26 21:53:07 | 00,000,000 | ---- | M] () -- C:\DOCUME~1\unpro\Desktop\[L4D]+Standalone+1.18+RC2.exe
[2009/04/25 23:27:11 | 00,012,658 | ---- | M] () -- C:\DOCUME~1\unpro\Desktop\Treoo Expansion.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B17293E
@Alternate Data Stream - 88 bytes -> C:\DOCUME~1\unpro\Desktop\Harford, Tim - The Undercover Economist.pdf:SummaryInformation
< End of report >


Extras:

OTListIt Extras logfile created on: 21/5/2009 9:26:12 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\unpro\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: d/M/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 49.66 Gb Free Space | 33.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 4.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.86 Gb Total Space | 1.85 Gb Free Space | 99.83% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOBBY-HFDUY8GS8
Current User Name: unpro
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget (FlashGet.com)
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe ()
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client ()
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\WINDOWS\system32\verclsid.exe:*:enabled:@shell32.dll,-1 (Microsoft Corporation)
c:\windows\system32\restore\rstrui.exe:*:enabled:@shell32.dll,-1 (Microsoft Corporation)
C:\Program Files\Notepad++\notepad++.exe:*:enabled:@shell32.dll,-1 (Don HO [email protected])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8}" = Python 2.6
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{59B60A02-7A8B-47EF-850F-D8645B62C4B1}" = Sun xVM VirtualBox
"{6405591E-5E3C-44BB-9569-7C8F87E37BB8}" = WoWInterface UI Manager
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}" = Garena
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DE9E293-5D7B-4312-88C2-BDFAEC5310AE}" = Microsoft .NET Framework 3.0
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C223EA-4E25-4115-AA2E-A31023593399}" = Syncplicity
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{de2f2d9c-53e2-40ee-8209-74da63cb060e}" = Python 3.0.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F61A549E-9C8A-4859-8BFE-2A4A018BBA4A}" = Sunbelt Personal Firewall
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"All ATI Software" = ATI - Software Uninstall Utility
"Anki" = Anki
"avast!" = avast! Antivirus
"Brain Workshop_is1" = Brain Workshop 4.3
"Cake Mania" = Cake Mania (remove only)
"Cake Mania 3" = Cake Mania 3 (remove only)
"CDex" = CDex extraction audio
"CurseClient" = Curse Client
"ERUNT_is1" = ERUNT 1.1j
"File Shredder_is1" = File Shredder 2.0
"FileZilla Client" = FileZilla Client 3.2.2.1
"FlashGet" = FlashGet 1.9.6.1073
"Foxit Reader" = Foxit Reader
"FreeUndelete" = FreeUndelete
"Hamachi" = Hamachi 1.0.3.0
"HijackThis" = HijackThis 2.0.2
"IrfanView" = IrfanView (remove only)
"L4DSP" = Left 4 Dead Standalone Patch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"MessengerDiscovery Live_is1" = MessengerDiscovery Live 1.5.0725
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"PROPLUS" = Microsoft Office Professional Plus 2007
"Qtracker" = Qtracker
"RealAlt_is1" = Real Alternative 1.9.0
"SShockDeinstallKey" = System Shock2
"SystemRequirementsLab" = System Requirements Lab
"True Combat: Elite" = True Combat: Elite 0.49
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 0.9.6
"Vtune_is1" = Vtune 6.7
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yawle_0.3b" = YAWLE 0.5b

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 6/12/2008 12:03:32 PM | Computer Name = BOBBY-HFDUY8GS8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://ftp.yz.yamaga...esktop-i386.iso
failed, 00000084.

Error - 25/12/2008 9:20:16 PM | Computer Name = BOBBY-HFDUY8GS8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\UNPRO\CONTACTS\I.UNPR[email protected]\CONTACTCOLL.CACHE
failed, 00000005.

Error - 26/12/2008 9:35:49 PM | Computer Name = BOBBY-HFDUY8GS8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\UNPRO\CONTACTS\[email protected]\CONTACTCOLL.CACHE
failed, 00000005.

Error - 27/12/2008 10:09:30 PM | Computer Name = BOBBY-HFDUY8GS8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\UNPRO\CONTACTS\[email protected]\CONTACTCOLL.CACHE
failed, 00000005.

Error - 28/12/2008 1:53:19 AM | Computer Name = BOBBY-HFDUY8GS8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\UNPRO\CONTACTS\[email protected]\CONTACTCOLL.CACHE
failed, 00000005.

Error - 3/1/2009 5:15:52 AM | Computer Name = BOBBY-HFDUY8GS8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\UNPRO\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS
LIVE CONTACTS\[email protected]\REAL\CONTACTCOLL.CACHE failed, 00000005.

Error - 3/1/2009 11:14:32 AM | Computer Name = BOBBY-HFDUY8GS8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\UNPRO\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS
LIVE CONTACTS\[email protected]\REAL\CONTACTCOLL.CACHE failed, 00000005.

Error - 19/5/2009 8:23:23 AM | Computer Name = BOBBY-HFDUY8GS8 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 19/5/2009 8:29:20 AM | Computer Name = BOBBY-HFDUY8GS8 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

[ Application Events ]
Error - 24/1/2009 7:53:16 PM | Computer Name = BOBBY-HFDUY8GS8 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 14/2/2009 6:40:58 AM | Computer Name = BOBBY-HFDUY8GS8 | Source = Application Error | ID = 1000
Description = Faulting application curseclient.exe, version 0.0.0.0, faulting module
curseclient.exe, version 0.0.0.0, fault address 0x001cf2ed.

Error - 12/3/2009 6:44:03 AM | Computer Name = BOBBY-HFDUY8GS8 | Source = Application Hang | ID = 1002
Description = Hanging application ET.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/3/2009 8:53:45 AM | Computer Name = BOBBY-HFDUY8GS8 | Source = Application Error | ID = 1000
Description = Faulting application 1213.exe, version 2.62.772.0, faulting module
1213.exe, version 2.62.772.0, fault address 0x000de39c.

Error - 12/3/2009 9:01:58 AM | Computer Name = BOBBY-HFDUY8GS8 | Source = Application Hang | ID = 1002
Description = Hanging application 1213.exe, version 2.62.772.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 20/5/2009 9:19:06 AM | Computer Name = BOBBY-HFDUY8GS8 | Source = Service Control Manager | ID = 7000
Description = The Print Spooler service failed to start due to the following error:
%%1053

Error - 21/5/2009 7:37:01 AM | Computer Name = BOBBY-HFDUY8GS8 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Print Spooler service
to connect.

Error - 21/5/2009 7:37:01 AM | Computer Name = BOBBY-HFDUY8GS8 | Source = Service Control Manager | ID = 7000
Description = The Print Spooler service failed to start due to the following error:
%%1053

Error - 21/5/2009 7:44:27 AM | Computer Name = BOBBY-HFDUY8GS8 | Source = Service Control Manager | ID = 7034
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 1 time(s).

Error - 21/5/2009 7:48:53 AM | Computer Name = BOBBY-HFDUY8GS8 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Print Spooler service
to connect.

Error - 21/5/2009 7:48:53 AM | Computer Name = BOBBY-HFDUY8GS8 | Source = Service Control Manager | ID = 7000
Description = The Print Spooler service failed to start due to the following error:
%%1053

Error - 21/5/2009 8:02:43 AM | Computer Name = BOBBY-HFDUY8GS8 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Print Spooler service
to connect.

Error - 21/5/2009 8:02:43 AM | Computer Name = BOBBY-HFDUY8GS8 | Source = Service Control Manager | ID = 7000
Description = The Print Spooler service failed to start due to the following error:
%%1053

Error - 21/5/2009 9:16:24 AM | Computer Name = BOBBY-HFDUY8GS8 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Print Spooler service
to connect.

Error - 21/5/2009 9:16:24 AM | Computer Name = BOBBY-HFDUY8GS8 | Source = Service Control Manager | ID = 7000
Description = The Print Spooler service failed to start due to the following error:
%%1053


< End of report >


Rooter:

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:152617 Mo/Free:1738 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:4 Mo/Free:0 Mo)
F:\ [Removable] (Total:1901 Mo/Free:1898 Mo)

Thu 21/05/2009|21:19

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashServ.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\CDBurnerXP\NMSAccessU.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\WINDOWS\system32\PnkBstrA.exe
---------- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
---------- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
---------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\unpro\Desktop\CS3 Production Premium\CS3 CRACKS AND SERIALS\adobe-production-premium-cs3-keygen.exe
C:\DOCUME~1\unpro\Desktop\installed\ZoneLabs_Products_KeyGen.rar
C:\DOCUME~1\unpro\Desktop\installed\Sunbelt.Personal.Firewall-v4.6.1845.Inc.Crack\Sunbelt-Personal-Firewall.exe
C:\DOCUME~1\unpro\Desktop\installed\Sunbelt.Personal.Firewall-v4.6.1845.Inc.Crack\Crack\info.txt
C:\DOCUME~1\unpro\Desktop\installednew\justincase\Sunbelt.Personal.Firewall-v4.6.1845.Inc.Crack\Sunbelt-Personal-Firewall.exe
C:\DOCUME~1\unpro\Desktop\installednew\justincase\Sunbelt.Personal.Firewall-v4.6.1845.Inc.Crack\Crack\info.txt
C:\DOCUME~1\unpro\Desktop\installednew\Sunbelt.Personal.Firewall-v4.6.1845.Inc.Crack\Sunbelt-Personal-Firewall.exe
C:\DOCUME~1\unpro\Desktop\installednew\Sunbelt.Personal.Firewall-v4.6.1845.Inc.Crack\Crack\info.txt
C:\DOCUME~1\unpro\Desktop\l4domg\left4deadcrackexe.rar
C:\DOCUME~1\unpro\Desktop\Nicholas.Booth-.How.to.Make.Pe\WinRAR 3.80 Final + Keygen
C:\DOCUME~1\unpro\Desktop\Nicholas.Booth-.How.to.Make.Pe\WinRAR 3.80 Final + Keygen\KRZR.nfo
C:\DOCUME~1\unpro\Desktop\Nicholas.Booth-.How.to.Make.Pe\WinRAR 3.80 Final + Keygen\WinRAR 3.80 Final Setup.exe
C:\DOCUME~1\unpro\Desktop\Nicholas.Booth-.How.to.Make.Pe\WinRAR 3.80 Final + Keygen\WinRAR Keygen.exe
C:\DOCUME~1\unpro\Local Settings\Temp\Rar$DR00.562\Cake_Mania_v1.0_Datecode_20060329_Cracked_1001TH_ELITE_RELEASE-TNT
C:\DOCUME~1\unpro\Local Settings\Temp\Rar$DR00.562\Cake_Mania_v1.0_Datecode_20060329_Cracked_1001TH_ELITE_RELEASE-TNT\CRACK
C:\DOCUME~1\unpro\Local Settings\Temp\Rar$DR00.953\Cake_Mania_v1.0_Cracked_WORKING-TNT
C:\DOCUME~1\unpro\Local Settings\Temp\Rar$DR00.953\Cake_Mania_v1.0_Cracked_WORKING-TNT\CRACK
C:\DOCUME~1\unpro\Local Settings\Temp\Rar$DR02.188\Cake_Mania_v1.0_Cracked_WORKING-TNT
C:\DOCUME~1\unpro\Local Settings\Temp\Rar$DR02.188\Cake_Mania_v1.0_Cracked_WORKING-TNT\CRACK
C:\DOCUME~1\unpro\Local Settings\Temporary Internet Files\Content.IE5\0VCZNV29\cracked_news[1].png
C:\DOCUME~1\unpro\Recent\Cake_Mania_v1.0_Cracked_WORKING-TNT.rar.lnk
C:\DOCUME~1\unpro\Recent\Cake_Mania_v1.0_Datecode_20060329_Cracked_1001TH_ELITE_RELEASE-TNT.rar.lnk


1 - "C:\Rooter$\Rooter_1.txt" - Thu 21/05/2009|21:22


Hope you guys can help out here, thanks!
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP