Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cannot run combofix hijackthis, anti-malware tools due to virus/trojan


  • This topic is locked This topic is locked

#1
Shizzmoney

Shizzmoney

    New Member

  • Member
  • Pip
  • 4 posts
Running Win XP, everything updated, etc.

Trying to get rid of some malware and a potential trojan virus that affects my browsing experience on FireFox (I cannot access the malwarebytes website, for example, except for clicking the "cached" page option in the google browser. I also get redirected to websites without clicking anything).

I can't run HiJackThis, ComboFix, or Malwarebytes. I know this is a key part of the process. Yes, I've tried it safe muode, they won't work there either.

I ran Avira anti-virus and quarantined/deleted the 22 files it found, some were adware/spybots and I found one trojan, 152336. I also ran housecall via the Trend Micro site, and found it found a malware called OTO_RUN1.

I still am having problems with my pc being slow, and the fact I can't run the programs above makes me believe something is on this machine.

Please help, I have no idea what is on this cpu. I've attached a log file from OTListIt.

IF ANYONE CAN HELP ME THERE IS a $5 reward via PokerStars.

ty

OTListIt logfile created on: 5/21/2009 5:05:56 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Shizz\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.30 Mb Total Physical Memory | 99.06 Mb Available Physical Memory | 38.80% Memory free
1002.78 Mb Paging File | 649.80 Mb Available in Paging File | 64.80% Paging File free
Paging file location(s): C:\pagefile.sys 768 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 7.19 Gb Free Space | 19.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D6CCDF11
Current User Name: Shizz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\WINDOWS\Nhksrv.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\WINDOWS\system32\drivers\dcfssvc.exe (Eastman Kodak Company)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
PRC - C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
PRC - C:\Program Files\Norton AntiVirus\Navapw32.exe (Symantec Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\taskmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe (Eastman Kodak Company)
PRC - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Shizz\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Dcfssvc [Auto | Running]) -- C:\WINDOWS\system32\drivers\dcfssvc.exe (Eastman Kodak Company)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (ImapiService [On_Demand | Stopped]) -- C:\WINDOWS\System32\ImapiRox.exe (Roxio Inc.)
SRV - (navapsvc [On_Demand | Stopped]) -- C:\Program Files\Norton AntiVirus\navapsvc.exe (Symantec Corporation)
SRV - (Nhksrv [Auto | Running]) -- C:\WINDOWS\Nhksrv.exe ()
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (SBService [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe (Symantec Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (WUSB54GSCSVC [On_Demand | Stopped]) -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe (GEMTEKS)

========== Driver Services (SafeList) ==========

DRV - (ac97intc [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (avgntflt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (basic2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\basic2.sys (Conexant Systems)
DRV - (bvrp_pci [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\bvrp_pci.sys ()
DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio)
DRV - (cdudf_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DCamUSBUVT [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbuvt.sys (IC Media Corporation)
DRV - (DcCam [System | Running]) -- C:\WINDOWS\System32\DRIVERS\DcCam.sys (Eastman Kodak Company)
DRV - (DcFpoint [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\DcFpoint.sys (Eastman Kodak Company)
DRV - (DCFS2K [Auto | Running]) -- C:\WINDOWS\system32\drivers\dcfs2k.sys (Eastman Kodak Company)
DRV - (DcLps [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\DcLps.sys (Eastman Kodak Company)
DRV - (DcPTP [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\DcPTP.sys (Eastman Kodak Company)
DRV - (DM9102 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\DM9PCI5.SYS (CNet Technology, Inc. )
DRV - (dvd_2K [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (EL90XBC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (Exportit [System | Stopped]) -- C:\WINDOWS\System32\DRIVERS\exportit.sys (Eastman Kodak Company)
DRV - (Fallback [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\fallback.sys (Conexant Systems)
DRV - (Fsks [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\fsksnt.sys (Conexant Systems)
DRV - (hpt3xx [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys (HighPoint Technologies, Inc.)
DRV - (hsf_msft [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys (Conexant)
DRV - (IdeBusDr [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys (Intel Corporation)
DRV - (IdeChnDr [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys (Intel Corporation)
DRV - (Imapi [System | Running]) -- C:\WINDOWS\system32\drivers\ImapiRox.sys (Roxio Inc.)
DRV - (K56 [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\k56nt.sys (Conexant Systems)
DRV - (mmc_2K [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (Msikbd2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\msikbd2k.sys (Netropa Corporation)
DRV - (NAVAP [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\NAVAP.SYS ()
DRV - (NAVENG [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20010808.016\NAVENG.SYS ()
DRV - (NAVEX15 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20010808.016\NAVEX15.SYS ()
DRV - (NSNDIS5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\NSNDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nv4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (pwd_2K [System | Running]) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Rksample [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rksample.sys (Conexant Systems)
DRV - (RT73 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rt73.sys (Ralink Technology, Corp.)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (SoftFax [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\faxnt.sys (Conexant Systems)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (ssmdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (SymEvent [On_Demand | Stopped]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [Auto | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (Tones [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\tonesnt.sys (Conexant Systems)
DRV - (TVICHW32 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS (EnTech Taiwan)
DRV - (UdfReadr_xp [System | Running]) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (V124 [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\v124nt.sys (Conexant Systems)
DRV - (wceusbsh [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wceusbsh.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems)
DRV - (ZDCNDIS5 [Auto | Running]) -- C:\WINDOWS\system32\ZDCNDIS5.sys (ZDC., Inc. (ZDC))

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.ne...ch?r=minisearch
IE - URLSearchHook: {9368D063-44BE-49B9-BD14-BB9663FD38FC} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/15 14:49:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/13 17:34:34 | 00,000,000 | ---D | M]

[2008/11/26 19:41:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shizz\Application Data\mozilla\Extensions
[2008/11/26 19:41:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shizz\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/21 12:55:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shizz\Application Data\mozilla\Firefox\Profiles\uzguibpg.default\extensions
[2009/05/20 16:01:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shizz\Application Data\mozilla\Firefox\Profiles\uzguibpg.default\extensions\[email protected]
[2009/03/14 02:12:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shizz\Application Data\mozilla\Firefox\Profiles\uzguibpg.default\extensions\[email protected]
[2009/05/21 12:55:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 12:15:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/03 05:34:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/28 12:15:45 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 12:15:45 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/10/30 02:00:50 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/10/30 02:00:50 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/30 02:00:50 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/10/30 02:00:50 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/10/30 02:00:50 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/10/30 02:00:50 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/10/30 02:00:50 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (769 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 211.155.224.14 www.tvants.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
O3 - HKLM\..\Toolbar: (ZeroBar) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
O4 - HKLM..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" (Roxio)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE File not found
O4 - HKLM..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24 (Walt Disney Internet Group)
O4 - HKLM..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe File not found
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server (Support.com, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKCU..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" File not found
O4 - HKCU..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide (Veoh Networks)
O4 - HKCU..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EZVideo Chat.lnk = C:\Program Files\Ezonics\EZVideo Chat 2.0\EzChat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Franklin Covey\Planner\Palm\HOTSYNC.EXE (Palm, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Picture Transfer Software.lnk = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchpad.lnk = C:\Program Files\IC Media Corp.\ICM532\Launchpad.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
O4 - Startup: C:\Documents and Settings\Shizz\Start Menu\Programs\Startup\InterAct Profile Activator.lnk = C:\Program Files\InterAct\Gaming Devices\JoyAct.exe (InterAct Accessories Incorporation)
O4 - Startup: C:\Documents and Settings\Shizz\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Documents and Settings\Shizz\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe ()
O4 - Startup: C:\Documents and Settings\Shizz\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm ()
O9 - Extra Button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Shizz\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk ()
O9 - Extra 'Tools' menuitem : Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Shizz\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll File not found
O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - File not found
O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - File not found
O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - File not found
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (America Online, Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe File not found
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (Bodog)
O9 - Extra Button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://download.yaho...s/yinst0401.cab (YInstStarter Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valu...018/flashax.cab (FlashXControl Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Pool 2 http://download.game...ts/y/potb_x.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.211,85.255.112.149
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{6B1C6359-65F8-479F-8216-F581DF01DD87}\\NameServer = 85.255.112.211,85.255.112.149
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{BCD74859-6D3A-4452-AF7F-166EEDC2BB64}\\NameServer = 85.255.112.211,85.255.112.149
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 () - http://p1m.pornhub.c...46/4/444595.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/11/15 08:31:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/21 10:10:39 | 00,000,389 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0d7cb180-57d3-11d6-99e7-806d6172696f}\Shell - "" = Autorun
O33 - MountPoints2\{0d7cb180-57d3-11d6-99e7-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d7cb180-57d3-11d6-99e7-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-7-25-100007648-100031776-100014993-2297.com c:\
O33 - MountPoints2\{0d7cb180-57d3-11d6-99e7-806d6172696f}\Shell\Open\command - "" = C:\RECYCLER\S-0-7-25-100007648-100031776-100014993-2297.com -- [2009/05/20 23:41:18 | 00,084,480 | RHS- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/21 16:39:54 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/05/21 17:05:13 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Shizz\Desktop\OTListIt2.exe
[2009/05/21 16:46:07 | 06,367,264 | ---- | C] () -- C:\Documents and Settings\Shizz\Desktop\SUPERAntiSpyware.exe
[2009/05/21 16:20:05 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/21 16:18:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/05/21 16:17:44 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\~0
[2009/05/21 16:17:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/05/21 16:12:52 | 37,452,296 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Shizz\Desktop\Ad-AwareAE.exe
[2009/05/21 15:25:25 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/05/21 15:25:23 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/05/21 15:12:20 | 26,776,7808 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/21 14:52:05 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\Shizz\Start Menu\Programs\Startup\InterAct Profile Activator.lnk
[2009/05/21 14:52:05 | 00,001,023 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
[2009/05/21 14:52:05 | 00,000,906 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
[2009/05/21 14:52:05 | 00,000,840 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EZVideo Chat.lnk
[2009/05/21 14:52:05 | 00,000,729 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Picture Transfer Software.lnk
[2009/05/21 14:52:05 | 00,000,571 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchpad.lnk
[2009/05/21 14:28:16 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Shizz\Desktop\HijackThis.lnk
[2009/05/21 11:19:08 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/05/21 11:18:37 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/05/21 11:18:37 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/05/21 11:18:37 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/05/21 11:18:37 | 00,028,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/05/21 11:18:37 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/05/21 11:18:22 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/05/21 11:18:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/05/21 11:15:33 | 30,075,904 | ---- | C] () -- C:\Documents and Settings\Shizz\Desktop\avira_antivir_personal_en.exe
[2009/05/21 10:36:14 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/21 10:35:39 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Shizz\Desktop\HJTInstall.exe
[2009/05/21 10:29:34 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/21 10:29:34 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/21 10:29:30 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/21 10:29:28 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/21 10:28:27 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Shizz\Desktop\mbam-setup.exe
[2009/05/21 02:28:12 | 00,000,276 | -H-- | C] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/05/21 02:28:07 | 00,000,389 | RHS- | C] () -- C:\autorun.inf
[2009/05/19 01:20:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/05/19 01:17:45 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/05/19 01:13:12 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/05/19 00:51:49 | 03,006,976 | ---- | C] () -- C:\Documents and Settings\Shizz\Desktop\TvantsSetup(2).exe
[2009/05/18 23:08:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TVU Networks
[2009/05/18 22:48:33 | 01,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Shizz\Desktop\WinsockxpFix.exe
[2009/05/16 12:26:42 | 00,001,723 | ---- | C] () -- C:\Documents and Settings\Shizz\Desktop\PlayersOnly Poker.lnk
[2009/05/16 12:26:39 | 00,000,000 | ---D | C] -- C:\Program Files\PlayersOnly Poker
[2009/05/13 17:34:34 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/05/10 14:25:24 | 00,001,126 | ---- | C] () -- C:\Documents and Settings\Shizz\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
[2009/05/06 23:09:26 | 00,000,000 | ---D | C] -- C:\Program Files\Veetle
[2009/05/01 18:51:14 | 00,000,000 | ---D | C] -- C:\Program Files\Falcon Games
[2008/12/10 01:17:38 | 00,000,682 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2008/11/26 16:06:45 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/11/03 21:08:05 | 00,000,040 | ---- | C] () -- C:\WINDOWS\System32\2Wire.ini
[2008/11/03 21:07:50 | 00,000,020 | ---- | C] () -- C:\WINDOWS\System32\NB-WGASW.ini
[2008/06/01 13:34:20 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/06/01 13:33:55 | 00,000,608 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2006/10/22 13:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 13:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 13:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 13:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/08/07 02:25:38 | 00,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2005/06/28 19:55:48 | 00,000,030 | ---- | C] () -- C:\WINDOWS\morphexe.INI
[2005/06/14 19:07:40 | 00,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/06/13 22:47:20 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\79A0B3DB20.sys
[2005/06/07 17:09:31 | 00,376,832 | ---- | C] () -- C:\WINDOWS\System32\GeoCtl.dll
[2004/10/26 18:39:05 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/11/20 00:32:02 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/09/26 18:42:36 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\ICMSetup532.dll
[2003/09/26 18:42:35 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\8532util.dll
[2003/09/26 18:40:16 | 00,000,752 | ---- | C] () -- C:\WINDOWS\Showtime1.ini
[2003/09/26 18:39:50 | 00,001,038 | ---- | C] () -- C:\WINDOWS\EZPhotoBrowser2.ini
[2003/09/26 18:39:50 | 00,000,798 | ---- | C] () -- C:\WINDOWS\EZPhotoImpression2.ini
[2003/09/26 18:39:20 | 00,005,561 | ---- | C] () -- C:\WINDOWS\EZPhotoTools2.ini
[2003/09/26 18:38:03 | 00,000,750 | ---- | C] () -- C:\WINDOWS\EZVMail2.INI
[2003/09/26 18:38:01 | 00,000,558 | ---- | C] () -- C:\WINDOWS\Hardware.ini
[2003/09/26 18:37:03 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\NSVIDEO.dll
[2003/08/24 17:08:05 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/06/14 00:47:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/04/13 14:00:45 | 00,000,144 | ---- | C] () -- C:\WINDOWS\kdpixcn.ini
[2003/02/25 21:16:59 | 00,000,073 | ---- | C] () -- C:\WINDOWS\kodakPS.Shizz.ini
[2003/02/25 21:08:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PWKMAIN.INI
[2003/02/25 20:38:46 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[2002/04/28 22:08:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2002/04/28 16:22:39 | 00,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2002/04/24 21:58:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\JoyAct.INI
[2002/04/24 21:53:49 | 00,001,814 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2002/04/24 20:50:19 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\STDGPCtr.dll
[2002/04/24 20:50:19 | 00,299,008 | ---- | C] () -- C:\WINDOWS\System32\STDWhCtr.dll
[2002/04/24 20:50:18 | 01,572,864 | ---- | C] () -- C:\WINDOWS\System32\IAIFGPCt.dll
[2002/04/24 20:25:17 | 00,004,094 | ---- | C] () -- C:\WINDOWS\System32\rtcsses.dll
[2002/04/24 20:25:17 | 00,004,094 | ---- | C] () -- C:\WINDOWS\System32\dimces.dll
[2002/04/20 16:32:18 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/04/20 16:26:50 | 00,000,073 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2002/04/20 16:26:35 | 00,000,015 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2002/04/20 16:26:32 | 00,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2002/04/20 16:26:20 | 00,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2002/04/20 16:20:55 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/04/20 14:48:24 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/03/09 10:53:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2002/03/09 10:53:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2001/11/15 09:19:38 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2001/11/15 08:31:14 | 00,000,710 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2001/11/15 08:23:42 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2001/08/10 14:14:16 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImapiRoxPS.dll
[2001/08/03 20:22:00 | 00,182,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAVAP.SYS
[1998/10/11 00:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[4 C:\Documents and Settings\Shizz\My Documents\*.tmp files]
[2009/05/21 17:05:14 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shizz\Desktop\OTListIt2.exe
[2009/05/21 17:00:01 | 00,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/05/21 16:46:38 | 06,367,264 | ---- | M] () -- C:\Documents and Settings\Shizz\Desktop\SUPERAntiSpyware.exe
[2009/05/21 16:28:44 | 00,393,638 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/05/21 16:28:43 | 00,460,414 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/21 16:28:43 | 00,059,268 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/05/21 16:28:37 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/05/21 16:23:56 | 00,000,434 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.ics
[2009/05/21 16:23:11 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/05/21 16:22:51 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/21 16:21:30 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Shizz\Local Settings\DESKTOP.INI
[2009/05/21 16:21:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/21 16:21:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/05/21 16:20:58 | 26,776,7808 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/21 16:20:06 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/21 16:15:30 | 37,452,296 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Shizz\Desktop\Ad-AwareAE.exe
[2009/05/21 15:39:17 | 00,000,710 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/05/21 15:39:17 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/05/21 15:39:17 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2009/05/21 15:25:25 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/05/21 14:40:29 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Shizz\Desktop\HijackThis.lnk
[2009/05/21 11:19:09 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/05/21 11:16:47 | 30,075,904 | ---- | M] () -- C:\Documents and Settings\Shizz\Desktop\avira_antivir_personal_en.exe
[2009/05/21 10:35:40 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Shizz\Desktop\HJTInstall.exe
[2009/05/21 10:29:34 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/21 10:28:39 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Shizz\Desktop\mbam-setup.exe
[2009/05/21 10:10:39 | 00,000,389 | RHS- | M] () -- C:\autorun.inf
[2009/05/19 12:20:29 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Shizz\My Documents\DESKTOP.INI
[2009/05/19 01:20:33 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/19 00:52:04 | 03,006,976 | ---- | M] () -- C:\Documents and Settings\Shizz\Desktop\TvantsSetup(2).exe
[2009/05/18 23:55:18 | 00,000,769 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2009/05/18 23:34:18 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TCPIP.SYS
[2009/05/18 23:34:18 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2009/05/18 23:08:03 | 00,000,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TVUPlayer.lnk
[2009/05/18 22:48:36 | 01,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Shizz\Desktop\WinsockxpFix.exe
[2009/05/18 03:12:14 | 00,224,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/17 12:53:11 | 00,001,065 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2009/05/16 12:26:42 | 00,001,723 | ---- | M] () -- C:\Documents and Settings\Shizz\Desktop\PlayersOnly Poker.lnk
[2009/05/15 22:35:45 | 00,000,464 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
[2009/05/13 17:34:34 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/05/10 14:25:24 | 00,001,126 | ---- | M] () -- C:\Documents and Settings\Shizz\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
[2009/05/07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/25 01:30:39 | 00,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll

========== LOP Check ==========

[2009/05/21 16:39:35 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/05/21 16:39:35 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2009/05/13 17:34:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/05/21 11:18:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/05/21 14:19:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2005/06/02 20:52:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESPN
[2009/05/21 16:39:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/01/26 13:34:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2006/11/15 19:53:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MANSION
[2008/10/17 16:13:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2008/10/17 16:13:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2009/02/09 21:15:15 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2002/04/24 19:39:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2007/06/20 23:43:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NetZero
[2009/01/14 18:44:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/12/04 12:53:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2003/02/25 20:39:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2002/04/20 16:22:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2002/04/20 16:28:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra Imaging
[2005/06/05 20:49:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2002/04/20 16:28:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/05/18 23:08:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVU Networks
[2005/05/24 22:36:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/05/29 20:45:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/06/19 18:03:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/04/13 23:11:19 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Shizz\Application Data
[2005/05/24 22:51:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shizz\Application Data\.bittorrent
[2009/01/01 21:41:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shizz\Application Data\Adobe
[2003/02/09 19:34:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shizz\Application Data\Aim
[2009/04/07 22:35:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shizz\Application Data\Caesar Card Club
[2002/04/24 20:10:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shizz\Application Data\Help
[2002/04/20 14:09:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shizz\Application Data\Identities
[2003/10/22 18:59:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shizz\Application Data\Macromedia
[2009/01/26 13:34:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shizz\Application Data\Malwarebytes
[2005/12/13 00:56:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shizz\Application Data\Microgaming
[2008/11/06 18:18:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Shizz\Application Data\Microsoft
[2005/07/05 20:46:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shizz\Application Data\Morpheus
[2008/11/26 19:41:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shizz\Application Data\Mozilla
[2002/04/24 19:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shizz\Application Data\MSN6
[2005/07/16 00:30:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shizz\Application Data\Real
[2008/01/19 16:24:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shizz\Application Data\Sun
[2002/04/20 16:27:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shizz\Application Data\Symantec
[2009/04/13 23:11:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shizz\Application Data\TVU networks
[2009/04/06 19:31:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shizz\Application Data\vlc
[2008/06/19 18:32:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shizz\Application Data\Yahoo!
[2004/02/02 20:50:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shizz\Application Data\Yahoo! Messenger
[2009/05/21 16:20:06 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2001/08/18 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/05/15 22:35:45 | 00,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
[2009/05/21 16:21:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2005/04/03 14:17:36 | 00,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\Symantec NetDetect.job
[2009/05/21 17:00:01 | 00,000,276 | -H-- | M] () -- C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

========== Purity Check ==========

< End of report >


OTListIt Extras logfile created on: 5/21/2009 5:05:56 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Shizz\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.30 Mb Total Physical Memory | 99.06 Mb Available Physical Memory | 38.80% Memory free
1002.78 Mb Paging File | 649.80 Mb Available in Paging File | 64.80% Paging File free
Paging file location(s): C:\pagefile.sys 768 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 7.19 Gb Free Space | 19.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D6CCDF11
Current User Name: Shizz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger File not found
C:\Program Files\ESPN\GameClient.exe:63.212.200.3/255.255.255.255:Enabled:ESPN File not found
C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui ()
C:\Program Files\StreamCast\Morpheus\MorphEXE.exe:*:Enabled:Morpheus (Streamcast)
C:\Program Files\StreamCast\Morpheus\mldonkey\mlnet.exe:*:Enabled:MLdonkey - multiuser P2P daemon ()
C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord (www.BitLord.com)
C:\Program Files\support.com\bin\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher (Support.com, Inc.)
C:\Program Files\StreamCast\Morpheus\morpheus.exe:*:Enabled:M5Shell (Streamcast Networks, Inc)
C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer (RealNetworks, Inc.)
C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:Morpheus (Streamcast Networks, Inc)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server File not found
C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger (SM) (America Online, Inc.)
C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application (Microsoft Corporation)
C:\Program Files\Bodog Poker\BPGame.exe:*:Enabled:Bodog Poker (Bodog)
C:\Program Files\NetZero\exec.exe:*:Enabled:NetZero Internet (NetZero, Inc.)
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971 ()
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client (Veoh Networks)
C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:wmplayer (Microsoft Corporation)
C:\Program Files\Windows Media Player\WMPNetwk.exe:*:Enabled:wmpnetwk (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Full Tilt Poker\FullTiltPoker.exe:*:Enabled:Full Tilt Poker (Full Tilt Poker)
C:\Program Files\Cake Poker\cake.exe:*:Enabled:Cake Poker ()
C:\Program Files\PokerStars\PokerStarsUpdate.exe:*:Enabled:PokerStars (PokerStars)
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player (Veoh Networks)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{280C7673-2DF8-4E74-B031-D8F108BE2A6D}" = PRO200WL
"{2E8D4B52-52E5-41EF-9C43-8CDF1527DDFD}" = EZVideo Mail 2.0
"{3075C5C3-0807-4924-AF8F-FF27052C12AE}" = Norton AntiVirus 2002
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38FBBBD4-1D2A-4037-A71C-57093B4BA889}" = KODAK One Touch to Better Pictures
"{3EB3B7E8-1466-405A-B5BC-44513AF85E34}_is1" = UltimateBet
"{3FD3DF65-694C-4F71-97BA-1A70BB2B8B9C}" = ICM532
"{51661BCF-F22A-11D4-82B4-00500494EF5C}" = KODAK Picture Software
"{5FB2EF0E-0254-4B7E-98C9-7F83E0C5E6C2}" = EZShowtime MMS
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{62369F2F77534556AEF4C58152E3BDE5}" = Dr. DivX Trial
"{65563451-00B6-458C-9F9A-03A7757355A6}" = Compact Wireless-G USB Network Adapter with SpeedBooster
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C651250-2EB2-11D5-8E33-0050DAD72AC2}" = NetZero Internet
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A393E43-9F1B-4B4D-AFC3-E4B6663F6DD3}" = EZPhoto Browser
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7D605E00-205A-11D4-820E-AF5E0A4A233D}" = PC-Saturn
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{848E2630-C0C0-478A-A758-6639E5115993}" = EZSuite For EZVideo Chat Kit
"{884CE4D3-71D7-494A-8206-1317201AAE04}" = KODAK Camera Connection Software Help
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95D885F5-B696-11D5-9D1D-0050DAB14E03}" = Shockwave Player
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A8F1CA0-9085-11D4-B869-0050DA73F204}" = KODAK Memory Albums
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BBA471C0-5EF2-11D4-0091-A500A0245DC0}" = NHL 2001
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
"{CF3E135B-516F-4873-A7C9-FE3FCEDEE88A}" = EZVideo Chat 2.0
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{ED8F2441-E5B9-4F48-82AD-759C17A68ADB}" = EZPhoto Tools
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Compact Wireless-G USB Adapter
"{F90DA605-4E92-11D4-A319-00104BCAB4AB}" = KODAK Picture Transfer Software
"{FE117AA8-6CF3-4F2D-96C9-CAE35C309704}" = KODAK Camera Connection Software
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Instant Messenger (SM)" = AOL Instant Messenger (SM)
"Autobahn" = MLB.TV NexDef Plug-in
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BackWeb-7288971 Uninstaller" = KODAK Software Updater
"BitLord" = BitLord 1.1
"BitTorrent" = BitTorrent 4.0.2
"Bodog Poker_is1" = Bodog Poker Version 2.13.1.13
"Cake Poker" = Cake Poker
"CNXT_MODEM_PCI_VEN_14F1&DEV_2013&SUBSYS_021213E0" = Conexant HSF V92 56K Data Fax PCI Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DriverAgent.exe" = DriverAgent by eSupport.com
"ESPN RunTime" = ESPN RunTime
"Ezonics Greeting Cam Deluxe" = Ezonics Greeting Cam Deluxe
"Franklin Planner" = Franklin Covey Co. Franklin Planner
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InterAct Gaming Devices" = InterAct Gaming Devices
"InterActual Player" = InterActual Player
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate1.7" = LiveUpdate 1.7 (Symantec Corporation)
"Lock Poker" = Lock Poker
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Morpheus" = Morpheus 5.0 (remove only)
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeoTrace Express 3.25" = NeoTrace Express 3.25
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PlayersOnly Poker" = PlayersOnly Poker
"PokerStars" = PokerStars
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"Support.com" = ComcastSUPPORT
"SystemRequirementsLab" = System Requirements Lab
"Trillian" = Trillian
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.5.3
"UDPixel" = UDPixel_en.exe
"Veetle TV" = Veetle TV 0.9.14
"Veoh Web Player Beta" = Veoh Web Player Beta
"VLC media player" = VLC media player 0.9.9
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Messenger Explorer Bar" = Yahoo! Messenger Explorer Bar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CaesarCardClub_33_0" = Caesar Card Club
"KODAK PalmPix Camera" = KODAK PalmPix Camera
"Odds Maker" = Odds Maker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/21/2009 11:19:46 AM | Computer Name = D6CCDF11 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 5/21/2009 2:27:30 PM | Computer Name = D6CCDF11 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 5/21/2009 3:16:28 PM | Computer Name = D6CCDF11 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 5/21/2009 3:24:55 PM | Computer Name = D6CCDF11 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 5/21/2009 3:28:06 PM | Computer Name = D6CCDF11 | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x000010e1.

Error - 5/21/2009 3:41:55 PM | Computer Name = D6CCDF11 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 5/21/2009 4:18:16 PM | Computer Name = D6CCDF11 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 5/21/2009 4:23:20 PM | Computer Name = D6CCDF11 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 5/21/2009 4:28:47 PM | Computer Name = D6CCDF11 | Source = Application Error | ID = 1000
Description = Faulting application digservices.exe, version 1.0.0.16, faulting module
unknown, version 0.0.0.0, fault address 0x1000108e.

Error - 5/21/2009 4:47:13 PM | Computer Name = D6CCDF11 | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 4.26.0.1002, faulting
module superantispyware.exe, version 4.26.0.1002, fault address 0x000039e0.

[ System Events ]
Error - 5/21/2009 3:07:45 PM | Computer Name = D6CCDF11 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 5/21/2009 3:07:45 PM | Computer Name = D6CCDF11 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31

Error - 5/21/2009 3:07:45 PM | Computer Name = D6CCDF11 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 5/21/2009 3:07:45 PM | Computer Name = D6CCDF11 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD avgio avipbb Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss ssmdrv Tcpip

Error - 5/21/2009 3:08:29 PM | Computer Name = D6CCDF11 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 5/21/2009 3:08:33 PM | Computer Name = D6CCDF11 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/21/2009 3:11:39 PM | Computer Name = D6CCDF11 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/21/2009 3:12:45 PM | Computer Name = D6CCDF11 | Source = NetBT | ID = 4307
Description = Initialization failed because the transport refused to open initial
Addresses.

Error - 5/21/2009 3:16:50 PM | Computer Name = D6CCDF11 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 5/21/2009 4:19:36 PM | Computer Name = D6CCDF11 | Source = DCOM | ID = 10010
Description = The server {49BD2028-1523-11D1-AD79-00C04FD8FDFF} did not register
with DCOM within the required timeout.


< End of report >

Edited by Shizzmoney, 21 May 2009 - 04:22 PM.

  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
Shizzmoney

Shizzmoney

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Combofix isn't working either, it seems the program is not allowing it to run.

Looks like the Trojan causing this is Trojan.CWS. I was able to run Spyware Doctor and found a ton of stuff that I was able to fix, quarantine, and remove.....except for this one (at least for now).

Could CWS be the reason why I can't run Combofix and programs similar?

I also ran XoftSpy.exe and found a Bargain Buddy Bundle that had a high risk factor, as well as a ton of registry key potential infections from viewpoint

Edited by Shizzmoney, 21 May 2009 - 09:05 PM.

  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
try this

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
  • 0

#5
Shizzmoney

Shizzmoney

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
They both worked! I also ran the hijackthis log file via the Help2Go Detective site, which found no spyware/malware after everything was said and done.

I can even run hijack this w/o renaming it, and my computer is fast and it *feels* like everything is cleaned, but I am sure that there could be a registry thing or two still lingering around with these things.

Here's the info you requested:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:26 AM, on 5/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.ne...ch?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Shizz\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Shizz\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Odds Maker - b3cab7b9-eb43-46a2-8e15-02cc298dec71 - C:\Documents and Settings\Shizz\Start Menu\Programs\Odds Maker\Odds Maker.lnk (HKCU)
O9 - Extra button: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\Documents and Settings\All Users\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\Documents and Settings\All Users\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potb_x.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab3.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valu...018/flashax.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
O24 - Desktop Component 0: (no name) - http://p1m.pornhub.c...46/4/444595.jpg

--
End of file - 8071 bytes


ComboFix 09-05-21.03 - Shizz 05/22/2009 10:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.98 [GMT -4:00]
Running from: c:\documents and settings\Shizz\Desktop\Combo-Fix.exe
AV: a-squared Anti-Malware *On-access scanning disabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\Readme.txt
c:\windows\system32\drivers\gxvxcwqgdktputuplkydntmxlxyicdxogogkc.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcixnxttdmujgtsqskflpjnreoqpjrmsap.dll
c:\windows\system32\gxvxclptfydgjyonknamasoupslihaivycpel.dll
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.

2009-05-22 06:49 . 2009-05-22 09:21 -------- d-----w c:\program files\a-squared Anti-Malware
2009-05-22 05:36 . 2009-05-22 05:36 578560 ----a-w c:\windows\system32\dllcache\user32.dll
2009-05-22 05:34 . 2009-05-22 05:34 -------- d-----w c:\windows\ERUNT
2009-05-22 05:27 . 2009-05-22 05:58 -------- d-----w C:\SDFix
2009-05-22 05:25 . 2009-05-22 05:25 -------- d-----w c:\program files\Fumble
2009-05-22 03:07 . 2009-05-22 05:04 -------- d-----w c:\program files\True Sword 5
2009-05-22 02:45 . 2009-05-22 05:05 -------- d-----w c:\program files\XoftSpySE
2009-05-22 01:55 . 2008-12-11 12:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-22 01:54 . 2009-03-06 20:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-22 01:54 . 2008-12-18 16:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-22 01:53 . 2009-05-22 01:54 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-22 01:53 . 2008-12-10 16:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-05-22 01:53 . 2009-05-22 12:58 -------- d-----w c:\program files\Spyware Doctor
2009-05-22 01:53 . 2009-05-22 01:53 -------- d-----w c:\documents and settings\Shizz\Application Data\PC Tools
2009-05-22 01:53 . 2009-05-22 01:53 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-05-22 01:53 . 2009-05-22 14:29 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-22 01:46 . 2009-05-22 05:18 -------- d-----w c:\program files\Google
2009-05-21 22:49 . 2009-05-21 22:49 -------- d-----w C:\_OTMoveIt
2009-05-21 22:40 . 2009-05-21 22:42 -------- d-----w C:\ToolBar SD
2009-05-21 22:32 . 2009-05-21 22:34 -------- d-----w C:\rsit
2009-05-21 22:13 . 2009-05-21 22:13 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-05-21 22:13 . 2009-05-21 22:15 -------- d-----w c:\documents and settings\Shizz\.housecall6.6
2009-05-21 22:03 . 2009-05-22 05:05 -------- d-----w c:\program files\Panda Security
2009-05-21 21:34 . 2009-05-22 04:52 -------- d-----w c:\program files\ERUNT
2009-05-21 21:09 . 2009-05-21 21:09 286208 ----a-w C:\b1q2ygd5.exe
2009-05-21 20:18 . 2009-05-21 20:39 -------- dc----w c:\windows\system32\DRVSTORE
2009-05-21 20:17 . 2009-05-21 20:39 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-21 15:18 . 2009-03-24 20:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-21 15:00 . 2009-05-21 15:00 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-05-21 14:58 . 2009-05-21 14:58 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-05-21 14:36 . 2009-05-21 22:34 -------- d-----w c:\program files\Trend Micro
2009-05-21 06:29 . 2009-05-21 06:29 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-05-20 20:01 . 2009-05-04 19:07 2298680 ----a-w c:\documents and settings\Shizz\Application Data\Mozilla\Firefox\Profiles\uzguibpg.default\extensions\[email protected]\plugins\npTVUAx.dll
2009-05-20 20:01 . 2008-03-04 22:52 286720 ----a-w c:\documents and settings\Shizz\Application Data\Mozilla\Firefox\Profiles\uzguibpg.default\extensions\[email protected]\plugins\libcurl.dll
2009-05-20 20:01 . 2007-10-31 13:39 59904 ----a-w c:\documents and settings\Shizz\Application Data\Mozilla\Firefox\Profiles\uzguibpg.default\extensions\[email protected]\plugins\zlib1.dll
2009-05-20 20:01 . 2007-05-17 17:58 143360 ----a-w c:\documents and settings\Shizz\Application Data\Mozilla\Firefox\Profiles\uzguibpg.default\extensions\[email protected]\plugins\libexpatw.dll
2009-05-20 20:01 . 2006-10-18 21:32 499712 ----a-w c:\documents and settings\Shizz\Application Data\Mozilla\Firefox\Profiles\uzguibpg.default\extensions\[email protected]\plugins\msvcp71.dll
2009-05-20 20:01 . 2006-10-18 21:32 348160 ----a-w c:\documents and settings\Shizz\Application Data\Mozilla\Firefox\Profiles\uzguibpg.default\extensions\[email protected]\plugins\msvcr71.dll
2009-05-20 20:01 . 2006-10-16 22:44 196608 ----a-w c:\documents and settings\Shizz\Application Data\Mozilla\Firefox\Profiles\uzguibpg.default\extensions\[email protected]\plugins\ssleay32.dll
2009-05-20 20:01 . 2006-10-16 22:44 1028096 ----a-w c:\documents and settings\Shizz\Application Data\Mozilla\Firefox\Profiles\uzguibpg.default\extensions\[email protected]\plugins\libeay32.dll
2009-05-19 16:24 . 2009-05-19 16:24 -------- d-sh--w c:\documents and settings\Shizz\PrivacIE
2009-05-19 16:21 . 2009-05-19 16:21 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-05-19 16:20 . 2009-05-19 16:20 -------- d-sh--w c:\documents and settings\Shizz\IETldCache
2009-05-19 05:20 . 2009-05-19 05:20 -------- d-----w c:\windows\ie8updates
2009-05-19 05:17 . 2009-05-19 05:19 -------- dc-h--w c:\windows\ie8
2009-05-19 05:13 . 2009-04-25 05:30 102400 ------w c:\windows\system32\dllcache\iecompat.dll
2009-05-19 03:08 . 2009-05-19 03:08 -------- d-----w c:\documents and settings\All Users\Application Data\TVU Networks
2009-05-16 16:26 . 2009-05-16 19:00 -------- d-----w c:\program files\PlayersOnly Poker
2009-05-10 18:26 . 2009-05-10 18:26 -------- d-----w c:\documents and settings\Shizz\.autobahn
2009-05-10 18:25 . 2009-05-10 18:25 -------- d-----w c:\documents and settings\Shizz\Local Settings\Application Data\Autobahn
2009-05-10 18:24 . 2009-05-10 18:26 -------- d-----w c:\documents and settings\Shizz\Swarmcast
2009-05-07 03:09 . 2009-05-07 03:09 -------- d-----w c:\program files\Veetle
2009-05-01 22:51 . 2009-05-01 22:51 -------- d-----w c:\program files\Falcon Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 05:13 . 2003-06-14 01:30 -------- d-----w c:\program files\InterActual
2009-05-22 05:12 . 2005-05-29 04:38 -------- d-----w c:\program files\NeoTrace Express
2009-05-22 05:10 . 2002-04-20 20:30 -------- d-----w c:\program files\Common Files\Real
2009-05-22 05:09 . 2002-04-20 20:27 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-05-22 05:09 . 2002-04-20 20:27 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-22 05:08 . 2002-04-20 20:27 -------- d-----w c:\program files\Symantec
2009-05-22 05:07 . 2003-02-26 00:35 -------- d-----w c:\program files\KODAK
2009-05-22 05:06 . 2003-02-26 00:36 -------- d-----w c:\program files\Common Files\KODAK
2009-05-22 03:46 . 2004-08-14 01:00 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-05-21 20:39 . 2003-10-13 14:41 -------- d-----w c:\program files\Lavasoft
2009-05-21 18:19 . 2005-06-03 00:53 -------- d-----w c:\documents and settings\All Users\Application Data\DIGStream
2009-05-21 15:21 . 2005-06-03 00:53 -------- d-----w c:\program files\DIGStream
2009-05-21 13:55 . 2009-05-21 18:58 225620 ----a-w c:\windows\PCHEALTH\HELPCTR\Config\Cache\Personal_32_1033.dat
2009-05-19 04:52 . 2009-04-06 22:54 -------- d-----w c:\program files\TVAnts
2009-05-19 03:34 . 2001-08-18 11:00 361600 ----a-w c:\windows\system32\drivers\TCPIP.SYS
2009-05-19 03:08 . 2009-03-05 09:12 -------- d-----w c:\program files\TVUPlayer
2009-05-19 02:54 . 2006-11-02 04:35 -------- d-----w c:\program files\PokerStars
2009-05-17 16:58 . 2005-04-19 20:54 -------- d-----w c:\program files\Full Tilt Poker
2009-05-16 02:51 . 2002-06-15 22:22 65800 ----a-w c:\documents and settings\Shizz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-13 21:33 . 2009-01-02 01:30 -------- d-----w c:\program files\Common Files\Adobe
2009-05-01 22:51 . 2002-04-20 20:22 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-14 03:11 . 2009-04-14 03:11 -------- d-----w c:\documents and settings\Shizz\Application Data\TVU networks
2009-04-08 02:35 . 2009-04-05 19:32 -------- d-----w c:\documents and settings\Shizz\Application Data\Caesar Card Club
2009-04-06 23:31 . 2009-04-06 23:31 -------- d-----w c:\documents and settings\Shizz\Application Data\vlc
2009-04-06 23:29 . 2009-04-06 23:29 -------- d-----w c:\program files\VideoLAN
2009-04-06 23:02 . 2009-04-06 23:02 361600 ----a-w c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-04-05 19:32 . 2009-04-05 19:32 83447 ----a-w c:\documents and settings\Shizz\Application Data\Caesar Card Club\uninst.exe
2009-04-05 19:32 . 2009-04-05 19:32 2088137 ----a-w c:\documents and settings\Shizz\Application Data\Caesar Card Club\CaesarCardClub_Setup_WinXP_v02.48Rev52967.exe
2009-03-08 08:34 . 2004-01-08 19:23 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2001-08-18 11:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2001-08-18 11:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2002-02-26 18:58 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2001-08-18 11:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2001-08-18 11:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2001-08-18 11:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2001-08-18 11:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2001-08-18 11:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2001-08-18 11:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2001-08-18 11:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-25 09:20 . 2009-02-25 09:20 3354624 ----a-w c:\documents and settings\Shizz\Application Data\Caesar Card Club\Poker.exe
2005-06-14 23:07 . 2005-06-14 02:47 56 --sh--r c:\windows\SYSTEM32\79A0B3DB20.sys
2008-09-25 21:46 . 2005-06-14 23:07 4184 --sha-w c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-04 655360]
"DIGServices"="c:\program files\ESPNRunTime\DIGServices.exe" [2005-05-19 101888]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2006-10-22 1622016]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EZVideo Chat.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EZVideo Chat.lnk
backup=c:\windows\pss\EZVideo Chat.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Picture Transfer Software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Picture Transfer Software.lnk
backup=c:\windows\pss\KODAK Picture Transfer Software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launchpad.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Launchpad.lnk
backup=c:\windows\pss\Launchpad.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Shizz^Start Menu^Programs^Startup^InterAct Profile Activator.lnk]
path=c:\documents and settings\Shizz\Start Menu\Programs\Startup\InterAct Profile Activator.lnk
backup=c:\windows\pss\InterAct Profile Activator.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Shizz^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk]
path=c:\documents and settings\Shizz\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
backup=c:\windows\pss\MLB.TV NexDef Plug-in.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bodog Poker\\BPGame.exe"=
"c:\\Program Files\\NetZero\\exec.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Windows Media Player\\WMPNetwk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Full Tilt Poker\\FullTiltPoker.exe"=
"c:\\Program Files\\Cake Poker\\cake.exe"=
"c:\\Program Files\\PokerStars\\PokerStarsUpdate.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [5/21/2009 9:54 PM 130424]
R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [1/1/1980 1:00 AM 28672]
R2 ZDCNDIS5;ZDCNDIS5 NDIS5.1 Protocol Driver;c:\windows\SYSTEM32\ZDCndis5.sys [11/3/2008 9:07 PM 20736]
R3 Msikbd2k;DellTouch;c:\windows\SYSTEM32\DRIVERS\Msikbd2k.sys [4/20/2002 4:26 PM 6942]
S3 DCamUSBUVT;ICM532A;c:\windows\SYSTEM32\DRIVERS\usbuvt.sys [9/26/2003 6:42 PM 95232]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/21/2009 9:53 PM 348752]
S3 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [11/6/2008 12:38 AM 53307]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-DellTouch - c:\windows\DELLMMKB.EXE


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
IE: {{FA4904B4-1FAF-4afd-886C-C19D2297BA62} - c:\program files\royalvegasMPP\MPPoker.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Shizz\Application Data\Mozilla\Firefox\Profiles\uzguibpg.default\
FF - plugin: c:\documents and settings\Shizz\Application Data\Mozilla\Firefox\Profiles\uzguibpg.default\extensions\[email protected]\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Shizz\Application Data\Mozilla\Firefox\Profiles\uzguibpg.default\extensions\[email protected]\plugins\npSeeTooAddon.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-22 10:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-22 10:53
ComboFix-quarantined-files.txt 2009-05-22 14:53

Pre-Run: 9,066,594,304 bytes free
Post-Run: 9,071,824,896 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

245 --- E O F --- 2009-05-19 03:35

Edited by Shizzmoney, 22 May 2009 - 09:56 AM.

  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Please download OTMoveIt3 by OldTimer
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
    explorer.exe
    
    :Services
    
    :Reg
    
    :Files
    C:\b1q2ygd5.exe
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#7
Shizzmoney

Shizzmoney

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here is the log OTListIT. I wasn't able to run the Kapersky online tool due to the updates having issues installing to my machine, but I was finally able to get mbam to run (w/o having to change the name, suggesting the malware that blocked these programw via word check is no longer there).

The Mbam log is below as well. I didn't run a full scan, but will do so later, although so far so good as *0* malware was found.

I also ran winsockxp and went into cmd.exe~ipconfig/flushdns to take care of the Trojan/DNS Changer remnants on advice from another site. The interwebz are running MUCH faster as a result.

My cpu is running smooth and I actually improved it's performance since I was able to get rid of some other spy/adware that was taking up disk space and system resources, along with the trojans and a backdoor client that was causing the problem (from looking at the logs, and googling some of the trojans and their symptoms, looks like the main culprit was Trojan.DNS Changer and/or Backdoor.Hupigon, both of which were removed by either Spyware Doctor, a-sqaured Anti-malware, and/or Combo-fix).

I *think* I am done, unless you see something in the following log file or have any more suggestions.

If you have a PokerStars handle, Rorschach12, feel free to pm it for the reward.


========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\b1q2ygd5.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Shizz\LOCALS~1\Temp\etilqs_Fyuj4yYRheIlSlmeGKqk scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Shizz\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Shizz\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Shizz\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzguibpg.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Shizz\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzguibpg.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Shizz\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzguibpg.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Shizz\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzguibpg.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Shizz\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzguibpg.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Shizz\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzguibpg.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05222009_142315

Files moved on Reboot...
File C:\DOCUME~1\Shizz\LOCALS~1\Temp\etilqs_Fyuj4yYRheIlSlmeGKqk not found!
C:\DOCUME~1\Shizz\LOCALS~1\Temp\WCESLog.log moved successfully.
C:\Documents and Settings\Shizz\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzguibpg.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Shizz\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzguibpg.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Shizz\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzguibpg.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Shizz\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzguibpg.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Shizz\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzguibpg.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Shizz\Local Settings\Application Data\Mozilla\Firefox\Profiles\uzguibpg.default\XUL.mfl moved successfully.

Malwarebytes' Anti-Malware 1.36
Database version: 2166
Windows 5.1.2600 Service Pack 3

5/22/2009 2:49:28 PM
mbam-log-2009-05-22 (14-49-28).txt

Scan type: Quick Scan
Objects scanned: 89059
Time elapsed: 5 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Shizzmoney, 22 May 2009 - 01:20 PM.

  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
one final scan

post a new OTL Log
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP