Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

btdna.exe removal


  • Please log in to reply

#1
Dark318Magic

Dark318Magic

    New Member

  • Member
  • Pip
  • 1 posts
I don't do any P2P transferring, but I downloaded BitTorrent and then a few minutes later uninstalled it. Yet in my Program Files folder, there is a folder called DNA, which contains btdna.exe (the only file). I've searched on many search engines for ways to remove it (I blocked all my ports in Comodo Firewall, for instance). I've attached a MBAM log, and an OTL/OTL Extra log. Thank you in advance. Antivirus used: NOD32 4.0.437.0

Malwarebytes' Anti-Malware 1.37
Database version: 2252
Windows 5.1.2600 Service Pack 3

6/9/2009 9:58:30 AM
mbam-log-2009-06-09 (09-58-30).txt

Scan type: Full Scan (C:\|)
Objects scanned: 145022
Time elapsed: 33 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL logfile created on: 6/9/2009 10:55:10 AM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2500 3900 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 114.49 Gb Total Space | 89.52 Gb Free Space | 78.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 149.01 Gb Total Space | 27.50 Gb Free Space | 18.45% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: S1098403493
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/05/15 22:31:11 | 00,692,496 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe
PRC - [2003/08/29 09:54:16 | 00,307,200 | ---- | M] (Lexmark International, Inc.) -- C:\WINNT\system32\LEXBCES.EXE
PRC - [2003/08/29 09:50:24 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINNT\system32\LEXPPS.EXE
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\Explorer.EXE
PRC - [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/02/08 10:30:19 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/05/15 22:31:31 | 01,794,320 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cfp.exe
PRC - [2009/05/14 15:47:08 | 02,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/05/26 22:39:41 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/06/09 10:38:54 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/05/15 22:31:11 | 00,692,496 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe -- (cmdAgent [Auto | Running])
SRV - [2009/05/14 15:54:22 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
SRV - [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - File not found -- -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - File not found -- -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/02/08 10:30:19 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/08/29 09:54:16 | 00,307,200 | ---- | M] (Lexmark International, Inc.) -- C:\WINNT\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2003/03/03 14:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - File not found -- -- (NMIndexingService [Disabled | Stopped])
SRV - [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/10/18 22:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 13:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Stopped])
DRV - [2002/04/01 12:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINNT\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2009/05/09 19:40:09 | 00,103,872 | ---- | M] (SlySoft, Inc.) -- C:\WINNT\System32\Drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])
DRV - [2005/04/07 17:18:34 | 00,003,840 | ---- | M] () -- C:\WINNT\System32\Drivers\BANTExt.sys -- (BANTExt [System | Running])
DRV - [2009/05/15 22:32:30 | 00,132,640 | ---- | M] (COMODO) -- C:\WINNT\System32\DRIVERS\cmdguard.sys -- (cmdGuard [System | Running])
DRV - [2009/05/15 22:32:35 | 00,024,096 | ---- | M] (COMODO) -- C:\WINNT\System32\DRIVERS\cmdhlp.sys -- (cmdHlp [System | Running])
DRV - [2003/03/04 12:56:26 | 00,145,408 | ---- | M] (Intel Corporation) -- C:\WINNT\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2009/05/14 15:41:10 | 00,114,472 | ---- | M] (ESET) -- C:\WINNT\system32\DRIVERS\eamon.sys -- (eamon [Auto | Running])
DRV - [2009/05/14 15:47:14 | 00,107,256 | ---- | M] (ESET) -- C:\WINNT\system32\DRIVERS\ehdrv.sys -- (ehdrv [System | Running])
DRV - [2009/02/17 13:11:30 | 00,024,232 | ---- | M] (Elaborate Bytes AG) -- C:\WINNT\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [System | Running])
DRV - [2009/05/14 15:49:32 | 00,094,360 | ---- | M] (ESET) -- C:\WINNT\system32\DRIVERS\epfwtdir.sys -- (epfwtdir [System | Running])
DRV - [2002/08/06 16:24:16 | 01,107,680 | ---- | M] (GTW) -- C:\WINNT\System32\DRIVERS\GWMDM.sys -- (GTWModem [On_Demand | Running])
DRV - [2005/09/20 11:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINNT\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2003/07/02 20:00:00 | 00,274,816 | ---- | M] (Intel Corporation) -- C:\WINNT\System32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2009/05/15 22:32:36 | 00,082,080 | ---- | M] (COMODO) -- C:\WINNT\System32\DRIVERS\inspect.sys -- (Inspect [Boot | Running])
DRV - [2001/08/17 15:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2004/08/04 01:41:38 | 00,126,686 | ---- | M] (Smart Link) -- C:\WINNT\System32\DRIVERS\Mtlmnt5.sys -- (Mtlmnt5 [On_Demand | Stopped])
DRV - [2004/08/04 01:41:37 | 01,309,184 | ---- | M] (Smart Link) -- C:\WINNT\System32\DRIVERS\Mtlstrm.sys -- (Mtlstrm [On_Demand | Stopped])
DRV - [2005/12/24 18:38:13 | 00,028,256 | ---- | M] (MusicMatch, Inc.) -- C:\WINNT\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Stopped])
DRV - [2004/08/04 01:41:39 | 00,180,360 | ---- | M] (Smart Link) -- C:\WINNT\System32\DRIVERS\NtMtlFax.sys -- (NtMtlFax [On_Demand | Stopped])
DRV - [2004/08/04 01:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2001/04/24 00:29:00 | 00,162,969 | ---- | M] (OmniVision Technologies, Inc.) -- C:\WINNT\System32\Drivers\omcamvid.sys -- (OVT511Plus [On_Demand | Stopped])
DRV - [2008/05/24 10:42:21 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINNT\System32\Drivers\Pcouffin.sys -- (Pcouffin [On_Demand | Running])
DRV - [2003/03/21 13:34:08 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINNT\system32\drivers\pfc.sys -- (pfc [On_Demand | Stopped])
DRV - [2003/08/19 18:27:20 | 00,333,520 | ---- | M] (Logitech Inc.) -- C:\WINNT\System32\DRIVERS\CamDrL21.sys -- (PhilCam8116 [On_Demand | Stopped])
DRV - [2008/06/10 13:04:28 | 00,031,048 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running])
DRV - [2003/03/31 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINNT\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/12/11 18:34:50 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINNT\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/04 01:41:39 | 00,013,776 | ---- | M] (Smart Link) -- C:\WINNT\System32\DRIVERS\RecAgent.sys -- (RecAgent [On_Demand | Stopped])
DRV - [2009/03/27 11:17:41 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2008/12/22 12:06:02 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2008/12/22 12:05:58 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINNT\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/08/04 01:41:42 | 00,404,990 | ---- | M] (Smart Link) -- C:\WINNT\System32\DRIVERS\slntamr.sys -- (Slntamr [On_Demand | Stopped])
DRV - [2004/08/04 01:41:44 | 00,095,424 | ---- | M] (Smart Link) -- C:\WINNT\System32\DRIVERS\Slnthal.sys -- (SlNtHal [On_Demand | Stopped])
DRV - [2003/01/17 02:19:32 | 00,039,348 | ---- | M] (Vireo Software) -- C:\WINNT\System32\DRIVERS\SlWdmSup.sys -- (SlWdmSup [On_Demand | Stopped])
DRV - [2003/03/18 12:00:54 | 00,542,976 | ---- | M] (Analog Devices, Inc.) -- C:\WINNT\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINNT\System32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2005/02/02 04:15:14 | 00,196,409 | R--- | M] (Creative Technology Ltd.) -- C:\WINNT\system32\DRIVERS\V0060Vid.sys -- (V0060VID [On_Demand | Stopped])
DRV - [2006/04/22 17:30:12 | 00,122,110 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
DRV - [2006/04/22 17:30:12 | 00,099,002 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3157725431-486860047-3196250572-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3157725431-486860047-3196250572-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\S-1-5-21-3157725431-486860047-3196250572-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-3157725431-486860047-3196250572-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-3157725431-486860047-3196250572-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-3157725431-486860047-3196250572-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKU\S-1-5-21-3157725431-486860047-3196250572-1003\S-1-5-21-3157725431-486860047-3196250572-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3157725431-486860047-3196250572-1003\S-1-5-21-3157725431-486860047-3196250572-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/02/08 10:30:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINNT\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/31 19:30:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/29 19:47:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/06/07 17:35:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2009/03/23 16:14:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2009/05/31 10:05:36 | 00,000,000 | ---D | M]

[2008/12/10 09:00:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2008/12/10 09:00:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008/06/18 00:29:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/09 09:21:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\default.fx8\extensions
[2004/11/28 19:20:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\default.fx8\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2006/09/22 10:41:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\default.fx8\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2004/06/15 13:23:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\default.fx8\extensions\{641d8d09-7dda-4850-8228-ac0ab65e2ac9}
[2004/06/15 13:23:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\default.fx8\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/03/17 01:17:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\default.fx8\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2006/09/22 10:41:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\default.fx8\extensions\TEMP
[2009/06/09 01:47:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\vfn8x9mo.Danyale Oglesby\extensions
[2009/04/17 14:42:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\vfn8x9mo.Danyale Oglesby\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/05/18 02:32:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\vfn8x9mo.Danyale Oglesby\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008/05/26 03:51:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\vfn8x9mo.Danyale Oglesby\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2009/04/17 08:32:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\vfn8x9mo.Danyale Oglesby\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/05/02 08:49:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\vfn8x9mo.Danyale Oglesby\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2007/09/19 16:33:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\vfn8x9mo.Danyale Oglesby\extensions\[email protected]
[2009/06/09 01:47:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/29 19:47:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/04/21 15:34:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/10/26 12:02:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/02/06 00:45:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2008/03/26 17:15:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/02/08 10:30:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/29 19:47:01 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/29 19:47:01 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/05/29 10:24:14 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/05/29 10:24:14 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/05/29 10:24:14 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/14 01:27:47 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/05/29 10:24:14 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/05/29 10:24:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/05/29 10:24:14 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (310663 bytes) - C:\WINNT\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 babe.the-killer.bz
O1 - Hosts: 127.0.0.1 www.babe.the-killer.bz
O1 - Hosts: 127.0.0.1 babe.k-lined.com
O1 - Hosts: 127.0.0.1 www.babe.k-lined.com
O1 - Hosts: 127.0.0.1 did.i-used.cc
O1 - Hosts: 127.0.0.1 www.did.i-used.cc
O1 - Hosts: 127.0.0.1 coolwwwsearch.com
O1 - Hosts: 127.0.0.1 www.coolwwwsearch.com
O1 - Hosts: 127.0.0.1 coolwebsearch.com
O1 - Hosts: 127.0.0.1 www.coolwebsearch.com
O1 - Hosts: 127.0.0.1 hi.studioaperto.net
O1 - Hosts: 127.0.0.1 www.hi.studioaperto.net
O1 - Hosts: 127.0.0.1 wazzupnet.com
O1 - Hosts: 127.0.0.1 www.wazzupnet.com
O1 - Hosts: 127.0.0.1 gueb.com
O1 - Hosts: 127.0.0.1 www.gueb.com
O1 - Hosts: 127.0.0.1 kabex.com
O1 - Hosts: 127.0.0.1 www.kabex.com
O1 - Hosts: 127.0.0.1 hityou.com
O1 - Hosts: 127.0.0.1 www.hityou.com
O1 - Hosts: 127.0.0.1 miosearch.com
O1 - Hosts: 127.0.0.1 www.miosearch.com
O1 - Hosts: 127.0.0.1 blue-elefant.com
O1 - Hosts: 127.0.0.1 www.blue-elefant.com
O1 - Hosts: 10721 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Key error. File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3157725431-486860047-3196250572-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3157725431-486860047-3196250572-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3157725431-486860047-3196250572-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3157725431-486860047-3196250572-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3157725431-486860047-3196250572-1003\..\Toolbar\WebBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3157725431-486860047-3196250572-1003\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-3157725431-486860047-3196250572-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3157725431-486860047-3196250572-1003\..\Toolbar\WebBrowser: (no name) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h ()
O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET)
O4 - HKU\S-1-5-21-3157725431-486860047-3196250572-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3157725431-486860047-3196250572-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3157725431-486860047-3196250572-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3157725431-486860047-3196250572-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-3157725431-486860047-3196250572-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O7 - HKU\S-1-5-21-3157725431-486860047-3196250572-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3157725431-486860047-3196250572-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra Button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - Reg Error: Value error. File not found
O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3157725431-486860047-3196250572-1003\..Trusted Domains: //@[email protected] ([]msni in My Computer)
O15 - HKU\S-1-5-21-3157725431-486860047-3196250572-1003\..Trusted Domains: //@[email protected] ([]msni in Local intranet)
O15 - HKU\S-1-5-21-3157725431-486860047-3196250572-1003\..Trusted Domains: 75 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://support.gatew...r/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (Reg Error: Key error.)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://software-dl.r...ip/RdxIE601.cab (Reg Error: Key error.)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Reg Error: Key error.)
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Reg Error: Key error.)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://www.vzwpix.co...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} http://appdirectory....ap/PhtPkMSN.cab (PhotoPickConvert Class)
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (Reg Error: Key error.)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (Yahoo! MailTo)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (Reg Error: Key error.)
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Plug-in 1.4.2_06)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (Reg Error: Key error.)
O16 - DPF: ConferenceRoom Java Client (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java (Reg Error: Key error.)
O16 - DPF: ppctlcab http://ppupdates.ca....er/ppctlcab.cab (Reg Error: Key error.)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Value error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINNT\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/08 09:59:46 | 00,000,000 | ---D | M] - E:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINNT\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/09 10:54:53 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (smrgdf) - File not found
O34 - HKLM BootExecute: (C:\Program) - File not found
O34 - HKLM BootExecute: (Files\iolo\System) - File not found
O34 - HKLM BootExecute: (Mechanic) - File not found
O34 - HKLM BootExecute: (6\) - File not found
O34 - HKLM BootExecute: (OODBS) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/06/09 10:44:45 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/09 10:38:34 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Owner\Desktop\OTL.exe
[2009/06/09 10:38:17 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\Rooter.exe
[2009/06/09 10:31:39 | 10,280,600 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\SpyHunter-Scanner-Install.exe
[2009/06/09 10:27:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/09 10:27:20 | 00,001,478 | ---- | C] () -- C:\DOCUME~1\Owner\My Documents\cc_20090609_102719.reg
[2009/06/09 09:24:02 | 00,017,464 | ---- | C] () -- C:\DOCUME~1\Owner\My Documents\cc_20090609_092401.reg
[2009/06/09 09:21:08 | 00,208,550 | ---- | C] () -- C:\DOCUME~1\Owner\My Documents\cc_20090609_092105.reg
[2009/06/09 09:07:08 | 00,000,616 | ---- | C] () -- C:\WINNT\RegGenie.ini
[2009/06/09 08:55:52 | 00,161,816 | ---- | C] () -- C:\WINNT\RegGenieOnUninstall.exe
[2009/06/09 08:52:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2009/06/09 08:16:21 | 90,143,372 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\TS-230661.mp3
[2009/06/09 08:16:09 | 00,054,156 | -H-- | C] () -- C:\WINNT\QTFont.qfn
[2009/06/09 08:16:09 | 00,001,409 | ---- | C] () -- C:\WINNT\QTFont.for
[2009/06/08 11:00:33 | 00,001,444 | ---- | C] () -- C:\DOCUME~1\Owner\My Documents\cc_20090608_110031.reg
[2009/06/08 10:48:25 | 00,004,200 | ---- | C] () -- C:\DOCUME~1\Owner\My Documents\cc_20090608_104823.reg
[2009/06/08 10:37:40 | 00,268,288 | ---- | C] () -- C:\DOCUME~1\Owner\My Documents\SBYA Physical Area PST TemplateV2.xls
[2009/06/08 09:57:18 | 00,261,120 | ---- | C] () -- C:\DOCUME~1\Owner\My Documents\USGO Physical Area PST TemplateV2.xls
[2009/06/08 09:55:50 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2009/06/08 09:50:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2009/06/08 09:47:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Microsoft Web Folders
[2009/06/08 09:15:09 | 46,065,270 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\060709.mp3
[2009/06/07 23:44:45 | 00,025,088 | ---- | C] () -- C:\DOCUME~1\Owner\My Documents\Craig BZ letter.doc
[2009/06/07 17:37:24 | 00,176,730 | ---- | C] () -- C:\DOCUME~1\Owner\My Documents\cc_20090607_173722.reg
[2009/06/07 16:47:21 | 00,000,000 | ---D | C] -- C:\Program Files\DNA
[2009/06/04 11:08:31 | 19,222,449 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\060109.mp3
[2009/06/04 10:34:08 | 43,172,832 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\IYH_090603.mp3
[2009/06/02 23:09:10 | 42,034,473 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\btr506.mp3
[2009/05/31 23:41:33 | 30,755,424 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\IYH_090520.mp3
[2009/05/31 19:41:11 | 04,354,176 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\c5a1a2b6-f596-4926-a00f-e62369113bdd.mp3
[2009/05/31 14:36:28 | 26,663,19872 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/31 05:00:24 | 04,731,544 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\SetupAnyDVD6555.exe
[2009/05/27 00:26:19 | 42,224,733 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\btr505.mp3
[2009/05/18 11:26:36 | 00,005,020 | ---- | C] () -- C:\DOCUME~1\Owner\My Documents\VerifyInfo.do.htm
[2009/05/16 17:58:49 | 00,000,754 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\AnyDVD.lnk
[2008/06/08 20:30:43 | 00,168,208 | ---- | C] () -- C:\WINNT\System32\guard32.dll
[2008/06/06 13:24:43 | 00,000,116 | ---- | C] () -- C:\WINNT\NeroDigital.ini
[2008/03/17 08:48:56 | 00,000,050 | ---- | C] () -- C:\WINNT\MegaManager.INI
[2007/12/13 07:42:47 | 00,000,166 | ---- | C] () -- C:\WINNT\MVPSPADE.INI
[2007/12/13 07:32:36 | 00,000,268 | ---- | C] () -- C:\WINNT\MVPCRIB.INI
[2007/12/11 18:34:56 | 03,596,288 | ---- | C] () -- C:\WINNT\System32\qt-dx331.dll
[2007/12/11 18:33:14 | 00,000,416 | ---- | C] () -- C:\WINNT\System32\dtu100.dll.manifest
[2007/12/11 18:33:14 | 00,000,416 | ---- | C] () -- C:\WINNT\System32\dpl100.dll.manifest
[2007/12/11 18:32:28 | 00,012,288 | ---- | C] () -- C:\WINNT\System32\DivXWMPExtType.dll
[2006/11/23 22:20:14 | 00,000,080 | ---- | C] () -- C:\WINNT\xptools.ini
[2006/11/23 22:15:18 | 00,000,053 | ---- | C] () -- C:\WINNT\System32\bn.dll
[2006/09/15 10:11:04 | 00,002,045 | -H-- | C] () -- C:\WINNT\System32\whlpda32e.dll
[2006/07/30 19:37:06 | 00,000,002 | ---- | C] () -- C:\WINNT\System32\vrecorder.dll
[2006/06/23 12:53:42 | 00,000,059 | ---- | C] () -- C:\WINNT\cfgdiag_en.INI
[2006/05/06 16:25:42 | 00,003,840 | ---- | C] () -- C:\WINNT\System32\drivers\BANTExt.sys
[2006/03/18 09:16:04 | 00,540,178 | ---- | C] () -- C:\WINNT\System32\x264vfw.dll
[2006/02/26 19:06:49 | 00,000,088 | RHS- | C] () -- C:\WINNT\System32\A80C068D71.sys
[2006/02/26 03:11:38 | 00,003,350 | -HS- | C] () -- C:\WINNT\System32\KGyGaAvL.sys
[2005/11/26 20:34:30 | 00,000,000 | ---- | C] () -- C:\WINNT\PestPatrol5.INI
[2005/10/23 10:24:17 | 00,684,032 | ---- | C] () -- C:\WINNT\libeay32.dll
[2005/10/23 10:24:17 | 00,155,648 | ---- | C] () -- C:\WINNT\ssleay32.dll
[2005/08/09 18:13:31 | 00,831,488 | ---- | C] () -- C:\WINNT\System32\libeay32.dll_old
[2005/08/09 18:13:31 | 00,159,744 | ---- | C] () -- C:\WINNT\System32\ssleay32.dll
[2005/07/25 09:10:29 | 00,157,696 | ---- | C] () -- C:\WINNT\System32\unrar.dll
[2005/07/25 09:10:28 | 00,019,968 | ---- | C] () -- C:\WINNT\System32\cpuinf32.dll
[2005/07/14 12:31:20 | 00,027,648 | RHS- | C] () -- C:\WINNT\System32\AVSredirect.dll
[2005/07/06 07:17:23 | 00,000,151 | ---- | C] () -- C:\WINNT\PhotoSnapViewer.INI
[2005/06/21 22:37:42 | 00,045,568 | RHS- | C] () -- C:\WINNT\System32\cygz.dll
[2005/05/26 20:46:10 | 00,000,056 | RHS- | C] () -- C:\WINNT\System32\718D060CA8.sys
[2005/05/01 20:05:15 | 00,049,152 | ---- | C] () -- C:\WINNT\System32\FTPStubInstUtils.dll
[2005/04/06 11:27:14 | 00,180,224 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll
[2005/04/06 11:24:40 | 00,765,952 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll
[2005/03/14 18:58:33 | 00,000,068 | ---- | C] () -- C:\WINNT\DVDRegionFree.INI
[2005/03/14 18:44:57 | 00,000,107 | ---- | C] () -- C:\WINNT\VobEdit.INI
[2005/02/13 20:50:44 | 00,000,026 | ---- | C] () -- C:\WINNT\dvdSanta.INI
[2004/10/26 18:39:05 | 03,375,104 | ---- | C] () -- C:\WINNT\System32\qt-mt331.dll
[2004/05/23 06:39:30 | 00,000,022 | ---- | C] () -- C:\WINNT\FLASHKSK.INI
[2004/05/23 06:39:29 | 00,155,648 | ---- | C] ( ) -- C:\WINNT\System32\flashshl.dll
[2004/05/23 06:39:25 | 00,000,468 | ---- | C] () -- C:\WINNT\LXBRFMT.INI
[2004/05/23 06:39:21 | 00,003,206 | ---- | C] () -- C:\WINNT\LXBRCAH.ini
[2004/05/23 06:39:18 | 00,002,174 | ---- | C] () -- C:\WINNT\System32\LXBRSET.INI
[2004/05/23 06:30:12 | 00,000,336 | ---- | C] () -- C:\WINNT\lexstat.ini
[2004/05/23 06:29:40 | 00,040,960 | ---- | C] () -- C:\WINNT\System32\lxbrvs.dll
[2004/05/23 06:28:54 | 00,000,181 | ---- | C] () -- C:\WINNT\System32\lxbrcoin.ini
[2004/03/04 10:24:58 | 00,000,639 | ---- | C] () -- C:\WINNT\M3JPEG.INI
[2004/02/13 03:20:09 | 00,000,033 | ---- | C] () -- C:\WINNT\LVMMail.INI
[2004/01/27 16:06:03 | 00,385,024 | ---- | C] () -- C:\WINNT\System32\GeoCtl.dll
[2004/01/24 19:18:36 | 00,014,938 | ---- | C] () -- C:\WINNT\System32\lvcoinst.ini
[2004/01/10 19:16:33 | 00,000,241 | ---- | C] () -- C:\WINNT\QSync.INI
[2003/12/27 19:31:12 | 00,000,026 | ---- | C] () -- C:\WINNT\dswplug.ini
[2003/12/27 19:06:44 | 00,000,038 | ---- | C] () -- C:\WINNT\RealityFusion.ini
[2003/12/27 19:05:06 | 00,000,052 | ---- | C] () -- C:\WINNT\Pex.INI
[2003/12/27 18:47:57 | 00,000,012 | ---- | C] () -- C:\WINNT\intercom.ini
[2003/12/23 12:07:41 | 00,001,978 | ---- | C] () -- C:\WINNT\WinInit.Ini
[2003/12/21 18:17:24 | 00,000,002 | ---- | C] () -- C:\WINNT\msoffice.ini
[2003/12/20 22:53:25 | 00,000,031 | ---- | C] () -- C:\WINNT\AuthMgr.INI
[2003/12/04 11:28:25 | 00,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2003/10/16 11:58:42 | 00,466,944 | ---- | C] () -- C:\WINNT\System32\SLLights.dll
[2003/10/16 11:58:42 | 00,151,552 | ---- | C] () -- C:\WINNT\System32\amr_cpl.dll
[2003/10/16 11:58:42 | 00,014,976 | ---- | C] ( ) -- C:\WINNT\System32\drivers\winddx.sys
[2003/10/15 11:15:29 | 00,049,152 | ---- | C] () -- C:\WINNT\System32\coinst.dll
[2003/10/14 17:56:53 | 00,000,842 | ---- | C] () -- C:\WINNT\QUICKEN.INI
[2003/10/14 17:56:05 | 00,000,370 | ---- | C] () -- C:\WINNT\ODBC.INI
[2003/10/14 17:53:24 | 00,028,672 | ---- | C] () -- C:\WINNT\System32\JAWTAccessBridge.dll
[2003/10/14 17:50:22 | 00,094,208 | ---- | C] () -- C:\WINNT\System32\PCDrKernelModeServices.dll
[2003/10/14 17:50:22 | 00,077,824 | ---- | C] () -- C:\WINNT\System32\ProgressTrace.dll
[2003/10/14 17:49:24 | 00,000,571 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2003/10/06 15:57:12 | 00,000,770 | ---- | C] () -- C:\WINNT\orun32.ini
[2003/10/06 15:40:33 | 00,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\WINNT\System32\MSRTEDIT.DLL
[1998/08/16 07:00:00 | 00,004,096 | ---- | C] () -- C:\WINNT\System32\sysres.dll
[1980/01/01 01:00:00 | 00,012,288 | ---- | C] () -- C:\WINNT\System32\e100bmsg.dll
[1980/01/01 01:00:00 | 00,000,736 | ---- | C] () -- C:\WINNT\win.ini
[1980/01/01 01:00:00 | 00,000,227 | ---- | C] () -- C:\WINNT\SYSTEM.INI

========== Files - Modified Within 30 Days ==========

[3 C:\WINNT\*.tmp files]
[2009/06/09 10:38:54 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Owner\Desktop\OTL.exe
[2009/06/09 10:38:18 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\Rooter.exe
[2009/06/09 10:31:57 | 10,280,600 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\SpyHunter-Scanner-Install.exe
[2009/06/09 10:27:24 | 00,001,478 | ---- | M] () -- C:\DOCUME~1\Owner\My Documents\cc_20090609_102719.reg
[2009/06/09 10:08:05 | 00,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2009/06/09 10:07:15 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\desktop.ini
[2009/06/09 10:07:13 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2009/06/09 10:07:05 | 00,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2009/06/09 10:07:00 | 26,663,19872 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/09 10:01:33 | 00,000,559 | ---- | M] () -- C:\DOCUME~1\Owner\My Documents\My Sharing Folders.lnk
[2009/06/09 09:24:05 | 00,017,464 | ---- | M] () -- C:\DOCUME~1\Owner\My Documents\cc_20090609_092401.reg
[2009/06/09 09:21:13 | 00,208,550 | ---- | M] () -- C:\DOCUME~1\Owner\My Documents\cc_20090609_092105.reg
[2009/06/09 09:07:14 | 00,000,616 | ---- | M] () -- C:\WINNT\RegGenie.ini
[2009/06/09 08:40:37 | 00,001,978 | ---- | M] () -- C:\WINNT\WinInit.Ini
[2009/06/09 08:17:49 | 90,143,372 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\TS-230661.mp3
[2009/06/09 08:16:09 | 00,054,156 | -H-- | M] () -- C:\WINNT\QTFont.qfn
[2009/06/09 08:16:09 | 00,001,409 | ---- | M] () -- C:\WINNT\QTFont.for
[2009/06/08 11:00:36 | 00,001,444 | ---- | M] () -- C:\DOCUME~1\Owner\My Documents\cc_20090608_110031.reg
[2009/06/08 10:56:17 | 00,313,176 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2009/06/08 10:54:56 | 00,000,736 | ---- | M] () -- C:\WINNT\win.ini
[2009/06/08 10:54:56 | 00,000,227 | ---- | M] () -- C:\WINNT\SYSTEM.INI
[2009/06/08 10:54:56 | 00,000,207 | RHS- | M] () -- C:\boot.ini
[2009/06/08 10:48:31 | 00,004,200 | ---- | M] () -- C:\DOCUME~1\Owner\My Documents\cc_20090608_104823.reg
[2009/06/08 10:38:45 | 00,268,288 | ---- | M] () -- C:\DOCUME~1\Owner\My Documents\SBYA Physical Area PST TemplateV2.xls
[2009/06/08 09:57:06 | 00,261,120 | ---- | M] () -- C:\DOCUME~1\Owner\My Documents\USGO Physical Area PST TemplateV2.xls
[2009/06/08 09:52:27 | 00,000,370 | ---- | M] () -- C:\WINNT\ODBC.INI
[2009/06/08 09:15:56 | 46,065,270 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\060709.mp3
[2009/06/08 00:01:54 | 00,022,016 | ---- | M] () -- C:\DOCUME~1\Owner\My Documents\Reunion letter.doc
[2009/06/08 00:01:54 | 00,000,618 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2009/06/07 23:44:46 | 00,025,088 | ---- | M] () -- C:\DOCUME~1\Owner\My Documents\Craig BZ letter.doc
[2009/06/07 17:37:29 | 00,176,730 | ---- | M] () -- C:\DOCUME~1\Owner\My Documents\cc_20090607_173722.reg
[2009/06/07 11:13:56 | 00,000,116 | ---- | M] () -- C:\WINNT\NeroDigital.ini
[2009/06/04 11:09:03 | 19,222,449 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\060109.mp3
[2009/06/04 10:45:01 | 43,172,832 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\IYH_090603.mp3
[2009/06/04 02:12:35 | 00,310,663 | R--- | M] () -- C:\WINNT\System32\drivers\etc\hosts
[2009/06/02 23:10:29 | 42,034,473 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\btr506.mp3
[2009/05/31 23:46:43 | 30,755,424 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\IYH_090520.mp3
[2009/05/31 19:41:16 | 04,354,176 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\c5a1a2b6-f596-4926-a00f-e62369113bdd.mp3
[2009/05/31 12:49:25 | 00,000,801 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\AusLogics Disk Defrag.lnk
[2009/05/31 05:00:35 | 04,731,544 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\SetupAnyDVD6555.exe
[2009/05/30 13:43:09 | 00,310,253 | R--- | M] () -- C:\WINNT\System32\drivers\etc\hosts.20090604-021235.backup
[2009/05/29 17:15:00 | 00,000,390 | ---- | M] () -- C:\WINNT\tasks\1-Click Maintenance.job
[2009/05/28 07:39:57 | 00,001,548 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\CCleaner.lnk
[2009/05/27 00:27:27 | 42,224,733 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\btr505.mp3
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2009/05/26 02:10:55 | 00,309,975 | R--- | M] () -- C:\WINNT\System32\drivers\etc\hosts.20090530-134309.backup
[2009/05/18 11:26:37 | 00,005,020 | ---- | M] () -- C:\DOCUME~1\Owner\My Documents\VerifyInfo.do.htm
[2009/05/16 17:58:49 | 00,000,754 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\AnyDVD.lnk
[2009/05/15 22:32:37 | 00,168,208 | ---- | M] () -- C:\WINNT\System32\guard32.dll
[2009/05/15 22:32:36 | 00,082,080 | ---- | M] (COMODO) -- C:\WINNT\System32\drivers\inspect.sys
[2009/05/15 22:32:35 | 00,024,096 | ---- | M] (COMODO) -- C:\WINNT\System32\drivers\cmdhlp.sys
[2009/05/15 22:32:30 | 00,132,640 | ---- | M] (COMODO) -- C:\WINNT\System32\drivers\cmdguard.sys
[2009/05/14 15:49:32 | 00,094,360 | ---- | M] (ESET) -- C:\WINNT\System32\drivers\epfwtdir.sys
[2009/05/14 15:47:14 | 00,107,256 | ---- | M] (ESET) -- C:\WINNT\System32\drivers\ehdrv.sys
[2009/05/14 15:41:10 | 00,114,472 | ---- | M] (ESET) -- C:\WINNT\System32\drivers\eamon.sys
[2009/05/14 12:34:06 | 00,309,616 | R--- | M] () -- C:\WINNT\System32\drivers\etc\hosts.20090526-021055.backup

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

OTL Extras logfile created on: 6/9/2009 10:55:10 AM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2500 3900 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 114.49 Gb Total Space | 89.52 Gb Free Space | 78.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 149.01 Gb Total Space | 27.50 Gb Free Space | 18.45% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: S1098403493
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL "%l"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2009/03/18 18:50:30 | 04,363,504 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2009/06/07 16:47:21 | 00,321,344 | ---- | M] () -- C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}" = ESET NOD32 Antivirus
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369B36BE-3D64-4641-9AEA-808D436FE130}" = Microsoft Picture It! Express 7.0
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{472BAE05-68E8-44A9-B496-8FB0C0F57ACF}" = Comcast Assisted Support Controls
"{485C28E6-7E8C-40E4-BCFE-6E85B1F46D7A}" = TMPGEnc 4.0 XPress
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{54DD126C-E5F5-404C-B4B7-66DF7FD4F2FF}" = MSSoap
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{584A1ECC-00AB-4FCC-B6AE-172741F32ABC}_is1" = DVD Rebuilder
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.107
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E195741-FCB9-460F-AE21-F7E71D06C3DB}" = TSUNAMI-MPEG DVD EasyPack
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A7CE063-019E-4675-99FF-93600C83C23E}" = TMPGEnc DVD Source Creator 4
"{9CD89DD7-234A-4801-9D87-3DE352E146A0}" = TMPGEnc DVD Author 1.6
"{9F7FC79B-3059-4264-9450-39EB368E3220}" = Microsoft Picture It! Library 9
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C14FFD6A-FB55-4993-93FE-32E221D50AAC}" = Mega Manager
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{EC25B803-4BDB-47F7-B877-FCE7D7966C0F}" = Visual C++ CRT 9.0 SP1
"{F10082FE-BACB-4E58-A423-DAD6BFC8B3A2}" = Gateway Ink Monitor
"AC3ACM" = AC-3 ACM Codec
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"AviSynth" = AviSynth 2.5
"Boilsoft Video Joiner_is1" = Boilsoft Video Joiner 5.32
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CCleaner" = CCleaner (remove only)
"Cinema Craft Encoder Basic" = Cinema Craft Encoder Basic
"COMODO Firewall Pro" = COMODO Firewall Pro
"Creative VF0060" = Creative WebCam Live! Ultra Driver (1.01.03.0127)
"Creative WebCam Center" = Creative WebCam Center
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
"EasyChange Powered by TrueSwitch" = EasyChange Powered by TrueSwitch
"Gateway Drivers and Applications Recovery" = Gateway Drivers and Applications Recovery
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ImgBurn" = ImgBurn
"IsoBuster_is1" = IsoBuster 2.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = Nero Digital
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa2" = Picasa 2
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealAlt_is1" = Real Alternative 1.8.4
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"RipIt4Me" = RipIt4Me
"SendSpaceWizard" = SendSpace Wizard
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3157725431-486860047-3196250572-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/8/2009 10:29:08 AM | Computer Name = S1098403493 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 2/8/2009 10:29:08 AM | Computer Name = S1098403493 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 2/13/2009 8:49:56 AM | Computer Name = S1098403493 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: 403 (HTTP Response Status)

Error - 2/13/2009 12:29:37 PM | Computer Name = S1098403493 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/1/2009 10:47:43 PM | Computer Name = S1098403493 | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module wmp.dll, version 11.0.5721.5230, fault address 0x00171b62.

Error - 5/1/2009 11:45:51 AM | Computer Name = S1098403493 | Source = Application Error | ID = 1000
Description = Faulting application megamanager.exe, version 3.2.0.0, faulting module
megamanager.exe, version 3.2.0.0, fault address 0x0010719a.

Error - 5/1/2009 11:46:17 AM | Computer Name = S1098403493 | Source = Application Error | ID = 1000
Description = Faulting application megamanager.exe, version 3.2.0.0, faulting module
megamanager.exe, version 3.2.0.0, fault address 0x0010719a.

Error - 5/1/2009 11:47:59 AM | Computer Name = S1098403493 | Source = Application Error | ID = 1000
Description = Faulting application megamanager.exe, version 3.2.0.0, faulting module
megamanager.exe, version 3.2.0.0, fault address 0x0010719a.

Error - 5/1/2009 12:39:09 PM | Computer Name = S1098403493 | Source = Application Error | ID = 1000
Description = Faulting application _is7f3.exe, version 12.0.0.58855, faulting module
unknown, version 0.0.0.0, fault address 0x027c2e20.

Error - 6/8/2009 9:52:26 AM | Computer Name = S1098403493 | Source = MsiInstaller | ID = 11919
Description = Product: Microsoft Office 2000 Professional -- Error 1919. Error configuring
ODBC data source: MS Access Database, ODBC error 6: Component not found in the
registry. Verify that the file MS Access Database exists and that you can access
it.

[ System Events ]
Error - 2/8/2009 11:23:07 AM | Computer Name = S1098403493 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 2/8/2009 11:23:09 AM | Computer Name = S1098403493 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 2/8/2009 11:23:12 AM | Computer Name = S1098403493 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 2/8/2009 11:23:14 AM | Computer Name = S1098403493 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 2/9/2009 1:23:16 PM | Computer Name = S1098403493 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 2/9/2009 1:24:01 PM | Computer Name = S1098403493 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 2/10/2009 12:30:38 AM | Computer Name = S1098403493 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 2/10/2009 11:40:49 AM | Computer Name = S1098403493 | Source = Dhcp | ID = 1002
Description = The IP address lease 98.211.90.210 for the Network Card with network
address 000CF195FF44 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 2/10/2009 11:41:10 AM | Computer Name = S1098403493 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.2 for the Network Card with network
address 000CF195FF44 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 2/13/2009 8:53:30 AM | Computer Name = S1098403493 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP