[roman989]

Win32 Hupigon LIE
Win32 Crypt EKF
Win32 Cloaker
Win32 Tiny-II
I continuously remove these and they continuously come straight back, delete screen name and make a new one and they instantly transfer over i keep getting a windows explorer close message untill i end a certain process in the task manager i dont know exactly which one yet these also slow my internet explorer down by ten times unless i continuously end certain processes in the task manager one of the SVCHOST being one of them that i remove to speed the internet up.. this is sucking what can i do

[Advertisements]

Firstly I will need to look at your system

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop

• Close ALL OTHER PROGRAMS.
• Double-click on OTS.exe to start the program.
• Check the box that says Scan All Users
• Check the box that says 64 bit
• Under Additional Scans check the following:
  • File - Lop Check
  • File - Purity Scan
  • Evnt - EvtViewer (last 10)
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

[Essexboy]

Firstly I will need to look at your system

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop

• Close ALL OTHER PROGRAMS.
• Double-click on OTS.exe to start the program.
• Check the box that says Scan All Users
• Check the box that says 64 bit
• Under Additional Scans check the following:
  • File - Lop Check
  • File - Purity Scan
  • Evnt - EvtViewer (last 10)
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

[roman989]

OTS logfile created on: 6/20/2009 11:47:58 AM - Run 1

OTS by OldTimer - Version 3.0.7.0	 Folder = C:\Documents and Settings\j\Desktop

Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2800.1106)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1022.00 Mb Total Physical Memory | 747.69 Mb Available Physical Memory | 73.16% Memory free

1.09 Gb Paging File | 0.93 Gb Available in Paging File | 85.11% Paging File free

Paging file location(s): C:\pagefile.sys 192 384 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.24 Gb Total Space | 8.73 Gb Free Space | 23.46% Space Free | Partition Type: NTFS

Drive D: | 533.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: FOUR20

Current User Name: j

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: Off

File Age = 30 Days

 

[Processes - Safe List]

explorer.exe -> C:\WINDOWS\explorer.exe -> [2002/08/29 04:00:00 | 01,004,032 | ---- | M] (Microsoft Corporation)

iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2002/08/29 04:00:00 | 00,091,136 | ---- | M] (Microsoft Corporation)

ots.exe -> C:\Documents and Settings\j\Desktop\OTS.exe -> [2009/06/20 11:46:38 | 00,510,464 | ---- | M] (OldTimer Tools)

taskmgr.exe -> C:\WINDOWS\System32\taskmgr.exe -> [2002/08/29 04:00:00 | 00,128,512 | ---- | M] (Microsoft Corporation)

 

[Win32 Services - Safe List]

(AOL ACS) AOL Connectivity Service [Win32_Own | Disabled | Stopped] -> C:\Program Files\Common Files\AOL\ACS\acsd.exe -> [2003/08/06 16:58:26 | 01,376,360 | ---- | M] (America Online, Inc.)

(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> [2003/02/20 19:19:38 | 00,032,768 | ---- | M] (Microsoft Corporation)

(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -> [2009/02/05 15:01:25 | 00,018,752 | ---- | M] (ALWIL Software)

(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Stopped] -> C:\Program Files\Alwil Software\Avast4\ashServ.exe -> [2009/02/05 15:08:40 | 00,138,680 | ---- | M] (ALWIL Software)

(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -> [2009/02/05 15:08:26 | 00,254,040 | ---- | M] (ALWIL Software)

(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -> [2009/02/05 15:06:04 | 00,352,920 | ---- | M] (ALWIL Software)

(ccEvtMgr) Symantec Event Manager [Win32_Own | Disabled | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -> [2003/11/21 15:04:56 | 00,255,136 | ---- | M] (Symantec Corporation)

(ccPwdSvc) Symantec Password Validation [Win32_Own | Disabled | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -> [2003/11/21 15:04:56 | 00,087,200 | ---- | M] (Symantec Corporation)

(ccSetMgr) Symantec Settings Manager [Win32_Own | Disabled | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -> [2003/11/21 15:04:56 | 00,234,656 | ---- | M] (Symantec Corporation)

(driver) driver [Win32_Shared | Auto | Running] -> C:\Program Files\driver\driver.dll -> [2009/06/19 14:47:32 | 00,037,376 | ---- | M] ()

(gusvc) Google Software Updater [Win32_Own | Disabled | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/04/22 22:00:18 | 00,182,768 | ---- | M] (Google)

(helpsvc) Help and Support [Win32_Shared | Auto | Stopped] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2002/08/29 04:00:00 | 00,029,696 | ---- | M] (Microsoft Corporation)

(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Stopped] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/02/12 20:15:53 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)

(navapsvc) Norton AntiVirus Auto Protect Service [Win32_Own | Disabled | Stopped] ->  -> File not found

(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Intel\NCS\Sync\NetSvc.exe -> [2003/03/03 13:33:40 | 00,143,360 | ---- | M] (Intel(R) Corporation)

(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> C:\WINDOWS\System32\nvsvc32.exe -> [2007/04/19 13:26:00 | 00,159,810 | ---- | M] (NVIDIA Corporation)

(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -> [2003/11/21 15:05:04 | 00,197,896 | ---- | M] (Symantec Corporation)

(SNMP) SNMP Service [Win32_Own | Auto | Stopped] -> C:\WINDOWS\System32\snmp.exe -> [2002/08/29 04:00:00 | 00,029,696 | ---- | M] (Microsoft Corporation)

(UMWdf) Windows User Mode Driver Framework [Win32_Own | Auto | Stopped] -> C:\WINDOWS\System32\wdfmgr.exe -> [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation)

(uploadmgr) Upload Manager [Win32_Shared | Auto | Stopped] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2002/08/29 04:00:00 | 00,029,696 | ---- | M] (Microsoft Corporation)

(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Stopped] -> C:\WINDOWS\wanmpsvc.exe -> [2003/01/10 17:13:04 | 00,065,536 | ---- | M] (America Online, Inc.)

(wmcmgc) Windows Management Configuration [Win32_Own | Auto | Stopped] -> C:\WINDOWS\System32\icm64.dll -> [2002/08/29 04:00:00 | 13,626,368 | -HS- | M] (Microsoft Corporation)

 

[Driver Services - Safe List]

(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\aavmker4.sys -> [2009/02/05 15:05:11 | 00,026,944 | ---- | M] (ALWIL Software)

(aeaudio) aeaudio [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\aeaudio.sys -> [2002/04/01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation)

(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.3.0 [Kernel | Auto | Running] -> C:\WINDOWS\System32\DRIVERS\AegisP.sys -> [2009/05/15 11:40:02 | 00,020,747 | ---- | M] (Meetinghouse Data Communications)

(AliIde) AliIde [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\aliide.sys -> [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)

(amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\amdagp.sys -> [2001/08/17 12:58:02 | 00,027,648 | ---- | M] (Advanced Micro Devices, Inc.)

(asc) asc [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\asc.sys -> [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)

(asc3550) asc3550 [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\asc3550.sys -> [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)

(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> C:\WINDOWS\System32\drivers\aswmon2.sys -> [2009/02/05 15:08:10 | 00,094,032 | ---- | M] (ALWIL Software)

(aswRdr) aswRdr [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\aswRdr.sys -> [2009/02/05 15:06:10 | 00,023,152 | ---- | M] (ALWIL Software)

(aswSP) avast! Self Protection [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\aswSP.sys -> [2009/02/05 15:07:23 | 00,114,768 | ---- | M] (ALWIL Software)

(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\aswTdi.sys -> [2009/02/05 15:06:20 | 00,051,376 | ---- | M] (ALWIL Software)

(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -> [2003/06/30 19:11:52 | 00,043,136 | R--- | M] (Broadcom Corporation)

(BCMModem) BCM V.92 56K Modem [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\BCMSM.sys -> [2003/06/02 04:00:30 | 01,101,696 | ---- | M] (Broadcom Corporation)

(bvrp_pci) bvrp_pci [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\bvrp_pci.sys -> [2003/08/28 17:58:40 | 00,004,272 | R--- | M] ()

(CmdIde) CmdIde [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\cmdide.sys -> [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)

(dac2w2k) dac2w2k [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -> [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)

(driverdrv) driverdrv [Kernel | System | Running] -> C:\Program Files\driver\driver.sys -> [2009/06/19 14:47:32 | 00,009,472 | ---- | M] (driver)

(drvmcdb) drvmcdb [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\drvmcdb.sys -> [2003/07/31 03:21:00 | 00,084,576 | ---- | M] (Sonic Solutions)

(drvnddm) drvnddm [File_System | Auto | Running] -> C:\WINDOWS\System32\drivers\drvnddm.sys -> [2003/06/20 02:56:00 | 00,040,448 | ---- | M] (Sonic Solutions)

(EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -> [2001/08/17 11:11:06 | 00,066,591 | ---- | M] (3Com Corporation)

(GTNDIS5) GTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Belkin\F5D7050v3\GTNDIS5.sys -> [2003/09/25 22:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))

(i81x) i81x [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\i81xnt5.sys -> [2001/08/17 11:49:18 | 00,138,240 | ---- | M] (Intel Corporation)

(iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wADV01nt.sys -> [2001/08/17 11:49:22 | 00,012,672 | ---- | M] (Intel Corporation)

(iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wADV02NT.sys -> [2001/08/17 11:49:26 | 00,012,288 | ---- | M] (Intel Corporation)

(iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wADV05NT.sys -> [2001/08/17 11:49:32 | 00,012,032 | ---- | M] (Intel Corporation)

(iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys -> [2001/08/17 11:49:54 | 00,012,160 | ---- | M] (Intel Corporation)

(iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys -> [2001/08/17 11:49:58 | 00,018,688 | ---- | M] (Intel Corporation)

(iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wATV01nt.sys -> [2001/08/17 11:49:34 | 00,029,440 | ---- | M] (Intel Corporation)

(iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wATV02NT.sys -> [2001/08/17 11:49:36 | 00,019,456 | ---- | M] (Intel Corporation)

(iAimTV2) iAimTV2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wATV03nt.sys -> [2001/08/17 11:49:42 | 00,044,928 | ---- | M] (Intel Corporation)

(iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wATV04nt.sys -> [2001/08/17 11:49:46 | 00,031,104 | ---- | M] (Intel Corporation)

(iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys -> [2001/08/17 11:49:50 | 00,023,680 | ---- | M] (Intel Corporation)

(ialm) ialm [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -> [2003/04/15 09:39:46 | 00,090,907 | ---- | M] (Intel Corporation)

(mcdbus) Driver for MagicISO SCSI Host Controller [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\mcdbus.sys -> [2009/02/24 18:42:14 | 00,116,736 | ---- | M] (MagicISO, Inc.)

(mraid35x) mraid35x [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\mraid35x.sys -> [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)

(MxlW2k) MxlW2k [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\MxlW2k.sys -> [2009/06/19 18:22:28 | 00,028,256 | ---- | M] (MusicMatch, Inc.)

(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -> [2007/04/19 13:26:00 | 03,988,384 | ---- | M] (NVIDIA Corporation)

(omci) OMCI WDM Device Driver [Kernel | System | Running] -> C:\WINDOWS\System32\DRIVERS\omci.sys -> [2002/11/08 12:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation)

(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ptilink.sys -> [2002/08/29 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)

(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -> [2008/08/20 11:58:58 | 00,044,944 | ---- | M] (Sonic Solutions)

(ql1080) ql1080 [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\ql1080.sys -> [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)

(ql12160) ql12160 [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\ql12160.sys -> [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)

(ql1280) ql1280 [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\ql1280.sys -> [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)

(RT73) Belkin Wireless 54G USB Network Adapter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\rt73.sys -> [2007/10/02 04:06:40 | 00,451,968 | ---- | M] (Ralink Technology, Corp.)

(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\secdrv.sys -> [2002/08/29 04:00:00 | 00,027,440 | ---- | M] ()

(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\sisagp.sys -> [2001/08/17 12:58:02 | 00,026,112 | ---- | M] (Silicon Integrated Systems Corporation)

(smwdm) smwdm [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\smwdm.sys -> [2003/05/06 08:14:34 | 00,580,992 | ---- | M] (Analog Devices, Inc.)

(Sparrow) Sparrow [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\sparrow.sys -> [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)

(sscdbhk5) sscdbhk5 [File_System | System | Running] -> C:\WINDOWS\System32\drivers\sscdbhk5.sys -> [2003/07/14 11:28:40 | 00,005,621 | ---- | M] (Sonic Solutions)

(ssrtln) ssrtln [File_System | System | Running] -> C:\WINDOWS\System32\drivers\ssrtln.sys -> [2003/07/14 11:28:22 | 00,023,219 | ---- | M] (Sonic Solutions)

(symc810) symc810 [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\symc810.sys -> [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)

(symc8xx) symc8xx [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\symc8xx.sys -> [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic)

(SymEvent) SymEvent [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\SYMEVENT.SYS -> [2003/11/21 15:05:02 | 00,082,136 | ---- | M] (Symantec Corporation)

(SYMREDRV) SYMREDRV [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -> [2003/11/21 15:05:04 | 00,016,328 | ---- | M] (Symantec Corporation)

(SYMTDI) SYMTDI [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\SYMTDI.SYS -> [2003/11/21 15:05:04 | 00,263,240 | ---- | M] (Symantec Corporation)

(sym_hi) sym_hi [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\sym_hi.sys -> [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic)

(sym_u3) sym_u3 [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\sym_u3.sys -> [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic)

(tfsnboio) tfsnboio [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsnboio.sys -> [2003/08/06 01:04:00 | 00,025,685 | ---- | M] (Sonic Solutions)

(tfsncofs) tfsncofs [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsncofs.sys -> [2003/08/06 01:04:00 | 00,034,837 | ---- | M] (Sonic Solutions)

(tfsndrct) tfsndrct [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsndrct.sys -> [2003/08/06 01:04:00 | 00,004,117 | ---- | M] (Sonic Solutions)

(tfsndres) tfsndres [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsndres.sys -> [2003/08/06 01:04:00 | 00,002,233 | ---- | M] (Sonic Solutions)

(tfsnifs) tfsnifs [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsnifs.sys -> [2003/08/06 01:04:00 | 00,083,284 | ---- | M] (Sonic Solutions)

(tfsnopio) tfsnopio [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsnopio.sys -> [2003/08/06 01:04:00 | 00,014,229 | ---- | M] (Sonic Solutions)

(tfsnpool) tfsnpool [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsnpool.sys -> [2003/08/06 01:04:00 | 00,006,357 | ---- | M] (Sonic Solutions)

(tfsnudf) tfsnudf [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsnudf.sys -> [2003/08/06 01:04:00 | 00,098,068 | ---- | M] (Sonic Solutions)

(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> C:\WINDOWS\System32\dla\tfsnudfa.sys -> [2003/08/06 01:04:00 | 00,100,373 | ---- | M] (Sonic Solutions)

(ultra) ultra [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\ultra.sys -> [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)

(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\wanatw4.sys -> [2003/01/10 17:13:04 | 00,033,588 | ---- | M] (America Online, Inc.)

({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\ialmsbw.sys -> [2003/04/15 09:40:54 | 00,113,504 | ---- | M] (Intel Corporation)

({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\ialmkchw.sys -> [2003/04/15 09:40:46 | 00,078,752 | ---- | M] (Intel Corporation)

 

[Registry - Safe List]

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 

HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.google.com/ie -> 

HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.dell4me.com/myway -> 

HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 

HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 

< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 

HKEY_USERS\.DEFAULT\: Main\\"Default_Page_URL" -> http://www.dell4me.com/myway -> 

HKEY_USERS\.DEFAULT\: Main\\"First Home Page" -> http://www.dell4me.com/myway -> 

HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.dell4me.com/myway -> 

HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 

< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 

HKEY_USERS\S-1-5-18\: Main\\"Default_Page_URL" -> http://www.dell4me.com/myway -> 

HKEY_USERS\S-1-5-18\: Main\\"First Home Page" -> http://www.dell4me.com/myway -> 

HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.dell4me.com/myway -> 

HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 

< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 

HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 -> 

< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 

HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> 

< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\] > -> -> 

HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\: Main\\"Default_Page_URL" -> http://www.dell4me.com/myway -> 

HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\: Main\\"Local Page" -> C:\WINDOWS\System32\blank.htm -> 

HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\: Main\\"Search Page" -> http://www.google.com -> 

HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\: Main\\"Start Page" -> http://www.dell4me.com/myway -> 

HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 

HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 

HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\: SearchURL\\"provider" -> gogl -> 

HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\: "ProxyEnable" -> 0 -> 

< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\j\Application Data\Mozilla\FireFox\Profiles\2jem6sr2.default\prefs.js -> 

extensions.enabledItems -> {7c5c0f58-e061-457d-9033-77307f5ed00c}:1.5.39.0 ->

extensions.enabledItems -> [email protected]:1.0 ->

extensions.enabledItems -> {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 ->

extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 ->

< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

HKLM\software\mozilla\Firefox\extensions ->  -> 

HKLM\software\mozilla\Firefox\extensions\\[email protected] -> C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/02/12 20:15:54 | 00,000,000 | ---D | M]

HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD] -> [2009/05/24 01:08:22 | 00,000,000 | ---D | M]

HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions ->  -> 

HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components -> C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/06/16 02:57:57 | 00,000,000 | ---D | M]

HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/05/07 22:03:02 | 00,000,000 | ---D | M]

< FireFox Extensions [User Folders] > -> 

 -> C:\Documents and Settings\j\Application Data\mozilla\Extensions -> [2009/06/19 22:34:08 | 00,000,000 | ---D | M]

 -> C:\Documents and Settings\j\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/06/19 22:34:08 | 00,000,000 | ---D | M]

 -> C:\Documents and Settings\j\Application Data\mozilla\Firefox\Profiles\2jem6sr2.default\extensions -> [2009/06/19 23:11:28 | 00,098,116 | ---- | M] ()

< FireFox Extensions [Program Folders] > -> 

 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009/05/07 22:03:01 | 09,756,664 | ---- | M] (Mozilla Foundation)

 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} -> [2009/05/07 22:03:01 | 09,756,664 | ---- | M] (Mozilla Foundation)

 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c} -> [2009/05/07 22:03:01 | 09,756,664 | ---- | M] (Mozilla Foundation)

 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/05/07 22:03:01 | 09,756,664 | ---- | M] (Mozilla Foundation)

< FireFox Components [Program Folders] > -> 

C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/06/16 02:57:57 | 00,000,000 | ---D | M]

browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/05/07 22:02:35 | 00,023,032 | ---- | M] (Mozilla Foundation)

brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/05/07 22:02:35 | 00,134,648 | ---- | M] (Mozilla Foundation)

GoogleDesktopMozilla.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\GoogleDesktopMozilla.dll -> [2009/02/16 16:27:55 | 00,123,392 | ---- | M] ()

< FireFox Plugins [Program Folders] > -> 

C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/05/07 22:03:02 | 00,000,000 | ---D | M]

libdivx.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\libdivx.dll -> [2009/01/26 19:34:38 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/)

npdivx32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdivx32.dll -> [2009/01/26 19:34:16 | 01,337,648 | ---- | M] (DivX,Inc.)

npdivx32.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdivx32.xpt -> [2009/01/26 19:34:16 | 00,001,607 | ---- | M] ()

npDivxPlayerPlugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npDivxPlayerPlugin.dll -> [2009/02/02 16:57:16 | 00,098,304 | ---- | M] (DivX, Inc)

npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/05/07 22:02:49 | 00,065,528 | ---- | M] (mozilla.org)

npUpload.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npUpload.xpt -> [2007/03/27 01:48:27 | 00,000,535 | ---- | M] ()

nsIDivxPlayerPlugin.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nsIDivxPlayerPlugin.xpt -> [2009/01/26 19:34:24 | 00,000,297 | ---- | M] ()

ssldivx.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ssldivx.dll -> [2009/01/26 19:34:38 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/)

< FireFox SearchPlugins [Program Folders] > -> 

C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2009/05/07 22:03:02 | 00,000,000 | ---D | M]

amazondotcom.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2009/05/07 22:02:52 | 00,001,394 | ---- | M] ()

answers.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\answers.xml -> [2009/05/07 22:02:52 | 00,002,193 | ---- | M] ()

conduit.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\conduit.xml -> [2008/05/27 17:45:02 | 00,000,912 | ---- | M] ()

creativecommons.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2009/05/07 22:02:52 | 00,001,534 | ---- | M] ()

eBay.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2009/05/07 22:02:52 | 00,002,343 | ---- | M] ()

google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2009/05/07 22:02:52 | 00,001,706 | ---- | M] ()

wikipedia.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2009/05/07 22:02:52 | 00,001,178 | ---- | M] ()

yahoo.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\yahoo.xml -> [2009/05/07 22:02:52 | 00,000,792 | ---- | M] ()

< HOSTS File > (163 bytes and 5 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

Reset Hosts

127.0.0.1 localhost

::1 localhost

94.232.248.66 antivirsystem-pro.microsoft.com

94.232.248.66 antivir-system-pro.com

94.232.248.66 www.antivir-system-pro.com

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{201f27d4-3704-41d6-89c1-aa35e39143ed} [HKLM] -> C:\Program Files\AskBarDis\bar\bin\askBar.dll [AskBar BHO] -> [2008/09/29 17:24:28 | 00,325,000 | ---- | M] (Ask.com)

{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2009/05/24 01:08:21 | 00,312,928 | ---- | M] (RealPlayer)

{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)

{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\System32\dla\tfswshx.dll [DriveLetterAccess] -> [2003/08/06 01:04:00 | 00,106,548 | ---- | M] (Sonic Solutions)

{9ECB9560-04F9-4bbc-943D-298DDF1699E1} [HKLM] -> C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [CNisExtBho Class] -> [2003/11/21 15:04:52 | 00,126,976 | ---- | M] (Symantec Corporation)

{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] -> [2009/06/15 20:58:18 | 00,259,696 | ---- | M] (Google Inc.)

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009/04/17 09:43:40 | 00,668,656 | ---- | M] (Google Inc.)

{BDF3E430-B101-42AD-A544-FADC6B084872} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [Google Dictionary Compression sdch] -> [2009/04/22 21:49:37 | 00,470,512 | ---- | M] (Google Inc.)

{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/02/12 20:15:53 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)

{E312764E-7706-43F1-8DAB-FCDD2B1E416D} [HKLM] -> C:\Program Files\Search Settings\kb127\SearchSettings.dll [SearchSettings Class] -> [2008/06/12 17:57:18 | 01,111,904 | ---- | M] (Vendio Services, Inc.)

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/02/12 20:15:54 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

"{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}" [HKLM] -> C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [Web assistant] -> [2003/11/21 15:04:52 | 00,126,976 | ---- | M] (Symantec Corporation)

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar] -> [2009/06/15 20:58:18 | 00,259,696 | ---- | M] (Google Inc.)

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}" [HKLM] -> C:\Program Files\AskBarDis\bar\bin\askBar.dll [Ask Toolbar] -> [2008/09/29 17:24:28 | 00,325,000 | ---- | M] (Ask.com)

"{8E718888-423F-11D2-876E-00A0C9082467}" [HKLM] -> C:\WINDOWS\System32\msdxm.ocx [&Radio] -> [2002/08/29 04:00:00 | 00,842,268 | ---- | M] ()

< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\] > -> HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\Software\Microsoft\Internet Explorer\Toolbar\ -> 

WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" [HKLM] -> C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [Web assistant] -> [2003/11/21 15:04:52 | 00,126,976 | ---- | M] (Symantec Corporation)

WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar] -> [2009/06/15 20:58:18 | 00,259,696 | ---- | M] (Google Inc.)

WebBrowser\\"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" [HKLM] -> C:\Program Files\AskBarDis\bar\bin\askBar.dll [Ask Toolbar] -> [2008/09/29 17:24:28 | 00,325,000 | ---- | M] (Ask.com)

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> [2007/04/19 13:26:00 | 07,700,480 | ---- | M] (NVIDIA Corporation)

"sysldtray" -> C:\windows\ld10.exe [C:\windows\ld10.exe] -> [2009/06/20 10:39:12 | 00,028,160 | -H-- | M] ()

< Run [HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\] > -> HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2009/02/15 00:03:14 | 00,068,856 | ---- | M] (Google Inc.)

"system tool" -> C:\WINDOWS\sysguard.exe [C:\WINDOWS\sysguard.exe] -> [2009/06/20 10:39:11 | 00,292,368 | ---- | M] ()

< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 

< Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup -> 

< j Startup Folder > -> C:\Documents and Settings\j\Start Menu\Programs\Startup -> 

< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

\\"dontdisplaylastusername" ->  [0] -> File not found

\\"legalnoticecaption" ->  [] -> File not found

\\"legalnoticetext" ->  [] -> File not found

\\"shutdownwithoutlogon" ->  [1] -> File not found

\\"undockwithoutlogon" ->  [1] -> File not found

< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDriveTypeAutoRun" ->  [145] -> File not found

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDriveTypeAutoRun" ->  [145] -> File not found

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDriveTypeAutoRun" ->  [145] -> File not found

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDriveTypeAutoRun" ->  [145] -> File not found

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034] > -> HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 

HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDriveTypeAutoRun" ->  [145] -> File not found

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034] > -> HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 

HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

\\"EnableProfileQuota" ->  [1] -> File not found

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{c95fe080-8f5d-11d2-a20b-00aa003c157a}:%SystemRoot%\web\related.htm [HKLM] -> C:\WINDOWS\web\related.htm [Button: @shdoclc.dll,-866] -> [2004/05/12 02:03:00 | 00,000,646 | ---- | M] ()

{c95fe080-8f5d-11d2-a20b-00aa003c157a}:%SystemRoot%\web\related.htm [HKLM] -> C:\WINDOWS\web\related.htm [Menu: @shdoclc.dll,-864] -> [2004/05/12 02:03:00 | 00,000,646 | ---- | M] ()

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)

< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 

CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\WINDOWS\System32\msjava.dll [Web Browser Applet Control] -> File not found

CmdMapping\\"{c95fe080-8f5d-11d2-a20b-00aa003c157a}" [HKLM] ->  [@shdoclc.dll,-866] -> File not found

< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 

CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\WINDOWS\System32\msjava.dll [Web Browser Applet Control] -> File not found

CmdMapping\\"{c95fe080-8f5d-11d2-a20b-00aa003c157a}" [HKLM] ->  [@shdoclc.dll,-866] -> File not found

< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\] > -> HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\Software\Microsoft\Internet Explorer\Extensions\ -> 

CmdMapping\\"{c95fe080-8f5d-11d2-a20b-00aa003c157a}" [HKLM] ->  [@shdoclc.dll,-866] -> File not found

CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

Extension\.avi -> C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll [QuickTime Plug-in 6.3] -> [2009/02/10 14:25:47 | 00,098,304 | ---- | M] (Apple Computer, Inc.)

< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix

"" -> http://

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\] > -> HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\] > -> HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 

{32564D57-0000-0010-8000-00AA00389B71} [HKLM] -> http://codecs.microsoft.com/codecs/i386/wmv8ax.cab [Reg Error: Key error.] -> 

{33564D57-0000-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB [Reg Error: Key error.] -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] -> 

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] -> 

{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab [Java Plug-in 1.4.2] -> 

{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] -> 

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] -> 

< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 

DhcpNameServer -> 10.128.128.128 -> 

< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{B5EB0C26-9A0C-4B44-92AE-D73E2E3EFF46}\\DhcpNameServer -> 10.128.128.128   (Belkin 54g Wireless USB Network Adapter) -> 

{D677C2BB-0FD7-4F71-A262-36F26D611F5C}\\DhcpNameServer -> 10.128.128.128   (Belkin 54g Wireless USB Network Adapter) -> 

< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 

*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 

C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [2009/02/16 16:27:56 | 00,126,464 | ---- | M] ()

*MultiFile Done* -> -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 

Explorer.exe -> C:\WINDOWS\EXPLORER.EXE -> [2002/08/29 04:00:00 | 01,004,032 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> -> 

*TaskMan* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan -> 

C:\RECYCLER\S-1-5-21-4754487835-4127452438-674127808-4936\wnzip32.exe -> C:\RECYCLER\S-1-5-21-4754487835-4127452438-674127808-4936\wnzip32.exe -> [2009/06/19 14:47:14 | 00,096,768 | RHS- | M] ()

*MultiFile Done* -> -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

igfxcui -> C:\WINDOWS\System32\igfxsrvc.dll -> [2003/04/06 23:06:48 | 00,315,392 | ---- | M] (Intel Corporation)

< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 

"C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found

< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 

"AlternateShell" -> cmd.exe -> 

< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->

"AutoRun" -> 1 -> 

"DisplayName" -> CD-ROM Driver -> 

"ImagePath" ->  [System32\DRIVERS\cdrom.sys] -> File not found

< Drives with AutoRun files > ->  -> 

C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2002/09/03 07:59:58 | 00,000,000 | ---- | M] ()

D:\AUTORUN.INF [[AutoRun] | open=setup.exe | icon=setup.exe,0 |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  | ] -> D:\AUTORUN.INF [ CDFS ] -> [2003/07/16 14:55:09 | 00,000,110 | R--- | M] ()

< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 

 

[Registry - Additional Scans - Safe List]

< EventViewer Logs - Last 10 Errors > -> Event Information -> Description

Antivirus [ Error ] 4/14/2009 3:08:23 PM Computer Name = FOUR20 | Source = avast! | ID = 33554522 -> Description = Error in aswChestC: chestOpenList Error 1753.  

Antivirus [ Error ] 4/14/2009 3:08:23 PM Computer Name = FOUR20 | Source = avast! | ID = 33554522 -> Description = aswChestInterface - Program error description: CChestListView::LoadFiles() chestOpenList() failed: 2147422219.  

Antivirus [ Error ] 4/14/2009 3:08:25 PM Computer Name = FOUR20 | Source = avast! | ID = 33554522 -> Description = aswChestInterface - Program error description: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty().  

Antivirus [ Error ] 4/14/2009 3:11:49 PM Computer Name = FOUR20 | Source = avast! | ID = 33554522 -> Description = AAVM - initialization error: Instant Messaging provider: cannot start because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000.  

Antivirus [ Error ] 4/14/2009 3:11:49 PM Computer Name = FOUR20 | Source = avast! | ID = 33554522 -> Description = AAVM - initialization error: P2P provider: cannot start because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000.  

Antivirus [ Error ] 4/14/2009 3:11:49 PM Computer Name = FOUR20 | Source = avast! | ID = 33554522 -> Description = AAVM - initialization error: Standard Shield provider: cannot start because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000.  

Antivirus [ Error ] 5/5/2009 1:23:54 PM Computer Name = FOUR20 | Source = avast! | ID = 33554522 -> Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of D:\autoplay.exe failed, 0000001E.  

Antivirus [ Error ] 6/19/2009 2:54:24 AM Computer Name = FOUR20 | Source = avast! | ID = 33554522 -> Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Program Files\Common Files\SWF Studio\GetURL.dll failed, 00000005.  

Antivirus [ Error ] 6/19/2009 2:54:25 AM Computer Name = FOUR20 | Source = avast! | ID = 33554522 -> Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Program Files\Common Files\SWF Studio\Registry.dll failed, 00000005.  

Antivirus [ Error ] 6/19/2009 9:11:03 PM Computer Name = FOUR20 | Source = avast! | ID = 33554522 -> Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\SoftwareDistribution\Download\d424e8f655073b64c82b6f4f138d5f7e\BIT41.tmp failed, 00000026.  

Application [ Error ] 6/20/2009 12:39:21 PM Computer Name = FOUR20 | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting module mshtml.dll, version 6.0.2800.1106, fault address 0x000f620c.

Application [ Error ] 6/20/2009 1:30:30 PM Computer Name = FOUR20 | Source = Application Error | ID = 1000 -> Description = Faulting application explorer.exe, version 6.0.2800.1106, faulting module unknown, version 0.0.0.0, fault address 0x7621017d.

Application [ Error ] 6/20/2009 1:31:30 PM Computer Name = FOUR20 | Source = Application Error | ID = 1000 -> Description = Faulting application explorer.exe, version 6.0.2800.1106, faulting module unknown, version 0.0.0.0, fault address 0x7621017d.

Application [ Error ] 6/20/2009 1:41:01 PM Computer Name = FOUR20 | Source = Application Error | ID = 1000 -> Description = Faulting application explorer.exe, version 6.0.2800.1106, faulting module unknown, version 0.0.0.0, fault address 0x7621017d.

Application [ Error ] 6/20/2009 1:41:29 PM Computer Name = FOUR20 | Source = Application Error | ID = 1000 -> Description = Faulting application explorer.exe, version 6.0.2800.1106, faulting module unknown, version 0.0.0.0, fault address 0x7621017d.

Application [ Error ] 6/20/2009 1:41:57 PM Computer Name = FOUR20 | Source = Application Error | ID = 1000 -> Description = Faulting application explorer.exe, version 6.0.2800.1106, faulting module unknown, version 0.0.0.0, fault address 0x7621017d.

Application [ Error ] 6/20/2009 1:42:25 PM Computer Name = FOUR20 | Source = Application Error | ID = 1000 -> Description = Faulting application explorer.exe, version 6.0.2800.1106, faulting module unknown, version 0.0.0.0, fault address 0x7621017d.

Application [ Error ] 6/20/2009 1:42:52 PM Computer Name = FOUR20 | Source = Application Error | ID = 1000 -> Description = Faulting application explorer.exe, version 6.0.2800.1106, faulting module unknown, version 0.0.0.0, fault address 0x7621017d.

Application [ Error ] 6/20/2009 1:43:22 PM Computer Name = FOUR20 | Source = Application Error | ID = 1000 -> Description = Faulting application explorer.exe, version 6.0.2800.1106, faulting module unknown, version 0.0.0.0, fault address 0x7621017d.

Application [ Error ] 6/20/2009 1:43:51 PM Computer Name = FOUR20 | Source = Application Error | ID = 1000 -> Description = Faulting application explorer.exe, version 6.0.2800.1106, faulting module unknown, version 0.0.0.0, fault address 0x7621017d.

System [ Error ] 6/20/2009 1:41:27 PM Computer Name = FOUR20 | Source = Service Control Manager | ID = 7034 -> Description = The avast! iAVS4 Control Service service terminated unexpectedly.  It has done this 1 time(s).

System [ Error ] 6/20/2009 1:41:32 PM Computer Name = FOUR20 | Source = Service Control Manager | ID = 7034 -> Description = The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

System [ Error ] 6/20/2009 1:41:44 PM Computer Name = FOUR20 | Source = Service Control Manager | ID = 7034 -> Description = The IMAPI CD-Burning COM Service service terminated unexpectedly.  It has done this 2 time(s).

System [ Error ] 6/20/2009 1:41:50 PM Computer Name = FOUR20 | Source = Service Control Manager | ID = 7034 -> Description = The avast! Antivirus service terminated unexpectedly.  It has done this 1 time(s).

System [ Error ] 6/20/2009 1:42:56 PM Computer Name = FOUR20 | Source = Service Control Manager | ID = 7032 -> Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:   %%1056

System [ Error ] 6/20/2009 1:45:09 PM Computer Name = FOUR20 | Source = Service Control Manager | ID = 7034 -> Description = The COM+ Event System service terminated unexpectedly.  It has done this 3 time(s).

System [ Error ] 6/20/2009 1:45:09 PM Computer Name = FOUR20 | Source = Service Control Manager | ID = 7034 -> Description = The Help and Support service terminated unexpectedly.  It has done this 3 time(s).

System [ Error ] 6/20/2009 1:45:09 PM Computer Name = FOUR20 | Source = Service Control Manager | ID = 7034 -> Description = The Network Connections service terminated unexpectedly.  It has done this 3 time(s).

System [ Error ] 6/20/2009 1:45:09 PM Computer Name = FOUR20 | Source = Service Control Manager | ID = 7034 -> Description = The Network Location Awareness (NLA) service terminated unexpectedly.  It has done this 3 time(s).

System [ Error ] 6/20/2009 1:45:32 PM Computer Name = FOUR20 | Source = Service Control Manager | ID = 7032 -> Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:   %%1056

 

[Files/Folders - Created Within 30 Days]

2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

OTS.exe -> C:\Documents and Settings\j\Desktop\OTS.exe -> [2009/06/20 11:46:33 | 00,510,464 | ---- | C] (OldTimer Tools)

iehelper.dll -> C:\WINDOWS\System32\iehelper.dll -> [2009/06/20 10:49:09 | 00,010,752 | ---- | C] ()

Azureus Downloads -> C:\Documents and Settings\j\My Documents\Azureus Downloads -> [2009/06/20 10:45:36 | 00,000,000 | ---D | C]

[isoHunt] Tribes[1].ReVengeance.PC.Free.Online.Multiplayer.2007-TeamPOOT!.torrent -> C:\Documents and Settings\j\Desktop\[isoHunt] Tribes[1].ReVengeance.PC.Free.Online.Multiplayer.2007-TeamPOOT!.torrent -> [2009/06/20 10:45:16 | 00,041,641 | ---- | C] ()

[isoHunt] Quake_II_Arena[1].4871304.TPB.torrent -> C:\Documents and Settings\j\Desktop\[isoHunt] Quake_II_Arena[1].4871304.TPB.torrent -> [2009/06/20 10:43:14 | 00,019,548 | ---- | C] ()

sysguard.exe -> C:\WINDOWS\sysguard.exe -> [2009/06/20 10:39:22 | 00,292,368 | ---- | C] ()

poykfa.exe -> C:\poykfa.exe -> [2009/06/20 10:39:15 | 00,020,992 | ---- | C] ()

dcitrwx.exe -> C:\dcitrwx.exe -> [2009/06/20 10:39:14 | 00,096,768 | ---- | C] ()

chfyosn.exe -> C:\chfyosn.exe -> [2009/06/20 10:39:14 | 00,009,216 | ---- | C] ()

jf8G.exe -> C:\jf8G.exe -> [2009/06/20 10:39:11 | 00,394,752 | ---- | C] ()

Azureus -> C:\Documents and Settings\j\Application Data\Azureus -> [2009/06/19 23:34:21 | 00,000,000 | ---D | C]

WinRAR -> C:\Documents and Settings\j\Application Data\WinRAR -> [2009/06/19 22:47:42 | 00,000,000 | ---D | C]

Macromedia -> C:\Documents and Settings\j\Application Data\Macromedia -> [2009/06/19 22:35:43 | 00,000,000 | ---D | C]

Adobe -> C:\Documents and Settings\j\Application Data\Adobe -> [2009/06/19 22:35:43 | 00,000,000 | ---D | C]

Mozilla -> C:\Documents and Settings\j\Local Settings\Application Data\Mozilla -> [2009/06/19 22:33:09 | 00,000,000 | ---D | C]

Mozilla -> C:\Documents and Settings\j\Application Data\Mozilla -> [2009/06/19 22:33:09 | 00,000,000 | ---D | C]

Search Settings -> C:\Documents and Settings\j\Application Data\Search Settings -> [2009/06/19 22:32:07 | 00,000,000 | ---D | C]

Google -> C:\Documents and Settings\j\Local Settings\Application Data\Google -> [2009/06/19 22:32:07 | 00,000,000 | ---D | C]

Google -> C:\Documents and Settings\j\Application Data\Google -> [2009/06/19 22:32:07 | 00,000,000 | ---D | C]

Windows Media Player.lnk -> C:\Documents and Settings\j\Desktop\Windows Media Player.lnk -> [2009/06/19 22:30:33 | 00,000,786 | ---- | C] ()

IconCache.db -> C:\Documents and Settings\j\Local Settings\Application Data\IconCache.db -> [2009/06/19 22:29:43 | 05,365,176 | -H-- | C] ()

GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\j\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/06/19 22:29:43 | 00,040,080 | ---- | C] ()

Jasc Software Inc -> C:\Documents and Settings\j\Application Data\Jasc Software Inc -> [2009/06/19 22:29:30 | 00,000,000 | ---D | C]

Identities -> C:\Documents and Settings\j\Application Data\Identities -> [2009/06/19 22:29:30 | 00,000,000 | ---D | C]

NTUSER.DAT -> C:\Documents and Settings\j\NTUSER.DAT -> [2009/06/19 22:29:29 | 01,310,720 | -H-- | C] ()

NTUSER.INI -> C:\Documents and Settings\j\NTUSER.INI -> [2009/06/19 22:29:29 | 00,000,180 | -HS- | C] ()

Microsoft -> C:\Documents and Settings\j\Application Data\Microsoft -> [2009/06/19 22:29:29 | 00,000,000 | --SD | C]

Cookies -> C:\Documents and Settings\j\Cookies -> [2009/06/19 22:29:29 | 00,000,000 | --SD | C]

SendTo -> C:\Documents and Settings\j\SendTo -> [2009/06/19 22:29:29 | 00,000,000 | RH-D | C]

Recent -> C:\Documents and Settings\j\Recent -> [2009/06/19 22:29:29 | 00,000,000 | RH-D | C]

Application Data -> C:\Documents and Settings\j\Application Data -> [2009/06/19 22:29:29 | 00,000,000 | RH-D | C]

Start Menu -> C:\Documents and Settings\j\Start Menu -> [2009/06/19 22:29:29 | 00,000,000 | R--D | C]

My Pictures -> C:\Documents and Settings\j\My Documents\My Pictures -> [2009/06/19 22:29:29 | 00,000,000 | R--D | C]

My Music -> C:\Documents and Settings\j\My Documents\My Music -> [2009/06/19 22:29:29 | 00,000,000 | R--D | C]

My Documents -> C:\Documents and Settings\j\My Documents -> [2009/06/19 22:29:29 | 00,000,000 | R--D | C]

Favorites -> C:\Documents and Settings\j\Favorites -> [2009/06/19 22:29:29 | 00,000,000 | R--D | C]

Desktop -> C:\Documents and Settings\j\Desktop -> [2009/06/19 22:29:29 | 00,000,000 | R--D | C]

Templates -> C:\Documents and Settings\j\Templates -> [2009/06/19 22:29:29 | 00,000,000 | -H-D | C]

PrintHood -> C:\Documents and Settings\j\PrintHood -> [2009/06/19 22:29:29 | 00,000,000 | -H-D | C]

NetHood -> C:\Documents and Settings\j\NetHood -> [2009/06/19 22:29:29 | 00,000,000 | -H-D | C]

Local Settings -> C:\Documents and Settings\j\Local Settings -> [2009/06/19 22:29:29 | 00,000,000 | -H-D | C]

Symantec -> C:\Documents and Settings\j\Application Data\Symantec -> [2009/06/19 22:29:29 | 00,000,000 | ---D | C]

Sun -> C:\Documents and Settings\j\Application Data\Sun -> [2009/06/19 22:29:29 | 00,000,000 | ---D | C]

Sonic -> C:\Documents and Settings\j\Application Data\Sonic -> [2009/06/19 22:29:29 | 00,000,000 | ---D | C]

Real -> C:\Documents and Settings\j\Application Data\Real -> [2009/06/19 22:29:29 | 00,000,000 | ---D | C]

My Videos -> C:\Documents and Settings\j\My Documents\My Videos -> [2009/06/19 22:29:29 | 00,000,000 | ---D | C]

My PSP8 Files -> C:\Documents and Settings\j\My Documents\My PSP8 Files -> [2009/06/19 22:29:29 | 00,000,000 | ---D | C]

Microsoft -> C:\Documents and Settings\j\Local Settings\Application Data\Microsoft -> [2009/06/19 22:29:29 | 00,000,000 | ---D | C]

ApplicationHistory -> C:\Documents and Settings\j\Local Settings\Application Data\ApplicationHistory -> [2009/06/19 22:29:29 | 00,000,000 | ---D | C]

{7148F0A6-6813-11D6-A77B-00B0D0142000} -> C:\Documents and Settings\j\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142000} -> [2009/06/19 22:29:29 | 00,000,000 | ---D | C]

QTFont.qfn -> C:\WINDOWS\QTFont.qfn -> [2009/06/19 21:30:49 | 00,054,156 | -H-- | C] ()

QTFont.for -> C:\WINDOWS\QTFont.for -> [2009/06/19 21:30:49 | 00,001,409 | ---- | C] ()

eSellerateEngine.dll -> C:\WINDOWS\eSellerateEngine.dll -> [2009/06/19 20:44:42 | 00,356,352 | ---- | C] (eSellerate Inc.)

eSellerateControl350.dll -> C:\WINDOWS\eSellerateControl350.dll -> [2009/06/19 20:44:42 | 00,081,920 | ---- | C] (eSellerate Inc.)

True Sword 5 -> C:\Program Files\True Sword 5 -> [2009/06/19 20:44:40 | 00,000,000 | ---D | C]

bits -> C:\WINDOWS\System32\bits -> [2009/06/19 20:13:30 | 00,000,000 | ---D | C]

PreInstall -> C:\WINDOWS\System32\PreInstall -> [2009/06/19 20:13:28 | 00,000,000 | ---D | C]

spupdsvc.exe -> C:\WINDOWS\System32\spupdsvc.exe -> [2009/06/19 19:31:46 | 00,022,752 | ---- | C] (Microsoft Corporation)

010112010146118114.lso -> C:\WINDOWS\010112010146118114.lso -> [2009/06/19 14:47:32 | 00,000,002 | ---- | C] ()

driver -> C:\Program Files\driver -> [2009/06/19 14:47:32 | 00,000,000 | ---D | C]

soc_1245444446.exe -> C:\WINDOWS\soc_1245444446.exe -> [2009/06/19 14:47:26 | 00,047,616 | ---- | C] ()

010112010146118114.dat -> C:\WINDOWS\010112010146118114.dat -> [2009/06/19 14:47:26 | 00,000,002 | ---- | C] ()

ld10.exe -> C:\WINDOWS\ld10.exe -> [2009/06/19 14:47:05 | 00,028,160 | -H-- | C] ()

ipuninst.exe -> C:\WINDOWS\ipuninst.exe -> [2009/06/19 13:22:01 | 00,052,736 | ---- | C] (Interplay Productions)

solcache -> C:\WINDOWS\solcache -> [2009/06/16 21:01:23 | 00,000,000 | ---D | C]

Sierra On-Line -> C:\Program Files\Sierra On-Line -> [2009/06/16 21:00:39 | 00,000,000 | ---D | C]

Sierra.ini -> C:\WINDOWS\Sierra.ini -> [2009/06/16 21:00:28 | 00,000,150 | ---- | C] ()

.jagex_cache_32 -> C:\.jagex_cache_32 -> [2009/06/16 14:55:56 | 00,000,000 | ---D | C]

jmmark2.dat -> C:\WINDOWS\jmmark2.dat -> [2009/06/16 10:59:38 | 00,000,001 | -H-- | C] ()

bf23567.dat -> C:\WINDOWS\bf23567.dat -> [2009/06/16 10:59:38 | 00,000,001 | -H-- | C] ()

zaponce52621.dat -> C:\WINDOWS\zaponce52621.dat -> [2009/06/16 10:59:37 | 00,000,002 | -H-- | C] ()

zaponce52597.dat -> C:\WINDOWS\zaponce52597.dat -> [2009/06/16 10:59:35 | 00,000,002 | -H-- | C] ()

zaponce52689.dat -> C:\WINDOWS\zaponce52689.dat -> [2009/06/16 10:59:33 | 00,000,002 | -H-- | C] ()

zaponce54043.dat -> C:\WINDOWS\zaponce54043.dat -> [2009/06/16 03:19:55 | 00,000,002 | -H-- | C] ()

zaponce53652.dat -> C:\WINDOWS\zaponce53652.dat -> [2009/06/16 02:53:06 | 00,000,002 | -H-- | C] ()

LimeWire -> C:\Program Files\LimeWire -> [2009/06/07 01:38:35 | 00,000,000 | ---D | C]

Ventrilo -> C:\Program Files\Ventrilo -> [2009/06/02 22:51:12 | 00,000,000 | ---D | C]

{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini -> C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini -> [2009/06/02 22:50:49 | 00,000,262 | ---- | C] ()

Wise Installation Wizard -> C:\Program Files\Common Files\Wise Installation Wizard -> [2009/06/02 22:50:37 | 00,000,000 | ---D | C]

War3Unin.dat -> C:\WINDOWS\War3Unin.dat -> [2009/06/02 18:11:09 | 00,063,271 | ---- | C] ()

War3Unin.pif -> C:\WINDOWS\War3Unin.pif -> [2009/06/02 18:11:09 | 00,002,829 | ---- | C] ()

War3Unin.exe -> C:\WINDOWS\War3Unin.exe -> [2009/06/02 18:11:08 | 00,139,264 | ---- | C] (Blizzard Entertainment)

Warcraft III -> C:\Program Files\Warcraft III -> [2009/06/02 17:57:55 | 00,000,000 | ---D | C]

xing shared -> C:\Program Files\Common Files\xing shared -> [2009/05/24 01:08:28 | 00,000,000 | ---D | C]

ucuiinfo.ini -> C:\WINDOWS\System32\ucuiinfo.ini -> [2009/05/15 11:39:54 | 00,005,224 | ---- | C] ()

cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2009/04/28 17:00:14 | 00,000,169 | ---- | C] ()

nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2009/02/16 16:24:11 | 01,703,936 | ---- | C] ()

nview.dll -> C:\WINDOWS\System32\nview.dll -> [2009/02/16 16:24:11 | 01,474,560 | ---- | C] ()

nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2009/02/16 16:24:11 | 01,019,904 | ---- | C] ()

nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2009/02/16 16:24:11 | 00,466,944 | ---- | C] ()

nvnt4cpl.dll -> C:\WINDOWS\System32\nvnt4cpl.dll -> [2009/02/16 16:23:10 | 00,286,720 | ---- | C] ()

nvhwvid.dll -> C:\WINDOWS\System32\nvhwvid.dll -> [2009/02/16 16:23:08 | 00,581,632 | ---- | C] ()

nvapi.dll -> C:\WINDOWS\System32\nvapi.dll -> [2009/02/16 16:22:56 | 00,212,992 | ---- | C] ()

psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2009/02/12 20:54:07 | 00,354,816 | ---- | C] ()

bvrp_pci.sys -> C:\WINDOWS\System32\drivers\bvrp_pci.sys -> [2009/02/12 14:53:11 | 00,004,272 | R--- | C] ()

ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2009/02/12 09:22:06 | 00,000,130 | ---- | C] ()

smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2009/02/10 14:41:50 | 00,000,061 | ---- | C] ()

wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/02/10 14:22:03 | 00,000,138 | ---- | C] ()

fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2004/05/13 20:19:46 | 00,001,793 | ---- | C] ()

OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2004/05/13 19:48:26 | 00,000,549 | ---- | C] ()

px.ini -> C:\WINDOWS\System32\px.ini -> [2003/11/20 12:39:58 | 00,000,000 | ---- | C] ()

BDEMERGE.INI -> C:\WINDOWS\System32\BDEMERGE.INI -> [2003/08/19 12:40:04 | 00,000,258 | ---- | C] ()

ORUN32.INI -> C:\WINDOWS\ORUN32.INI -> [2003/08/19 12:38:56 | 00,000,780 | ---- | C] ()

WIN.INI -> C:\WINDOWS\WIN.INI -> [2002/09/03 07:59:58 | 00,000,592 | ---- | C] ()

SYSTEM.INI -> C:\WINDOWS\SYSTEM.INI -> [2002/09/03 07:50:58 | 00,000,227 | ---- | C] ()

SECDRV.SYS -> C:\WINDOWS\System32\drivers\SECDRV.SYS -> [2002/08/29 04:00:00 | 00,027,440 | ---- | C] ()

 

[Files/Folders - Modified Within 30 Days]

6 C:\Documents and Settings\j\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\j\Local Settings\Temp\*.tmp -> 

9 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 

OTS.exe -> C:\Documents and Settings\j\Desktop\OTS.exe -> [2009/06/20 11:46:38 | 00,510,464 | ---- | M] (OldTimer Tools)

QMGR1.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\QMGR1.DAT -> [2009/06/20 11:31:12 | 00,020,260 | ---- | M] ()

QMGR0.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\QMGR0.DAT -> [2009/06/20 11:31:12 | 00,020,260 | ---- | M] ()

iehelper.dll -> C:\WINDOWS\System32\iehelper.dll -> [2009/06/20 11:30:17 | 00,010,752 | ---- | M] ()

SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/06/20 11:30:09 | 00,000,006 | -H-- | M] ()

nvapps.xml -> C:\WINDOWS\System32\nvapps.xml -> [2009/06/20 11:30:05 | 00,088,723 | ---- | M] ()

BOOTSTAT.DAT -> C:\WINDOWS\BOOTSTAT.DAT -> [2009/06/20 11:29:59 | 00,002,048 | --S- | M] ()

NTUSER.DAT -> C:\Documents and Settings\j\NTUSER.DAT -> [2009/06/20 11:29:18 | 01,310,720 | -H-- | M] ()

NTUSER.INI -> C:\Documents and Settings\j\NTUSER.INI -> [2009/06/20 11:29:18 | 00,000,180 | -HS- | M] ()

IconCache.db -> C:\Documents and Settings\j\Local Settings\Application Data\IconCache.db -> [2009/06/20 11:29:09 | 05,365,176 | -H-- | M] ()

i4jdel0.exe -> C:\Documents and Settings\j\Local Settings\Temp\i4jdel0.exe -> [2009/06/20 10:45:46 | 00,004,608 | ---- | M] ()

i4jdel.exe -> C:\Documents and Settings\j\Local Settings\Temp\e4j14.tmp_dir4255\i4jdel.exe -> [2009/06/20 10:45:20 | 00,004,608 | ---- | M] ()

[isoHunt] Tribes[1].ReVengeance.PC.Free.Online.Multiplayer.2007-TeamPOOT!.torrent -> C:\Documents and Settings\j\Desktop\[isoHunt] Tribes[1].ReVengeance.PC.Free.Online.Multiplayer.2007-TeamPOOT!.torrent -> [2009/06/20 10:45:13 | 00,041,641 | ---- | M] ()

[isoHunt] Quake_II_Arena[1].4871304.TPB.torrent -> C:\Documents and Settings\j\Desktop\[isoHunt] Quake_II_Arena[1].4871304.TPB.torrent -> [2009/06/20 10:43:12 | 00,019,548 | ---- | M] ()

poykfa.exe -> C:\poykfa.exe -> [2009/06/20 10:39:16 | 00,020,992 | ---- | M] ()

dcitrwx.exe -> C:\dcitrwx.exe -> [2009/06/20 10:39:15 | 00,096,768 | ---- | M] ()

chfyosn.exe -> C:\chfyosn.exe -> [2009/06/20 10:39:14 | 00,009,216 | ---- | M] ()

ld10.exe -> C:\WINDOWS\ld10.exe -> [2009/06/20 10:39:12 | 00,028,160 | -H-- | M] ()

jf8G.exe -> C:\jf8G.exe -> [2009/06/20 10:39:11 | 00,394,752 | ---- | M] ()

sysguard.exe -> C:\WINDOWS\sysguard.exe -> [2009/06/20 10:39:11 | 00,292,368 | ---- | M] ()

jf8G.exe -> C:\Documents and Settings\j\Local Settings\Temp\jf8G.exe -> [2009/06/20 10:39:11 | 00,292,368 | ---- | M] ()

975.exe -> C:\Documents and Settings\j\Local Settings\Temp\975.exe -> [2009/06/20 10:38:13 | 00,010,240 | ---- | M] ()

swt-gdip-win32-3448.dll -> C:\Documents and Settings\j\Local Settings\Temp\swt-gdip-win32-3448.dll -> [2009/06/19 23:34:28 | 00,077,824 | ---- | M] (Eclipse Foundation)

swt-win32-3448.dll -> C:\Documents and Settings\j\Local Settings\Temp\swt-win32-3448.dll -> [2009/06/19 23:34:24 | 00,335,872 | ---- | M] (Eclipse Foundation)

i4jdel.exe -> C:\Documents and Settings\j\Local Settings\Temp\e4j22.tmp_dir3852\i4jdel.exe -> [2009/06/19 23:34:19 | 00,004,608 | ---- | M] ()

WIN.INI -> C:\WINDOWS\WIN.INI -> [2009/06/19 23:10:19 | 00,000,592 | ---- | M] ()

SYSTEM.INI -> C:\WINDOWS\SYSTEM.INI -> [2009/06/19 23:10:19 | 00,000,227 | ---- | M] ()

BOOT.INI -> C:\BOOT.INI -> [2009/06/19 23:10:19 | 00,000,194 | RHS- | M] ()

wmpscheme.xml -> C:\WINDOWS\System32\wmpscheme.xml -> [2009/06/19 22:30:36 | 00,025,065 | ---- | M] ()

Windows Media Player.lnk -> C:\Documents and Settings\j\Desktop\Windows Media Player.lnk -> [2009/06/19 22:30:36 | 00,000,786 | ---- | M] ()

imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2009/06/19 22:18:07 | 00,001,917 | ---- | M] ()

Perflib_Perfdata_550.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_550.dat -> [2009/06/19 22:15:14 | 00,016,384 | ---- | M] ()

QTFont.qfn -> C:\WINDOWS\QTFont.qfn -> [2009/06/19 21:30:49 | 00,054,156 | -H-- | M] ()

QTFont.for -> C:\WINDOWS\QTFont.for -> [2009/06/19 21:30:49 | 00,001,409 | ---- | M] ()

Perflib_Perfdata_7a0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7a0.dat -> [2009/06/19 20:14:22 | 00,016,384 | ---- | M] ()

Perflib_Perfdata_624.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_624.dat -> [2009/06/19 20:08:54 | 00,016,384 | ---- | M] ()

PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2009/06/19 19:35:00 | 00,441,626 | ---- | M] ()

PERFH009.DAT -> C:\WINDOWS\System32\PERFH009.DAT -> [2009/06/19 19:35:00 | 00,381,692 | ---- | M] ()

PERFC009.DAT -> C:\WINDOWS\System32\PERFC009.DAT -> [2009/06/19 19:35:00 | 00,053,436 | ---- | M] ()

NCUNINST.EXE -> C:\WINDOWS\NCUNINST.EXE -> [2009/06/19 18:35:23 | 00,045,056 | ---- | M] (Northern Codeworks)

MxlW2k.sys -> C:\WINDOWS\System32\drivers\MxlW2k.sys -> [2009/06/19 18:22:28 | 00,028,256 | ---- | M] (MusicMatch, Inc.)

Perflib_Perfdata_6a0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6a0.dat -> [2009/06/19 18:20:31 | 00,016,384 | ---- | M] ()

Perflib_Perfdata_22c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_22c.dat -> [2009/06/19 18:20:31 | 00,016,384 | ---- | M] ()

Perflib_Perfdata_19c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_19c.dat -> [2009/06/19 18:20:30 | 00,016,384 | ---- | M] ()

Perflib_Perfdata_2f8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2f8.dat -> [2009/06/19 16:51:33 | 00,016,384 | ---- | M] ()

010112010146118114.lso -> C:\WINDOWS\010112010146118114.lso -> [2009/06/19 14:47:32 | 00,000,002 | ---- | M] ()

soc_1245444446.exe -> C:\WINDOWS\soc_1245444446.exe -> [2009/06/19 14:47:26 | 00,047,616 | ---- | M] ()

010112010146118114.dat -> C:\WINDOWS\010112010146118114.dat -> [2009/06/19 14:47:26 | 00,000,002 | ---- | M] ()

Sierra.ini -> C:\WINDOWS\Sierra.ini -> [2009/06/19 13:40:56 | 00,000,150 | ---- | M] ()

ipuninst.exe -> C:\WINDOWS\ipuninst.exe -> [2009/06/19 13:22:01 | 00,052,736 | ---- | M] (Interplay Productions)

WPA.DBL -> C:\WINDOWS\System32\WPA.DBL -> [2009/06/18 20:56:11 | 00,001,170 | ---- | M] ()

jmmark2.dat -> C:\WINDOWS\jmmark2.dat -> [2009/06/16 10:59:38 | 00,000,001 | -H-- | M] ()

bf23567.dat -> C:\WINDOWS\bf23567.dat -> [2009/06/16 10:59:38 | 00,000,001 | -H-- | M] ()

zaponce52621.dat -> C:\WINDOWS\zaponce52621.dat -> [2009/06/16 10:59:37 | 00,000,002 | -H-- | M] ()

zaponce52597.dat -> C:\WINDOWS\zaponce52597.dat -> [2009/06/16 10:59:35 | 00,000,002 | -H-- | M] ()

zaponce52689.dat -> C:\WINDOWS\zaponce52689.dat -> [2009/06/16 10:59:33 | 00,000,002 | -H-- | M] ()

zaponce54043.dat -> C:\WINDOWS\zaponce54043.dat -> [2009/06/16 03:19:55 | 00,000,002 | -H-- | M] ()

zaponce53652.dat -> C:\WINDOWS\zaponce53652.dat -> [2009/06/16 02:53:06 | 00,000,002 | -H-- | M] ()

{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini -> C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini -> [2009/06/02 22:51:21 | 00,000,262 | ---- | M] ()

War3Unin.dat -> C:\WINDOWS\War3Unin.dat -> [2009/06/02 18:26:28 | 00,063,271 | ---- | M] ()

War3Unin.exe -> C:\WINDOWS\War3Unin.exe -> [2009/06/02 18:17:58 | 00,139,264 | ---- | M] (Blizzard Entertainment)

War3Unin.pif -> C:\WINDOWS\War3Unin.pif -> [2009/06/02 18:17:58 | 00,002,829 | ---- | M] ()

Perflib_Perfdata_7f0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7f0.dat -> [2009/05/24 20:57:30 | 00,016,384 | ---- | M] ()

pncrt.dll -> C:\WINDOWS\System32\pncrt.dll -> [2009/05/24 01:07:13 | 00,278,528 | ---- | M] (Real Networks, Inc)

index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [2009/02/10 15:10:29 | 00,016,384 | ---- | M] ()

index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> [2009/02/10 15:10:29 | 00,016,384 | ---- | M] ()

 

[File - Lop Check]

Application Data -> C:\Documents and Settings\Administrator\Application Data -> [2009/06/19 21:56:41 | 00,000,000 | RH-D | M]

Application Data -> C:\Documents and Settings\All Users\Application Data -> [2009/05/03 18:06:59 | 00,000,000 | RH-D | M]

AVS4YOU -> C:\Documents and Settings\All Users\Application Data\AVS4YOU -> [2009/02/14 21:22:05 | 00,000,000 | ---D | M]

Azureus -> C:\Documents and Settings\All Users\Application Data\Azureus -> [2009/05/03 18:06:59 | 00,000,000 | ---D | M]

Blizzard -> C:\Documents and Settings\All Users\Application Data\Blizzard -> [2009/02/12 20:53:31 | 00,000,000 | ---D | M]

Dell -> C:\Documents and Settings\All Users\Application Data\Dell -> [2009/02/10 14:28:18 | 00,000,000 | ---D | M]

SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI -> [2004/05/13 19:42:40 | 00,000,000 | ---D | M]

Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2009/02/10 14:26:00 | 00,000,000 | ---D | M]

Application Data -> C:\Documents and Settings\Default User\Application Data -> [2009/02/10 14:40:00 | 00,000,000 | RH-D | M]

Application Data -> C:\Documents and Settings\Guest\Application Data -> [2009/06/19 00:50:22 | 00,000,000 | RH-D | M]

Search Settings -> C:\Documents and Settings\Guest\Application Data\Search Settings -> [2009/06/19 00:50:15 | 00,000,000 | ---D | M]

Application Data -> C:\Documents and Settings\j\Application Data -> [2009/06/19 23:34:21 | 00,000,000 | RH-D | M]

Azureus -> C:\Documents and Settings\j\Application Data\Azureus -> [2009/06/20 11:29:14 | 00,000,000 | ---D | M]

Search Settings -> C:\Documents and Settings\j\Application Data\Search Settings -> [2009/06/19 22:32:07 | 00,000,000 | ---D | M]

Application Data -> C:\Documents and Settings\LocalService\Application Data -> [2004/05/13 19:42:36 | 00,000,000 | ---D | M]

Application Data -> C:\Documents and Settings\NetworkService\Application Data -> [2004/05/13 19:42:36 | 00,000,000 | ---D | M]

C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2009/02/13 09:49:30 | 00,000,000 | --SD | M]

DESKTOP.INI -> C:\WINDOWS\Tasks\DESKTOP.INI -> [2002/08/29 04:00:00 | 00,000,065 | RH-- | M] ()

ISP signup reminder 1.job -> C:\WINDOWS\Tasks\ISP signup reminder 1.job -> [2009/02/11 12:00:00 | 00,000,258 | ---- | M] ()

SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2009/06/20 11:30:09 | 00,000,006 | -H-- | M] ()

Symantec NetDetect.job -> C:\WINDOWS\Tasks\Symantec NetDetect.job -> [2009/02/10 14:37:25 | 00,000,412 | ---- | M] ()

 

[File - Purity Scan]

 

< End of report >

[Essexboy]

Hi you still have spywareguard and freddie so lets kill 'em. You also havew remnants of Norton on your system whic will not help your speed so I will remove them

One or more of the identified infections is a backdoor Trojan and a key logger.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

You will need to reboot on completion of this run

Start OTS. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Win32 Services - Safe List]
YY -> (ccEvtMgr) Symantec Event Manager [Win32_Own | Disabled | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
YY -> (ccPwdSvc) Symantec Password Validation [Win32_Own | Disabled | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
YY -> (ccSetMgr) Symantec Settings Manager [Win32_Own | Disabled | Stopped] -> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
YY -> (navapsvc) Norton AntiVirus Auto Protect Service [Win32_Own | Disabled | Stopped] -> 
YY -> (SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
[Driver Services - Safe List]
YY -> (SymEvent) SymEvent [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\SYMEVENT.SYS
YY -> (SYMREDRV) SYMREDRV [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
YY -> (SYMTDI) SYMTDI [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\SYMTDI.SYS
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\] > -> 
YN -> HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\: SearchURL\\"provider" -> gogl
< HOSTS File > (163 bytes and 5 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts
YN -> Reset Hosts -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {BDF3E430-B101-42AD-A544-FADC6B084872} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YY -> {E312764E-7706-43F1-8DAB-FCDD2B1E416D} [HKLM] -> C:\Program Files\Search Settings\kb127\SearchSettings.dll [SearchSettings Class]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "sysldtray" -> C:\windows\ld10.exe [C:\windows\ld10.exe]
< Run [HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\] > -> HKEY_USERS\S-1-5-21-3691130017-6011314-1632936268-1034\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "system tool" -> C:\WINDOWS\sysguard.exe [C:\WINDOWS\sysguard.exe]
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*TaskMan* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan
YY -> C:\RECYCLER\S-1-5-21-4754487835-4127452438-674127808-4936\wnzip32.exe -> C:\RECYCLER\S-1-5-21-4754487835-4127452438-674127808-4936\wnzip32.exe
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent]
[Files/Folders - Created Within 30 Days]
NY -> sysguard.exe -> C:\WINDOWS\sysguard.exe
NY -> poykfa.exe -> C:\poykfa.exe
NY -> dcitrwx.exe -> C:\dcitrwx.exe
NY -> chfyosn.exe -> C:\chfyosn.exe
NY -> jf8G.exe -> C:\jf8G.exe
NY -> Symantec -> C:\Documents and Settings\j\Application Data\Symantec
NY -> eSellerateEngine.dll -> C:\WINDOWS\eSellerateEngine.dll
NY -> eSellerateControl350.dll -> C:\WINDOWS\eSellerateControl350.dll
NY -> soc_1245444446.exe -> C:\WINDOWS\soc_1245444446.exe
NY -> 010112010146118114.dat -> C:\WINDOWS\010112010146118114.dat
NY -> ld10.exe -> C:\WINDOWS\ld10.exe
NY -> jmmark2.dat -> C:\WINDOWS\jmmark2.dat
NY -> bf23567.dat -> C:\WINDOWS\bf23567.dat
NY -> zaponce52621.dat -> C:\WINDOWS\zaponce52621.dat
NY -> zaponce52597.dat -> C:\WINDOWS\zaponce52597.dat
NY -> zaponce52689.dat -> C:\WINDOWS\zaponce52689.dat
NY -> zaponce54043.dat -> C:\WINDOWS\zaponce54043.dat
NY -> zaponce53652.dat -> C:\WINDOWS\zaponce53652.dat
[Files/Folders - Modified Within 30 Days]
NY -> i4jdel0.exe -> C:\Documents and Settings\j\Local Settings\Temp\i4jdel0.exe
NY -> i4jdel.exe -> C:\Documents and Settings\j\Local Settings\Temp\e4j14.tmp_dir4255\i4jdel.exe
NY -> poykfa.exe -> C:\poykfa.exe
NY -> dcitrwx.exe -> C:\dcitrwx.exe
NY -> chfyosn.exe -> C:\chfyosn.exe
NY -> ld10.exe -> C:\WINDOWS\ld10.exe
NY -> jf8G.exe -> C:\jf8G.exe
NY -> sysguard.exe -> C:\WINDOWS\sysguard.exe
NY -> jf8G.exe -> C:\Documents and Settings\j\Local Settings\Temp\jf8G.exe
NY -> 975.exe -> C:\Documents and Settings\j\Local Settings\Temp\975.exe
NY -> i4jdel.exe -> C:\Documents and Settings\j\Local Settings\Temp\e4j22.tmp_dir3852\i4jdel.exe
NY -> soc_1245444446.exe -> C:\WINDOWS\soc_1245444446.exe
NY -> 010112010146118114.dat -> C:\WINDOWS\010112010146118114.dat
NY -> bf23567.dat -> C:\WINDOWS\bf23567.dat
NY -> zaponce52621.dat -> C:\WINDOWS\zaponce52621.dat
NY -> zaponce52597.dat -> C:\WINDOWS\zaponce52597.dat
NY -> zaponce52689.dat -> C:\WINDOWS\zaponce52689.dat
NY -> zaponce54043.dat -> C:\WINDOWS\zaponce54043.dat
NY -> zaponce53652.dat -> C:\WINDOWS\zaponce53652.dat
[File - Lop Check]
NY -> Symantec NetDetect.job -> C:\WINDOWS\Tasks\Symantec NetDetect.job
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

I will review the information when it comes back in.

THEN

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

FINALLY

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.