Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infection disabling web searches, malware bytes and avast!

Started by Evallyn , Sep 15 2009 01:45 AM

  • Please log in to reply

#1
Evallyn
Posted 15 September 2009 - 01:45 AM

Evallyn

    New Member

  • Member
  • Pip
  • 1 posts
Hello,
per the instructions on the Malware and Spyware Cleaning guide, I've already gone through all the preparation steps,
however I immediately hit a roadblock because whatever is infecting my computer does not allow me to run malware bytes.
I can open it up to scan (provided i reinstall it) but it only goes through a second of scanning before it shuts off.
Avast! is doing the same thing, on some reboots, it will start going through and scanning, but can't make it for more than a minute or so before it is also disabled.
When using google or yahoo, i can't search. This seems a bit vague, but i've tried searching for the most inane things, and it won't complete the search, it just leaves me with a blank page on both firefox and IE.

Running rootkit results in my computer locking up.

Here is the OTL log I was able to run::

OTL Extras logfile created on: 9/15/2009 2:42:31 AM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\eMMy\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 81.17% Memory free
3.85 Gb Paging File | 3.64 Gb Available in Paging File | 94.53% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.16 Gb Total Space | 293.49 Gb Free Space | 49.23% Space Free | Partition Type: NTFS
Drive D: | 586.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AWESOMECOMPUTER
Current User Name: eMMy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\WINDOWS\system32\lxdecoms.exe" = C:\WINDOWS\system32\lxdecoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Lexmark 4800 Series\lxdeamon.exe" = C:\Program Files\Lexmark 4800 Series\lxdeamon.exe:*:Enabled:Lexmark Device Monitor -- ()
"C:\Program Files\Lexmark 4800 Series\frun.exe" = C:\Program Files\Lexmark 4800 Series\frun.exe:*:Enabled:Lexmark Productivity Studio -- ()
"C:\Program Files\Lexmark 4800 Series\lxdemon.exe" = C:\Program Files\Lexmark 4800 Series\lxdemon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\Documents and Settings\eMMy\Local Settings\Temp\lxde\wireless\ENGLISH\lxdewpss.exe" = C:\Documents and Settings\eMMy\Local Settings\Temp\lxde\wireless\ENGLISH\lxdewpss.exe:*:Enabled: -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Documents and Settings\eMMy\Local Settings\Temp\OpenLieroX_0.57_beta8.win32\OpenLieroX\OpenLieroX.exe" = C:\Documents and Settings\eMMy\Local Settings\Temp\OpenLieroX_0.57_beta8.win32\OpenLieroX\OpenLieroX.exe:*:Disabled:OpenLieroX -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Bethesda Softworks\Fallout 3\Fallout3.exe" = C:\Program Files\Bethesda Softworks\Fallout 3\Fallout3.exe:*:Enabled:Fallout3 -- (Bethesda Softworks)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- ()
"C:\Program Files\Stardock Games\Demigod\bin\Demigod.exe" = C:\Program Files\Stardock Games\Demigod\bin\Demigod.exe:*:Enabled:Demigod -- (Gas Powered Games)
"C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Cyanide\GameCenter\GameCenter.exe" = C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter -- (Cyanide)
"C:\Program Files\Dreamcatcher\Loki\Loki.exe" = C:\Program Files\Dreamcatcher\Loki\Loki.exe:*:Enabled:Loki -- (Cyanide)
"C:\Program Files\Dreamcatcher\Loki\Autorun\AutoRun.exe" = C:\Program Files\Dreamcatcher\Loki\Autorun\AutoRun.exe:*:Enabled:Loki - AutoRun -- (Cyanide)
"C:\Program Files\World of Warcraft Public Test\WoW-0.2.2.10257-enUS-ptr-downloader.exe" = C:\Program Files\World of Warcraft Public Test\WoW-0.2.2.10257-enUS-ptr-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft Public Test\WoW-0.2.2.10357-to-0.2.2.10371-enUS-ptr-downloader.exe" = C:\Program Files\World of Warcraft Public Test\WoW-0.2.2.10357-to-0.2.2.10371-enUS-ptr-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft Public Test\Launcher.exe" = C:\Program Files\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft Public Test\WoW-0.2.2.10371-to-0.2.2.10392-enUS-ptr-downloader.exe" = C:\Program Files\World of Warcraft Public Test\WoW-0.2.2.10371-to-0.2.2.10392-enUS-ptr-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0166E190-92D7-482A-A220-DE8B7354383A}" = Demigod
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{28101984-0BA6-40FD-9ABE-72F62F80C06C}" = Heroes of Might and Magic V Collector Edition
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic ™
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4272516D-0E81-48EF-AB66-7F6E28B4A615}" = Heroes of Might & Magic V: Hammers of Fate
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4CBC27EE-4B2F-4C39-B566-40CCC1452B7C}" = BlackBerry v4.1.0 for the 8700 Series Wireless Handheld
"{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords™
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F7614CC-F33A-4877-8814-49856F441F3C}" = Stardock MyColors
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{948BE614-F37B-4A73-AD43-0245F23C110D}" = Logitech GamePanel Software 2.00
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}" = BlackBerry Desktop Software 4.5
"{DB9ECBEC-F228-460D-8CF7-DCDCC872CBAB}" = STOPzilla
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"BlackBerry_{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}" = BlackBerry Desktop Software 4.5
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CurseClient" = Curse Client
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Demigod" = Demigod
"EADM" = EA Download Manager
"ERUNT_is1" = ERUNT 1.1j
"Fallout 3 - The Pitt" = Fallout 3 - The Pitt
"GameCenter" = GameCenter
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"Lexmark 4800 Series" = Lexmark 4800 Series
"LimeWire" = LimeWire 5.1.2
"Loki" = Loki
"Loki_is1" = Loki
"Luxor" = Luxor (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"NVIDIA Drivers" = NVIDIA Drivers
"Peggle" = Peggle (remove only)
"Peggle Deluxe 1.01" = Peggle Deluxe 1.01
"Pidgin" = Pidgin
"RealPlayer 6.0" = RealPlayer
"Rogue" = Rogue
"Stardock MyColors" = Stardock MyColors
"Typer Shark Deluxe 1.02" = Typer Shark Deluxe 1.02
"UnityWebPlayer" = Unity Web Player
"VLC media player" = VLC media player 1.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Zuma Deluxe RA" = Zuma Deluxe RA

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 9/15/2009 2:21:01 AM | Computer Name = AWESOMECOMPUTER | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\eMMy\My Documents\Malwarebytes' Anti-Malware\mbam.exe
failed, 00000005.

[ Application Events ]
Error - 5/2/2009 12:05:49 AM | Computer Name = AWESOMECOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 8.1.1.10, faulting module
user32.dll, version 5.1.2600.2180, fault address 0x0000c2ba.

Error - 5/22/2009 6:50:09 PM | Computer Name = AWESOMECOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application QuickTimePlayer.exe, version 7.60.92.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/18/2009 8:37:37 AM | Computer Name = AWESOMECOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application AppleMobileDeviceService.exe, version 2.50.39.0,
faulting module AppleMobileDeviceService.exe, version 2.50.39.0, fault address
0x0000fc2d.

Error - 7/10/2009 7:06:09 PM | Computer Name = AWESOMECOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application wowmodelviewer.exe, version 0.0.0.0, faulting
module msvcr90.dll, version 9.0.21022.8, fault address 0x0006c955.

Error - 7/10/2009 7:21:34 PM | Computer Name = AWESOMECOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application wowmodelviewer.exe, version 0.0.0.0, faulting
module msvcr90.dll, version 9.0.21022.8, fault address 0x0006c955.

Error - 7/18/2009 3:04:48 PM | Computer Name = AWESOMECOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application swkotor.exe, version 1.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00f6d6d9.

Error - 7/18/2009 3:04:55 PM | Computer Name = AWESOMECOMPUTER | Source = Application Error | ID = 1001
Description = Fault bucket 1071036807.

Error - 7/21/2009 2:37:00 PM | Computer Name = AWESOMECOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application Fallout3.exe, version 1.6.0.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/21/2009 2:41:31 PM | Computer Name = AWESOMECOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application Fallout3.exe, version 1.6.0.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/25/2009 4:39:03 PM | Computer Name = AWESOMECOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application wowmodelviewer.exe, version 0.0.0.0, faulting
module msvcr90.dll, version 9.0.21022.8, fault address 0x0006c955.

[ System Events ]
Error - 9/15/2009 3:02:17 AM | Computer Name = AWESOMECOMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 9/15/2009 3:04:35 AM | Computer Name = AWESOMECOMPUTER | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following
error: %%5

Error - 9/15/2009 3:04:35 AM | Computer Name = AWESOMECOMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 9/15/2009 3:10:25 AM | Computer Name = AWESOMECOMPUTER | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0xd0000156: Windows XP Service Pack 3 (KB936929).

Error - 9/15/2009 3:11:41 AM | Computer Name = AWESOMECOMPUTER | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070005: Windows XP Service Pack 3 (KB936929).

Error - 9/15/2009 3:16:03 AM | Computer Name = AWESOMECOMPUTER | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070005: Windows XP Service Pack 3 (KB936929).

Error - 9/15/2009 3:21:44 AM | Computer Name = AWESOMECOMPUTER | Source = Service Control Manager | ID = 7034
Description = The STOPzilla Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/15/2009 3:26:04 AM | Computer Name = AWESOMECOMPUTER | Source = Service Control Manager | ID = 7000
Description = The STOPzilla Service service failed to start due to the following
error: %%5

Error - 9/15/2009 3:26:04 AM | Computer Name = AWESOMECOMPUTER | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following
error: %%5

Error - 9/15/2009 3:26:04 AM | Computer Name = AWESOMECOMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.


< End of report >

OTL logfile created on: 9/15/2009 2:42:31 AM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\eMMy\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 81.17% Memory free
3.85 Gb Paging File | 3.64 Gb Available in Paging File | 94.53% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.16 Gb Total Space | 293.49 Gb Free Space | 49.23% Space Free | Partition Type: NTFS
Drive D: | 586.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AWESOMECOMPUTER
Current User Name: eMMy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/08/17 10:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/07/01 23:11:12 | 00,383,488 | ---- | M] (Stardock Systems, Inc) -- C:\Program Files\Stardock\MyColors\wbload.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/05/29 09:07:58 | 00,598,960 | ---- | M] ( ) -- C:\WINDOWS\System32\lxdecoms.exe
PRC - [2009/02/18 14:44:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2006/12/18 22:12:00 | 16,062,464 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2006/12/14 21:59:12 | 00,217,088 | R--- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\winsys2.exe
PRC - [2006/02/28 07:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/09/15 02:41:29 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\eMMy\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 13:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/17 10:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/08/17 11:07:17 | 00,138,680 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Stopped])
SRV - [2009/08/17 11:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2009/08/17 11:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 13:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 23:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2006/02/28 07:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 21:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/07/20 12:28:10 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
SRV - [2007/05/29 09:07:58 | 00,598,960 | ---- | M] ( ) -- C:\WINDOWS\System32\lxdecoms.exe -- (lxde_device [Auto | Running])
SRV - [2008/07/29 21:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/02/18 14:44:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/12/06 23:20:56 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
SRV - [2007/12/06 23:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
SRV - [2008/03/06 16:19:44 | 00,313,840 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
SRV - [2008/03/06 16:19:40 | 01,108,464 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2008/03/06 16:19:44 | 00,170,480 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
SRV - [2009/07/20 14:59:24 | 00,057,344 | R--- | M] () -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver [Auto | Stopped])
SRV - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.9.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.29
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20090524

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/02/28 23:57:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/03/03 21:38:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/02 20:58:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/12 19:07:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/12 19:07:04 | 00,000,000 | ---D | M]

[2009/03/21 17:11:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\mozilla\Extensions
[2009/02/27 17:52:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/21 17:11:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\mozilla\Extensions\[email protected]
[2009/09/14 13:56:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\mozilla\Firefox\Profiles\g5w8ie3k.default\extensions
[2009/05/27 23:05:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\mozilla\Firefox\Profiles\g5w8ie3k.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/05/10 12:49:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\mozilla\Firefox\Profiles\g5w8ie3k.default\extensions\{33A8946C-B859-4f7d-8382-ADAB29623DEE}
[2009/05/27 23:05:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\mozilla\Firefox\Profiles\g5w8ie3k.default\extensions\{558D3F58-1E89-4fe2-A1F1-5EADC7BC77CB}
[2009/04/24 00:00:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\mozilla\Firefox\Profiles\g5w8ie3k.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/05/10 12:49:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\mozilla\Firefox\Profiles\g5w8ie3k.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/05/10 12:49:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\mozilla\Firefox\Profiles\g5w8ie3k.default\extensions\{F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA}
[2009/04/30 11:23:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\mozilla\Firefox\Profiles\g5w8ie3k.default\extensions\[email protected]
[2009/05/27 23:05:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\mozilla\Firefox\Profiles\g5w8ie3k.default\extensions\[email protected]
[2009/05/10 12:49:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\mozilla\Firefox\Profiles\g5w8ie3k.default\extensions\{33A8946C-B859-4f7d-8382-ADAB29623DEE}\chrome\mozapps\extensions
[2009/05/27 23:05:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\mozilla\Firefox\Profiles\g5w8ie3k.default\extensions\{558D3F58-1E89-4fe2-A1F1-5EADC7BC77CB}\chrome\mozapps\extensions
[2009/05/10 12:49:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\mozilla\Firefox\Profiles\g5w8ie3k.default\extensions\{F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA}\chrome\mozapps\extensions
[2009/04/30 11:23:30 | 00,002,273 | ---- | M] () -- C:\Documents and Settings\eMMy\Application Data\Mozilla\FireFox\Profiles\g5w8ie3k.default\searchplugins\ask.xml
[2009/04/30 11:23:30 | 00,000,567 | ---- | M] () -- C:\Documents and Settings\eMMy\Application Data\Mozilla\FireFox\Profiles\g5w8ie3k.default\searchplugins\yahoo.xml
[2009/09/14 13:56:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/12 19:07:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/02 20:58:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/26 17:57:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/09/12 19:07:00 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/12 19:07:00 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/03 19:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/12 19:07:02 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/16 17:16:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/16 17:16:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/16 17:16:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/16 17:16:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/16 17:16:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/16 17:16:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/16 17:16:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/30 02:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 02:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 02:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 02:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 02:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 02:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 02:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ZILLAbar Browser Helper Object) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll (iS3, Inc)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll (iS3, Inc)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [lxdeamon] C:\Program Files\Lexmark 4800 Series\lxdeamon.exe ()
O4 - HKLM..\Run: [lxdemon.exe] C:\Program Files\Lexmark 4800 Series\lxdemon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SW20] C:\WINDOWS\System32\sw20.exe ()
O4 - HKLM..\Run: [SW24] C:\WINDOWS\System32\sw24.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\System32\winsys2.exe (TODO: <Company name>)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [PopRock] C:\DOCUME~1\eMMy\LOCALS~1\Temp\b.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\eMMy\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1252998387390 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 65.24.7.10 65.24.7.11
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\WB: DllName - C:\Program Files\Stardock\MyColors\fastload.dll - C:\Program Files\Stardock\MyColors\fastload.dll (Stardock)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/27 18:24:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/02/28 07:00:00 | 00,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0c22fc94-2572-11de-9a17-00508d9ddb1b}\Shell - "" = AutoRun
O33 - MountPoints2\{0c22fc94-2572-11de-9a17-00508d9ddb1b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c22fc94-2572-11de-9a17-00508d9ddb1b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a6343c48-3f29-11de-9a3b-00508d9ddb1b}\Shell - "" = AutoRun
O33 - MountPoints2\{a6343c48-3f29-11de-9a3b-00508d9ddb1b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a6343c48-3f29-11de-9a3b-00508d9ddb1b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/09/15 02:27:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/09/15 02:21:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/09/15 02:21:21 | 00,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2009/09/15 02:21:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2009/09/15 02:21:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/09/15 02:08:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/09/15 01:56:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/15 01:55:39 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\eMMy\Desktop\NTREGOPT.lnk
[2009/09/15 01:55:39 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\eMMy\Desktop\ERUNT.lnk
[2009/09/15 01:55:38 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/15 01:28:46 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/15 00:21:20 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/09/15 00:21:20 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/09/15 00:21:20 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/09/15 00:21:20 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/09/15 00:21:20 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/09/15 00:21:19 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/09/15 00:21:19 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/09/15 00:21:19 | 00,093,392 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/09/15 00:21:19 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/09/15 00:21:11 | 01,279,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/09/15 00:21:11 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/09/15 00:21:09 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/09/15 00:07:49 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/15 00:02:53 | 00,158,208 | ---- | C] () -- C:\WINDOWS\msa.exe
[2009/09/15 00:02:50 | 00,000,238 | -H-- | C] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/09/15 00:02:48 | 00,000,274 | -H-- | C] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/09/13 10:47:29 | 00,000,951 | ---- | C] () -- C:\Documents and Settings\eMMy\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2009/09/08 14:31:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\eMMy\My Documents\My Spore Creations
[2009/09/08 14:18:17 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\eMMy\Desktop\CCleaner.lnk
[2009/09/03 18:35:16 | 85,386,0607 | ---- | C] () -- C:\Documents and Settings\eMMy\My Documents\ADBEPHSPCS4_LS1.7z
[2009/09/03 18:35:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\eMMy\Application Data\Download Manager
[2009/09/01 22:22:31 | 00,010,710 | ---- | C] () -- C:\Documents and Settings\eMMy\My Documents\Evallyn.xml
[2009/09/01 11:55:11 | 00,000,000 | ---D | C] -- C:\Program Files\World of Warcraft Public Test
[2009/09/01 11:49:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\eMMy\My Documents\3.0.1.8874 US PTR Installer

========== Files - Modified Within 14 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/09/15 02:26:21 | 00,203,402 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/09/15 02:26:20 | 00,000,053 | ---- | M] () -- C:\biosinfo
[2009/09/15 02:25:30 | 00,013,742 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/15 02:25:30 | 00,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/09/15 02:25:30 | 00,000,238 | -H-- | M] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/09/15 02:25:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/15 02:25:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/15 01:55:39 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\eMMy\Desktop\NTREGOPT.lnk
[2009/09/15 01:55:39 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\eMMy\Desktop\ERUNT.lnk
[2009/09/15 01:28:48 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/15 01:16:04 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/09/15 00:21:20 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/09/15 00:07:49 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/15 00:03:16 | 00,247,808 | ---- | M] () -- C:\Documents and Settings\eMMy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/15 00:02:49 | 00,158,208 | ---- | M] () -- C:\WINDOWS\msa.exe
[2009/09/13 10:47:29 | 00,000,951 | ---- | M] () -- C:\Documents and Settings\eMMy\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2009/09/10 12:42:39 | 00,010,710 | ---- | M] () -- C:\Documents and Settings\eMMy\My Documents\Evallyn.xml
[2009/09/08 22:37:06 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/08 14:18:17 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\eMMy\Desktop\CCleaner.lnk
[2009/09/03 18:53:09 | 85,386,0607 | ---- | M] () -- C:\Documents and Settings\eMMy\My Documents\ADBEPHSPCS4_LS1.7z

========== LOP Check ==========

[2009/09/15 02:21:37 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/20 01:22:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/11 09:52:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/05/12 18:02:15 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BE672698-4DAC-4C83-9056-C07C3170F628}
[2009/06/17 15:18:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{D2334D3A-6646-47A1-A058-F70F6FC158E5}
[2009/02/27 18:58:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2009/08/19 18:17:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2009/05/12 17:59:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/03/04 09:46:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/03/25 22:17:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2009/08/26 21:56:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2009/06/12 15:47:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2009/04/09 21:01:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2009/09/15 02:21:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/09/15 02:24:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/05/14 21:34:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/03/03 21:39:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/14 09:27:47 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\eMMy\Application Data
[2009/09/14 15:47:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\.purple
[2009/02/28 15:29:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\Acreon
[2009/07/25 13:08:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\Bioshock
[2009/09/14 18:08:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\BitTorrent
[2009/05/12 18:00:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\DAEMON Tools Lite
[2009/09/15 01:25:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\DNA
[2009/09/03 18:53:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\Download Manager
[2009/08/01 00:42:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\dvdcss
[2009/03/10 21:15:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\GetRightToGo
[2009/08/26 21:56:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\Leadertech
[2009/03/16 18:07:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\Lexmark Productivity Studio
[2009/09/14 09:29:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\LimeWire
[2009/05/26 19:46:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\Private Shell
[2009/04/09 20:52:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\Research In Motion
[2009/03/05 20:43:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\Rogue.140F0B534E676AD25491A378BD6D96164D40676E.1
[2009/04/09 21:50:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\Roxio
[2009/03/04 09:46:30 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\eMMy\Application Data\SecuROM
[2009/03/04 09:47:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\SPORE
[2009/05/12 17:40:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\U3
[2009/02/27 20:06:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\eMMy\Application Data\Ventrilo
[2009/09/08 22:37:06 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2006/02/28 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/15 02:25:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/09/15 02:25:30 | 00,000,238 | -H-- | M] () -- C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/09/15 02:25:30 | 00,000,274 | -H-- | M] () -- C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2006/02/28 07:00:00 | 00,061,952 | ---- | M] () -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2006/02/28 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
[2006/02/28 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logevent.dll
< End of report >


Thanks in advance.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP