ativirus pro

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

ativirus pro

#1 chooie

Group: Member
Posts: 11
Joined: 07-October 09

Posted 07 October 2009 - 09:47 AM

i have downloaded hijack this and had a log anaylized i went through and fixed what was suggested but two things dont seem to be deleted and i seem to have the same problem help please

#2 kahdah

Group: GeekU Moderator
Posts: 15,822
Joined: 13-April 06

Posted 07 October 2009 - 04:42 PM

Hello chooie

Welcome to G2Go.

=====================

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

===========
Download This file. Note its name and save it to your root folder, such as C:\.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
Click on this link to see a list of programs that should be disabled.
Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
Allow the driver to load if asked.
You may be prompted to scan immediately if it detects rootkit activity.
If you are prompted to scan your system click "Yes" to begin the scan.
If not prompted, click the "Rootkit/Malware" tab.
On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
Select all drives that are connected to your system to be scanned.
Click the Scan button to begin. (Please be patient as it can take some time to complete)
When the scan is finished, click Save to save the scan results to your Desktop.
Save the file as Results.log and copy/paste the contents in your next reply.
Exit the program and re-enable all active protection when done.

#3 chooie

Group: Member
Posts: 11
Joined: 07-October 09

Posted 12 October 2009 - 08:20 AM

OTL logfile created on: 10/12/2009 8:12:11 AM - Run 1
OTL by OldTimer - Version 3.0.20.0 Folder = C:\Documents and Settings\Kickaboxofpuppies\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 232.48 Mb Available Physical Memory | 45.45% Memory free
1.22 Gb Paging File | 0.95 Gb Available in Paging File | 77.87% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 233.75 Gb Total Space | 216.47 Gb Free Space | 92.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ARGOS
Current User Name: Kickaboxofpuppies
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Kickaboxofpuppies\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Application Data\Microsoft\Windows\services.exe ()
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (ITGrdEngine [Auto | Running]) -- C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Application Data\Microsoft\Windows\services.exe ()
SRV - (LightScribeService [Auto | Stopped]) -- File not found
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (61883 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\61883.sys (Microsoft Corporation)
DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (Avc [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (b57w2k [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (L8042pr2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys (Logitech, Inc.)
DRV - (LHidFlt2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys (Logitech, Inc.)
DRV - (LHidUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\LHidUsb.Sys (Logitech, Inc.)
DRV - (LMouFlt2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys (Logitech, Inc.)
DRV - (motccgp [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\motccgp.sys (Motorola)
DRV - (motccgpfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\motccgpfl.sys (Motorola)
DRV - (motmodem [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\motmodem.sys (Motorola)
DRV - (motport [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\motport.sys (Motorola)
DRV - (MSDV [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (NPPTNT2 [System | Running]) -- C:\WINDOWS\System32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (NvNdis [Auto | Running]) -- C:\WINDOWS\System32\Drivers\NvNdis.sys (NVIDIA Corporation.)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sfdrv01 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (sfsync03 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfsync03.sys (Protection Technology)
DRV - (sfsync04 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV - (sfvfs02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (StillCam [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (usbcm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbcm.sys (Microsystems Corp)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-790525478-1060284298-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-790525478-1060284298-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-790525478-1060284298-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
IE - HKU\S-1-5-21-790525478-1060284298-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-790525478-1060284298-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-790525478-1060284298-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-790525478-1060284298-839522115-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-790525478-1060284298-839522115-1003\S-1-5-21-790525478-1060284298-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "P2P Max Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1814311&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Startpage"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.startpage.com/"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1814311&SearchSource=2&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/07/29 11:01:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 20:39:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/03/26 20:21:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/24 10:08:38 | 00,000,000 | ---D | M]

[2009/04/19 09:36:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\mozilla\Extensions
[2009/04/19 09:36:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/10/07 09:08:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\mozilla\Firefox\Profiles\v9jbwjq9.default\extensions
[2009/09/03 06:29:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\mozilla\Firefox\Profiles\v9jbwjq9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/19 10:52:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\mozilla\Firefox\Profiles\v9jbwjq9.default\extensions\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}
[2007/10/07 11:19:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\mozilla\Firefox\Profiles\v9jbwjq9.default\extensions\moveplayer@movenetworks.com
[2009/07/16 14:04:02 | 00,000,876 | ---- | M] () -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\Mozilla\FireFox\Profiles\v9jbwjq9.default\searchplugins\conduit.xml
[2009/10/06 08:17:27 | 00,001,589 | ---- | M] () -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\Mozilla\FireFox\Profiles\v9jbwjq9.default\searchplugins\startpage.xml
[2009/10/07 09:08:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/04/17 02:57:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/03/16 02:33:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/03/26 20:21:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2009/03/26 20:21:13 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2009/03/26 20:21:13 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2009/03/26 20:21:13 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2009/03/26 20:21:13 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2009/03/26 20:21:13 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/03/30 05:59:03 | 00,024,672 | ---- | M] (Ask.com) -- C:\Program Files\mozilla firefox\plugins\NPAskSBr.dll
[2007/04/24 10:36:16 | 01,452,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/03/26 20:21:17 | 00,022,656 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/03/13 20:31:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/03/13 20:31:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/03/13 20:31:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/03/13 20:31:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/03/13 20:31:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/03/13 20:31:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/03/13 20:31:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006/02/02 14:56:00 | 00,225,280 | ---- | M] (Virtools SA) -- C:\Program Files\mozilla firefox\plugins\npvirtools.dll
[2009/03/26 20:21:18 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 20:21:18 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 20:21:18 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 20:21:18 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 20:21:18 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/26 20:21:18 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (178345 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 babe.the-killer.bz
O1 - Hosts: 127.0.0.1 www.babe.the-killer.bz
O1 - Hosts: 127.0.0.1 babe.k-lined.com
O1 - Hosts: 127.0.0.1 www.babe.k-lined.com
O1 - Hosts: 127.0.0.1 did.i-used.cc
O1 - Hosts: 127.0.0.1 www.did.i-used.cc
O1 - Hosts: 127.0.0.1 coolwwwsearch.com
O1 - Hosts: 127.0.0.1 www.coolwwwsearch.com
O1 - Hosts: 127.0.0.1 coolwebsearch.com
O1 - Hosts: 127.0.0.1 www.coolwebsearch.com
O1 - Hosts: 127.0.0.1 hi.studioaperto.net
O1 - Hosts: 127.0.0.1 www.hi.studioaperto.net
O1 - Hosts: 127.0.0.1 wazzupnet.com
O1 - Hosts: 127.0.0.1 www.wazzupnet.com
O1 - Hosts: 127.0.0.1 gueb.com
O1 - Hosts: 127.0.0.1 www.gueb.com
O1 - Hosts: 127.0.0.1 kabex.com
O1 - Hosts: 127.0.0.1 www.kabex.com
O1 - Hosts: 127.0.0.1 hityou.com
O1 - Hosts: 127.0.0.1 www.hityou.com
O1 - Hosts: 127.0.0.1 miosearch.com
O1 - Hosts: 127.0.0.1 www.miosearch.com
O1 - Hosts: 127.0.0.1 blue-elefant.com
O1 - Hosts: 127.0.0.1 www.blue-elefant.com
O1 - Hosts: 6333 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-790525478-1060284298-839522115-1003\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-790525478-1060284298-839522115-1003\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-790525478-1060284298-839522115-1003\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Synchronization Manager] C:\WINDOWS\System32\mobsync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-790525478-1060284298-839522115-1003..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-1060284298-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 135 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 134 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 134 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 134 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 134 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-790525478-1060284298-839522115-1003\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-790525478-1060284298-839522115-1003\..Trusted Domains: 134 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1033459336406 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\System32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 () -
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/07 05:09:56 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[2009/09/26 16:27:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XoftSpySE
[2009/09/26 16:45:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\Wind Optimizer
[2009/10/07 14:30:21 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/09/29 15:09:45 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2009/09/25 23:11:45 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/10/07 08:38:03 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/12 08:10:22 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\OTL.exe
[2009/10/07 14:30:45 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/10/07 14:30:45 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/10/07 14:30:44 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/10/07 14:30:42 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/10/07 14:30:41 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/10/07 14:30:41 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/10/07 14:30:41 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/10/07 14:30:41 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/10/07 14:30:23 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/10/07 14:22:02 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\avast_home_setup.exe
[2009/10/07 08:37:24 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\HJTInstall.exe
[2009/09/30 13:12:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kickaboxofpuppies\My Documents\picsofoasis
[2009/09/29 13:15:56 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/09/29 08:08:06 | 04,276,208 | ---- | C] (ParetoLogic Inc.) -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\XoftSpySE_Setup_RW(2).exe

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/10/12 08:10:24 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\OTL.exe
[2009/10/11 21:04:59 | 00,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/11 21:04:41 | 00,091,444 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/10/11 21:04:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/11 21:04:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/07 20:43:13 | 00,009,684 | ---- | M] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\instruct.rtf
[2009/10/07 14:30:46 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/10/07 14:30:41 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/10/07 14:22:00 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\avast_home_setup.exe
[2009/10/07 08:38:04 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\HijackThis.lnk
[2009/10/07 08:37:24 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\HJTInstall.exe
[2009/10/06 08:14:20 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/10/01 10:17:37 | 00,000,421 | ---- | M] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\Shortcut to My Documents.lnk
[2009/09/29 08:22:15 | 00,033,881 | ---- | M] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\Tech-Support-Log-2009-9-29-8-21-46.zip
[2009/09/29 08:08:49 | 04,276,208 | ---- | M] (ParetoLogic Inc.) -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\XoftSpySE_Setup_RW(2).exe
[2009/09/28 10:28:05 | 00,520,908 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/09/28 10:28:05 | 00,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/28 10:28:05 | 00,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/28 10:27:13 | 00,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/27 14:27:56 | 00,028,635 | ---- | M] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\moon and stars.jpg
[2009/09/27 10:46:12 | 00,147,456 | ---- | M] () -- C:\WINDOWS\rdr_1254069965.exe
[2009/09/25 23:06:29 | 00,147,456 | ---- | M] () -- C:\WINDOWS\rdr_1253941588.exe
[2009/09/25 22:50:45 | 00,147,456 | ---- | M] () -- C:\WINDOWS\rdr_1253940644.exe
[2009/09/25 15:19:29 | 00,029,184 | ---- | M] () -- C:\Program Files\Common Files\file.exe
[2009/09/25 15:19:27 | 02,145,893 | ---- | M] () -- C:\Program Files\Common Files\InternetAntivirusPro.exe
[2009/09/25 14:14:53 | 00,147,456 | ---- | M] () -- C:\WINDOWS\rdr_1253909687.exe
[2009/09/24 15:01:56 | 00,000,501 | ---- | M] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\tempura.rtf
[2009/09/23 10:31:19 | 00,002,472 | ---- | M] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\fig chix.rtf
[2009/09/22 10:35:18 | 00,000,001 | ---- | M] () -- C:\WINDOWS\fdgg34353edfgdfdf
[2009/09/22 10:34:53 | 00,000,002 | ---- | M] () -- C:\WINDOWS\010112010146116101.xe
[2009/09/22 10:33:46 | 00,000,002 | ---- | M] () -- C:\WINDOWS\010112010146101105.rx
[2009/09/15 04:59:36 | 01,279,968 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/09/15 04:56:21 | 00,093,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/09/15 04:56:14 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/09/15 04:55:30 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/09/15 04:55:19 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/09/15 04:54:30 | 00,052,368 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/09/15 04:54:21 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/09/15 04:53:24 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/09/15 04:53:01 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

========== Files - No Company Name ==========
[2009/10/07 20:43:13 | 00,009,684 | ---- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\instruct.rtf
[2009/10/07 14:30:46 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/10/07 14:30:23 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/10/07 08:38:04 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\HijackThis.lnk
[2009/10/01 10:17:37 | 00,000,421 | ---- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\Shortcut to My Documents.lnk
[2009/09/29 08:22:15 | 00,033,881 | ---- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\Tech-Support-Log-2009-9-29-8-21-46.zip
[2009/09/27 14:27:56 | 00,028,635 | ---- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\moon and stars.jpg
[2009/09/27 10:46:12 | 00,147,456 | ---- | C] () -- C:\WINDOWS\rdr_1254069965.exe
[2009/09/26 16:00:08 | 00,147,456 | ---- | C] () -- C:\WINDOWS\rdr_1254002407.exe
[2009/09/25 23:06:29 | 00,147,456 | ---- | C] () -- C:\WINDOWS\rdr_1253941588.exe
[2009/09/25 22:50:45 | 00,147,456 | ---- | C] () -- C:\WINDOWS\rdr_1253940644.exe
[2009/09/25 14:14:53 | 00,147,456 | ---- | C] () -- C:\WINDOWS\rdr_1253909687.exe
[2009/09/25 06:09:04 | 02,145,893 | ---- | C] () -- C:\Program Files\Common Files\InternetAntivirusPro.exe
[2009/09/25 06:09:04 | 00,029,184 | ---- | C] () -- C:\Program Files\Common Files\file.exe
[2009/09/24 15:01:56 | 00,000,501 | ---- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\tempura.rtf
[2009/09/23 10:31:19 | 00,002,472 | ---- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\fig chix.rtf
[2009/09/22 10:35:18 | 00,000,001 | ---- | C] () -- C:\WINDOWS\fdgg34353edfgdfdf
[2009/09/22 10:34:53 | 00,000,002 | ---- | C] () -- C:\WINDOWS\010112010146116101.xe
[2009/09/22 10:33:46 | 00,000,002 | ---- | C] () -- C:\WINDOWS\010112010146101105.rx
[2009/03/20 19:30:42 | 00,000,456 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/03/20 18:31:35 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2008/01/19 17:29:24 | 00,000,138 | ---- | C] () -- C:\WINDOWS\APOapp.INI
[2007/09/15 20:10:49 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2006/11/05 11:34:34 | 06,904,672 | -H-- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Application Data\IconCache.db
[2006/03/24 19:06:04 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/03/15 01:24:56 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/26 18:57:15 | 00,104,671 | ---- | C] () -- C:\WINDOWS\System32\AckUtl.dll
[2006/02/18 21:25:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/12/29 00:30:05 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/12/10 03:06:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/10/13 22:32:14 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/10/05 15:00:49 | 00,002,048 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2005/10/05 15:00:49 | 00,002,048 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2005/10/05 15:00:49 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2005/10/05 15:00:49 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2005/10/05 15:00:49 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2005/08/25 21:26:58 | 00,019,184 | ---- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/08/25 21:26:57 | 00,000,140 | ---- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Application Data\fusioncache.dat
[2005/08/02 15:35:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/08/02 15:35:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/08/02 15:35:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/08/02 15:35:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/08/02 15:35:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/08/02 15:35:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/07/28 13:49:53 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/06/09 14:21:02 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/06/09 00:00:10 | 00,134,656 | ---- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/07 12:47:48 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/06/07 05:32:34 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/07 05:12:52 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\desktop.ini
[2005/06/07 00:02:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/04/27 22:22:34 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/04/27 22:22:34 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2003/03/31 06:00:00 | 00,000,908 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/03/31 06:00:00 | 00,000,256 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/03/09 21:31:04 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1999/07/23 12:46:48 | 00,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 09:53:20 | 00,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== LOP Check ==========

[2009/10/07 20:11:01 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2005/12/16 13:51:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2007/06/17 10:50:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashampoo
[2005/12/18 16:35:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2007/09/30 16:43:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2005/06/07 11:38:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2005/10/05 15:00:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2006/02/27 02:18:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2009/04/26 22:02:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2005/07/18 10:20:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2007/09/12 16:14:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/30 21:29:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/26 16:27:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XoftSpySE
[2005/06/07 00:02:24 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2009/09/26 16:45:05 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data
[2005/06/08 22:19:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\.BitTornado
[2005/12/16 15:20:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\Ahead
[2007/05/28 13:03:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\Azureus
[2007/12/13 09:45:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\BitTorrent
[2005/12/18 16:40:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\CyberLink
[2007/02/27 03:46:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\ExecutiveSoftware
[2007/11/02 22:31:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\GetRightToGo
[2008/01/28 00:08:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\Greyfirst
[2006/05/29 22:52:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\Leadertech
[2009/09/20 13:41:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\LimeWire
[2007/10/28 21:26:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\Move Networks
[2006/02/27 02:18:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\MSN6
[2007/08/22 17:06:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\nHancer
[2007/06/06 01:16:17 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\SecuROM
[2009/03/20 14:50:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\SystemRequirementsLab
[2005/06/08 14:57:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\teamspeak2
[2009/05/01 18:04:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\TopicsLearning
[2007/09/09 19:24:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\Turbine
[2009/05/28 07:47:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\Uniblue
[2008/04/08 23:21:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\Ventrilo
[2006/03/24 19:08:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\WhenU
[2009/09/28 10:19:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\Wind Optimizer
[2006/02/04 21:16:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2005/06/07 05:12:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2003/03/31 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/30 21:42:19 | 00,000,446 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
[2009/07/05 19:38:29 | 00,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1237599506.job
[2009/10/11 21:04:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:581B0446
< End of report >

Attached File(s)

OTL.Txt (105.35K)
Number of downloads: 27

#4 chooie

Group: Member
Posts: 11
Joined: 07-October 09

Posted 12 October 2009 - 08:22 AM

sorry it took me a couple of days to get back hope you are still out there

#5 kahdah

Group: GeekU Moderator
Posts: 15,822
Joined: 13-April 06

Posted 12 October 2009 - 11:16 AM

No problem can you run the other program and post that log as well.
Thanks

#6 chooie

Group: Member
Posts: 11
Joined: 07-October 09

Posted 12 October 2009 - 11:23 AM

yeah i just ran a scan and it took quite awile and like a bone head i didnt save it so i have to do it again i guess

#7 kahdah

Group: GeekU Moderator
Posts: 15,822
Joined: 13-April 06

Posted 12 October 2009 - 11:26 AM

Ok please do as I need to see the results.
Thanks.

#8 chooie

Group: Member
Posts: 11
Joined: 07-October 09

Posted 12 October 2009 - 01:09 PM

GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-12 14:06:50
Windows 5.1.2600 Service Pack 3
Running: x740oe31.exe; Driver: C:\DOCUME~1\KICKAB~1\LOCALS~1\Temp\kxtdrpog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF61F46B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF61F4574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF61F4A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF61F414C]
SSDT sptd.sys ZwEnumerateKey [0xF8470FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF8471340]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF61F464E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF61F408C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF61F40F0]
SSDT sptd.sys ZwQueryKey [0xF8471418]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF61F476E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF61F472E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF61F48AE]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F76768AC 5 Bytes JMP 82702770

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F848206C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8482018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F84A49AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F848206C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F846BAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F846BC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F846BB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F846C748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F846C61E] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82BD31E8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBPDO-0 827011E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CA44ADE6-A86A-40D1-A9F6-1BC211845368} 82760790
Device \Driver\dmio \Device\DmControl\DmIoDaemon 82B671E8
Device \Driver\dmio \Device\DmControl\DmConfig 82B671E8
Device \Driver\dmio \Device\DmControl\DmPnP 82B671E8
Device \Driver\dmio \Device\DmControl\DmInfo 82B671E8
Device \Driver\usbohci \Device\USBPDO-1 827011E8
Device \Driver\usbohci \Device\USBPDO-2 827011E8
Device \Driver\usbehci \Device\USBPDO-3 826DF1E8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 82BD51E8
Device \Driver\Cdrom \Device\CdRom0 8292C1E8
Device \Driver\atapi \Device\Ide\IdePort0 [F83ADB40] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F83ADB40] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 [F83ADB40] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F83ADB40] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetBt_Wins_Export 82760790
Device \Driver\NetBT \Device\NetbiosSmb 82760790

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBFDO-0 827011E8
Device \Driver\usbohci \Device\USBFDO-1 827011E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8290A790
Device \Driver\usbohci \Device\USBFDO-2 827011E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8290A790
Device \Driver\usbehci \Device\USBFDO-3 826DF1E8
Device \Driver\Ftdisk \Device\FtControl 82BD51E8
Device \FileSystem\Cdfs \Cdfs 829A4460

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1780767703
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1428782015
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7F 0x66 0xB2 0xA3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7F 0x66 0xB2 0xA3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7F 0x66 0xB2 0xA3 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 2A60F7B3971BE97FD56A0867F8EF1FD1BA825601E4C6FD78439F550B7B7F2549D4D6F7AE4D335E2704C06EE2DAFEBC9E127BECC74CFEBC9E127BECC7
4CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6679DB7CE019D40AA5CA6A0AC4980AC7933A6171C1
1EC38DE3DF95949EE704DAE9C6A07097FE463886B5E29C036822A94E45F1886E983522AC37384811144F007636031A87BB0447AAF3B445C11760AE5B6
48244AA4936508C12D691E57ABD895FD6D570C893249A9BA40F19E606095842CAC176054FE3E8F52FB2C4E58811843D5FA601E08E8174D0C0AFACD6B0
324117F7BB88D4AED01EF07C53674907143EBF305F6FC3B28538CCACB6BE560790C228DBC96CBBEDE594D198638A3DF7FF5DF0B9C897CCC16AA843F48
1317D02C2A41D90B044649A074BDE2CDA22708804FE2ECE44D23C8ADCCC7D5DA0644335D5F6D8913135EEAD8034C62BE2C7BB11DF12D931637299FBDE
C5A9FEE9C845F1F1098E4191F2783013B773B10CDD3E7D583E919FD83FE2568C3B45108F22593D8A529DBF1C36ADBE4D634340D48131A7930BA3DFA32
C612A40CC3443968A371C80DF60008E3249CA413E738959AD59B30A6B2E58204D6043E846AF42D22347CFBB5D207DA2385D537B16ED59C0EE6A372975
A999C023AF85372FB0421883FA0D815FC4A7AEAF27863F89540A9AAC
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0xD6 0x96 0x6D 0x8E ...

---- EOF - GMER 1.0.15 ----

#9 kahdah

Group: GeekU Moderator
Posts: 15,822
Joined: 13-April 06

Posted 13 October 2009 - 05:49 AM

I would like for you to submit some files for me to analyze.

I will need to you show hidden files\folders so we can find the files.
To Set:

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK

Now: using Windows Explorer (to get there right-click your Start button and go to "Explore")
Then navigate to these locations and upload the following files.

C:\WINDOWS\rdr_1254069965.exe
C:\WINDOWS\rdr_1254002407.exe
C:\Program Files\Common Files\file.exe

Click Here to upload the files please.
===============
Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O4 - HKU\S-1-5-21-790525478-1060284298-839522115-1003..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe File not found
[2009/09/27 10:46:12 | 00,147,456 | ---- | M] () -- C:\WINDOWS\rdr_1254069965.exe
[2009/09/25 23:06:29 | 00,147,456 | ---- | M] () -- C:\WINDOWS\rdr_1253941588.exe
[2009/09/25 22:50:45 | 00,147,456 | ---- | M] () -- C:\WINDOWS\rdr_1253940644.exe
[2009/09/25 15:19:29 | 00,029,184 | ---- | M] () -- C:\Program Files\Common Files\file.exe
[2009/09/25 15:19:27 | 02,145,893 | ---- | M] () -- C:\Program Files\Common Files\InternetAntivirusPro.exe
[2009/09/25 14:14:53 | 00,147,456 | ---- | M] () -- C:\WINDOWS\rdr_1253909687.exe
[2009/09/22 10:35:18 | 00,000,001 | ---- | M] () -- C:\WINDOWS\fdgg34353edfgdfdf
[2009/09/22 10:34:53 | 00,000,002 | ---- | M] () -- C:\WINDOWS\010112010146116101.xe
[2009/09/22 10:33:46 | 00,000,002 | ---- | M] () -- C:\WINDOWS\010112010146101105.rx
[2006/03/24 19:08:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\WhenU

:Commands
[emptytemp]
[resethosts]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.

================================Malwarebytes' Anti-Malware=================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================================Follow up scan=================================

Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

#10 chooie

Group: Member
Posts: 11
Joined: 07-October 09

Posted 13 October 2009 - 07:48 AM

i got the hidden files shown but i seem to be blocked from completing the rest of your instructions

#11 chooie

Group: Member
Posts: 11
Joined: 07-October 09

Posted 13 October 2009 - 09:08 AM

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-790525478-1060284298-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Uniblue RegistryBooster 2009 not found.
File C:\WINDOWS\rdr_1254069965.exe not found.
File C:\WINDOWS\rdr_1253941588.exe not found.
File C:\WINDOWS\rdr_1253940644.exe not found.
C:\Program Files\Common Files\file.exe moved successfully.
C:\Program Files\Common Files\InternetAntivirusPro.exe moved successfully.
File C:\WINDOWS\rdr_1253909687.exe not found.
C:\WINDOWS\fdgg34353edfgdfdf moved successfully.
C:\WINDOWS\010112010146116101.xe moved successfully.
C:\WINDOWS\010112010146101105.rx moved successfully.
C:\Documents and Settings\Kickaboxofpuppies\Application Data\WhenU moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Kickaboxofpuppies
->Temp folder emptied: 39146629 bytes
File delete failed. C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 7959390 bytes
->Java cache emptied: 3569522 bytes
File delete failed. C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Application Data\Mozilla\Firefox\Profiles\v9jbwjq9.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Application Data\Mozilla\Firefox\Profiles\v9jbwjq9.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Application Data\Mozilla\Firefox\Profiles\v9jbwjq9.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Application Data\Mozilla\Firefox\Profiles\v9jbwjq9.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Application Data\Mozilla\Firefox\Profiles\v9jbwjq9.default\XUL.mfl scheduled to be deleted on reboot.
->FireFox cache emptied: 53261905 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 672267 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_590.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 49635 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 99.94 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.0.20.0 log created on 10132009_100344

Files\Folders moved on Reboot...
C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Application Data\Mozilla\Firefox\Profiles\v9jbwjq9.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Application Data\Mozilla\Firefox\Profiles\v9jbwjq9.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Application Data\Mozilla\Firefox\Profiles\v9jbwjq9.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Application Data\Mozilla\Firefox\Profiles\v9jbwjq9.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Application Data\Mozilla\Firefox\Profiles\v9jbwjq9.default\XUL.mfl moved successfully.
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_590.dat moved successfully.

Registry entries deleted on Reboot...

#12 chooie

Group: Member
Posts: 11
Joined: 07-October 09

Posted 13 October 2009 - 09:36 AM

OTL logfile created on: 10/13/2009 10:13:37 AM - Run 2
OTL by OldTimer - Version 3.0.20.0 Folder = C:\Documents and Settings\Kickaboxofpuppies\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 251.41 Mb Available Physical Memory | 49.15% Memory free
1.22 Gb Paging File | 0.94 Gb Available in Paging File | 76.84% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 233.75 Gb Total Space | 217.05 Gb Free Space | 92.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ARGOS
Current User Name: Kickaboxofpuppies
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Kickaboxofpuppies\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Application Data\Microsoft\Windows\services.exe ()
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
PRC - C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (ITGrdEngine [Auto | Running]) -- C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Application Data\Microsoft\Windows\services.exe ()
SRV - (LightScribeService [Auto | Stopped]) -- File not found
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (61883 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\61883.sys (Microsoft Corporation)
DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (Avc [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (b57w2k [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (L8042pr2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys (Logitech, Inc.)
DRV - (LHidFlt2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys (Logitech, Inc.)
DRV - (LHidUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\LHidUsb.Sys (Logitech, Inc.)
DRV - (LMouFlt2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys (Logitech, Inc.)
DRV - (motccgp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\motccgp.sys (Motorola)
DRV - (motccgpfl [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\motccgpfl.sys (Motorola)
DRV - (motmodem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\motmodem.sys (Motorola)
DRV - (motport [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\motport.sys (Motorola)
DRV - (MSDV [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (NPPTNT2 [System | Running]) -- C:\WINDOWS\System32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (NvNdis [Auto | Running]) -- C:\WINDOWS\System32\Drivers\NvNdis.sys (NVIDIA Corporation.)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sfdrv01 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (sfsync03 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfsync03.sys (Protection Technology)
DRV - (sfsync04 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV - (sfvfs02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (StillCam [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (usbcm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbcm.sys (Microsystems Corp)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "P2P Max Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-iobit&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-iobit&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/07/29 11:01:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 20:39:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/03/26 20:21:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/24 10:08:38 | 00,000,000 | ---D | M]

[2009/04/19 09:36:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\mozilla\Extensions
[2009/04/19 09:36:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/10/13 08:53:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\mozilla\Firefox\Profiles\v9jbwjq9.default\extensions
[2009/09/03 06:29:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\mozilla\Firefox\Profiles\v9jbwjq9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/13 09:23:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\mozilla\Firefox\Profiles\v9jbwjq9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/19 10:52:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\mozilla\Firefox\Profiles\v9jbwjq9.default\extensions\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}
[2007/10/07 11:19:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\mozilla\Firefox\Profiles\v9jbwjq9.default\extensions\moveplayer@movenetworks.com
[2009/07/16 14:04:02 | 00,000,876 | ---- | M] () -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\Mozilla\FireFox\Profiles\v9jbwjq9.default\searchplugins\conduit.xml
[2009/10/12 10:07:15 | 00,001,589 | ---- | M] () -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\Mozilla\FireFox\Profiles\v9jbwjq9.default\searchplugins\startpage.xml
[2009/10/12 10:07:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/04/17 02:57:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/03/16 02:33:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/03/26 20:21:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2009/03/26 20:21:13 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2009/03/26 20:21:13 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2009/03/26 20:21:13 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2009/03/26 20:21:13 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2009/03/26 20:21:13 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/03/30 05:59:03 | 00,024,672 | ---- | M] (Ask.com) -- C:\Program Files\mozilla firefox\plugins\NPAskSBr.dll
[2007/04/24 10:36:16 | 01,452,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/03/26 20:21:17 | 00,022,656 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/03/13 20:31:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/03/13 20:31:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/03/13 20:31:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/03/13 20:31:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/03/13 20:31:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/03/13 20:31:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/03/13 20:31:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006/02/02 14:56:00 | 00,225,280 | ---- | M] (Virtools SA) -- C:\Program Files\mozilla firefox\plugins\npvirtools.dll
[2009/03/26 20:21:18 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 20:21:18 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 20:21:18 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 20:21:18 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 20:21:18 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/26 20:21:18 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (56 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Synchronization Manager] C:\WINDOWS\System32\mobsync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 135 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1033459336406 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.93.41.127 24.93.41.128
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\System32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 () -
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/07 05:09:56 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/26 16:27:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XoftSpySE
[2009/10/13 08:53:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\IObit
[2009/09/26 16:45:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\Wind Optimizer
[2009/10/07 14:30:21 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/09/29 15:09:45 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2009/10/13 08:53:36 | 00,000,000 | ---D | C] -- C:\Program Files\IObit
[2009/09/25 23:11:45 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/10/07 08:38:03 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/13 10:02:50 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/13 08:51:28 | 07,999,712 | ---- | C] (IObit ) -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\asc-mjh.exe
[2009/10/12 12:34:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\New Folder
[2009/10/12 08:10:22 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\OTL.exe
[2009/10/07 14:30:45 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/10/07 14:30:45 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/10/07 14:30:44 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/10/07 14:30:42 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/10/07 14:30:41 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/10/07 14:30:41 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/10/07 14:30:41 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/10/07 14:30:41 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/10/07 14:30:23 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/10/07 14:22:02 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\avast_home_setup.exe
[2009/10/07 08:37:24 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\HJTInstall.exe
[2009/09/30 13:12:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kickaboxofpuppies\My Documents\picsofoasis
[2009/09/29 13:15:56 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy

========== Files - Modified Within 30 Days ==========

[2009/10/13 10:06:50 | 00,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/13 10:06:27 | 00,091,444 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/10/13 10:06:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/13 10:06:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/13 10:04:44 | 06,928,450 | -H-- | M] () -- C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Application Data\IconCache.db
[2009/10/13 10:04:37 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2009/10/13 08:53:49 | 00,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2009/10/13 08:53:49 | 00,000,165 | ---- | M] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\IObit Freeware.url
[2009/10/13 08:52:52 | 07,999,712 | ---- | M] (IObit ) -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\asc-mjh.exe
[2009/10/12 14:07:29 | 00,012,983 | ---- | M] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\gem.rtf
[2009/10/12 10:25:00 | 00,290,816 | ---- | M] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\x740oe31.exe
[2009/10/12 08:10:24 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\OTL.exe
[2009/10/07 20:43:13 | 00,009,684 | ---- | M] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\instruct.rtf
[2009/10/07 14:30:46 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/10/07 14:30:41 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/10/07 14:22:00 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\avast_home_setup.exe
[2009/10/07 08:38:04 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\HijackThis.lnk
[2009/10/07 08:37:24 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\HJTInstall.exe
[2009/10/06 08:14:20 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/10/01 10:17:37 | 00,000,421 | ---- | M] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\Shortcut to My Documents.lnk
[2009/09/29 08:22:15 | 00,033,881 | ---- | M] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\Tech-Support-Log-2009-9-29-8-21-46.zip
[2009/09/28 10:28:05 | 00,520,908 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/09/28 10:28:05 | 00,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/28 10:28:05 | 00,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/28 10:27:13 | 00,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/27 14:27:56 | 00,028,635 | ---- | M] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\moon and stars.jpg
[2009/09/24 15:01:56 | 00,000,501 | ---- | M] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\tempura.rtf
[2009/09/23 10:31:19 | 00,002,472 | ---- | M] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\fig chix.rtf
[2009/09/15 04:59:36 | 01,279,968 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/09/15 04:56:21 | 00,093,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/09/15 04:56:14 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/09/15 04:55:30 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/09/15 04:55:19 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/09/15 04:54:30 | 00,052,368 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/09/15 04:54:21 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/09/15 04:53:24 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/09/15 04:53:01 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

========== Files - No Company Name ==========
[2009/10/13 08:53:49 | 00,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2009/10/13 08:53:49 | 00,000,165 | ---- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\IObit Freeware.url
[2009/10/12 14:07:29 | 00,012,983 | ---- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\gem.rtf
[2009/10/12 10:25:09 | 00,290,816 | ---- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\x740oe31.exe
[2009/10/07 20:43:13 | 00,009,684 | ---- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\instruct.rtf
[2009/10/07 14:30:46 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/10/07 14:30:23 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/10/07 08:38:04 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\HijackThis.lnk
[2009/10/01 10:17:37 | 00,000,421 | ---- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\Shortcut to My Documents.lnk
[2009/09/29 08:22:15 | 00,033,881 | ---- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\Tech-Support-Log-2009-9-29-8-21-46.zip
[2009/09/27 14:27:56 | 00,028,635 | ---- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\moon and stars.jpg
[2009/09/24 15:01:56 | 00,000,501 | ---- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\tempura.rtf
[2009/09/23 10:31:19 | 00,002,472 | ---- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Desktop\fig chix.rtf
[2009/03/20 18:31:35 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2008/01/19 17:29:24 | 00,000,138 | ---- | C] () -- C:\WINDOWS\APOapp.INI
[2007/09/15 20:10:49 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2006/11/05 11:34:34 | 06,928,450 | -H-- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Application Data\IconCache.db
[2006/03/24 19:06:04 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/03/15 01:24:56 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/26 18:57:15 | 00,104,671 | ---- | C] () -- C:\WINDOWS\System32\AckUtl.dll
[2006/02/18 21:25:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/12/29 00:30:05 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/12/10 03:06:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/10/13 22:32:14 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/10/05 15:00:49 | 00,002,048 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2005/10/05 15:00:49 | 00,002,048 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2005/10/05 15:00:49 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2005/10/05 15:00:49 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2005/10/05 15:00:49 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2005/08/25 21:26:58 | 00,019,184 | ---- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/08/25 21:26:57 | 00,000,140 | ---- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Application Data\fusioncache.dat
[2005/08/02 15:35:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/08/02 15:35:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/08/02 15:35:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/08/02 15:35:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/08/02 15:35:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/08/02 15:35:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/07/28 13:49:53 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/06/09 14:21:02 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/06/09 00:00:10 | 00,134,656 | ---- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/07 12:47:48 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/06/07 05:32:34 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/07 05:12:52 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Kickaboxofpuppies\Application Data\desktop.ini
[2005/06/07 00:02:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/04/27 22:22:34 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/04/27 22:22:34 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2003/03/31 06:00:00 | 00,000,908 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/03/31 06:00:00 | 00,000,256 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/03/09 21:31:04 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1999/07/23 12:46:48 | 00,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 09:53:20 | 00,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:581B0446
< End of report >

#13 kahdah

Group: GeekU Moderator
Posts: 15,822
Joined: 13-April 06

Posted 13 October 2009 - 09:15 PM

Malwarebytes wont run?

#14 chooie

Group: Member
Posts: 11
Joined: 07-October 09

Posted 14 October 2009 - 07:44 AM

i seem to be blocked from even downloading it ill try again but i tried about 40 time yesterday

#15 chooie

Group: Member
Posts: 11
Joined: 07-October 09

Posted 14 October 2009 - 08:08 AM

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

10/14/2009 9:06:20 AM
mbam-log-2009-10-14 (09-06-20).txt

Scan type: Quick Scan
Objects scanned: 87949
Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 5

Memory Processes Infected:
C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Application Data\Microsoft\Windows\services.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{b1e22eb8-2ae8-4e8e-96ae-74f2a1764533} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{bdbebf18-7615-4971-9ac3-bd6ffb7ad6c1} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{be2ed590-ca49-46b5-8cce-244fb2e0d1aa} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\itgrdengine (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\itgrdengine (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\itgrdengine (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\DLP.dll (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\prs (Rogue.InternetAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\uniname (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\atoutby (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Kickaboxofpuppies\Application Data\Wind Optimizer (Rogue.WindOptimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kickaboxofpuppies\Application Data\Wind Optimizer\db (Rogue.WindOptimizer) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Kickaboxofpuppies\Application Data\Wind Optimizer\db\Settings.ini (Rogue.WindOptimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kickaboxofpuppies\Application Data\Wind Optimizer\db\Urls.inf (Rogue.WindOptimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Application Data\Microsoft\Windows\pguard.ini (Rogue.InternetAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kickaboxofpuppies\Local Settings\Application Data\Microsoft\Windows\services.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kickaboxofpuppies\My Documents\My Pictures\juli mae's art\atoutby.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Back to Virus, Spyware, Malware Removal

Share this topic:

2 Pages
1
2
→

Please log in to reply

ativirus pro - Geeks to Go Forums

ativirus pro

#1 chooie

#2 kahdah

#3 chooie

Attached File(s)

#4 chooie

#5 kahdah

#6 chooie

#7 kahdah

#8 chooie

#9 kahdah

#10 chooie

#11 chooie

#12 chooie

#13 kahdah

#14 chooie

#15 chooie

Share this topic:

Related Topics: