ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/12 06:16
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF3781000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A40000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xBAFB8000 Size: 49152 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf38786b8
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf3878574
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf3878a52
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf387814c
#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf387864e
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf387808c
#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf38780f0
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf387876e
#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf387872e
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf38788ae
==EOF==
Malwarebytes' Anti-Malware:
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3
12/11/2009 6:35:51 AM
mbam-log-2009-11-12 (06-35-51).txt
Scan type: Quick Scan
Objects scanned: 133660
Time elapsed: 6 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
OTL:
OTL logfile created on: 12/11/2009 6:37:05 AM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Program Files\HIJACKTHIS
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
1023.48 Mb Total Physical Memory | 319.66 Mb Available Physical Memory | 31.23% Memory free
2.40 Gb Paging File | 1.84 Gb Available in Paging File | 76.73% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 330.34 Gb Total Space | 1.70 Gb Free Space | 0.52% Space Free | Partition Type: NTFS
Drive D: | 5.00 Gb Total Space | 0.67 Gb Free Space | 13.41% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MAIN
Current User Name: rian
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/11/12 06:18:08 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Program Files\HIJACKTHIS\OTL.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/15 02:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/09/15 02:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/09/15 02:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/09/15 02:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/09/15 02:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/11/07 10:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/11/01 05:22:22 | 00,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\rian\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2008/10/01 10:22:50 | 01,679,360 | ---- | M] (D-Link) -- C:\Program Files\D-Link\DWA-130\AirNCFG.exe
PRC - [2008/08/29 06:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/07/11 12:51:32 | 00,423,200 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2008/07/09 07:58:42 | 00,143,360 | ---- | M] () -- C:\WINDOWS\system32\ANIWConnService.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/24 22:57:10 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2007/12/04 21:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/04/30 14:43:54 | 03,450,608 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2007/04/03 18:43:59 | 00,704,512 | ---- | M] (mental images GmbH) -- C:\spm\spmd.exe
PRC - [2007/03/06 18:20:00 | 00,536,576 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2007/01/29 16:12:14 | 00,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2007/01/19 10:49:04 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2006/10/18 16:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/10/18 16:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2006/10/09 12:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
PRC - [2005/08/05 09:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005/08/05 09:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2005/08/05 09:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
PRC - [2005/08/05 09:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2004/02/24 11:05:58 | 00,508,416 | ---- | M] (Chicony) -- C:\WINDOWS\mHotkey.exe
PRC - [2004/02/03 14:15:54 | 05,794,816 | ---- | M] (Chicony) -- C:\WINDOWS\CNYHKey.exe
PRC - [2003/06/19 20:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
========== Modules (SafeList) ==========
MOD - [2009/11/12 06:18:08 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Program Files\HIJACKTHIS\OTL.exe
MOD - [2008/04/13 16:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 16:12:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll
MOD - [2008/04/13 16:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2007/12/04 21:41:00 | 01,474,560 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2007/12/04 21:41:00 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
MOD - [2007/04/30 14:18:50 | 00,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
MOD - [2003/05/27 14:13:02 | 00,024,576 | ---- | M] () -- C:\WINDOWS\HKCYDLL.dll
========== Win32 Services (SafeList) ==========
SRV - File not found -- -- (IDriverT)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/15 02:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/09/15 02:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/09/15 02:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/09/15 02:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/24 15:19:37 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/14 04:10:45 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9a49dec611198)
SRV - [2008/11/07 10:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 06:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/29 16:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 14:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 14:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 06:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 06:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/07/09 07:58:42 | 00,143,360 | ---- | M] () -- C:\WINDOWS\system32\ANIWConnService.exe -- (ANIWConnService)
SRV - [2008/04/13 16:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/02/24 22:57:10 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008/02/17 19:36:37 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/12/04 21:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2007/04/03 18:43:59 | 00,704,512 | ---- | M] (mental images GmbH) -- C:\spm\spmd.exe -- (spmd)
SRV - [2007/01/19 10:49:26 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2006/10/18 16:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/10/09 12:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2005/08/05 09:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched)
SRV - [2005/08/05 09:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc)
SRV - [2003/06/19 20:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/28 00:51:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/11 06:17:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/29 18:42:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/04 20:05:56 | 00,000,000 | ---D | M]
[2008/10/30 22:59:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Mozilla\Extensions
[2008/10/30 22:59:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/10/30 23:09:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Mozilla\Firefox\Profiles\udizr1zo.default\extensions
[2009/11/03 16:52:18 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/02/06 16:53:20 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/02 12:00:56 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/03/11 06:18:17 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/09/28 18:18:52 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/03 16:52:19 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/02/06 16:53:05 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/02/06 16:53:06 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/01/16 14:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/02/06 16:53:09 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/10/29 18:42:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/10/29 18:42:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/10/29 18:42:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/10/29 18:42:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/10/29 18:42:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/10/29 18:42:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/10/29 18:42:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/02/06 16:53:12 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/02/06 16:53:12 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/02/06 16:53:12 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/02/06 16:53:12 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/02/06 16:53:12 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/02/06 16:53:12 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/02/06 16:53:12 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
O1 HOSTS File: (909 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe (Chicony)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-130] C:\Program Files\D-Link\DWA-130\AirNCFG.exe (D-Link)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ledpointer] C:\WINDOWS\CNYHKey.exe (Chicony)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\HIJACKTHIS\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\rian\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe File not found
O4 - Startup: C:\Documents and Settings\rian\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\rian\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\Msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\Msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: 27 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.micr...tualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1125069054531 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1253501223630 (MUWebControl Class)
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} http://secure2.comne...login-devel.cab (SecureLogin class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zon...ot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/26 16:45:27 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/26 16:44:51 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[2009/11/12 06:08:15 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/11/11 00:19:11 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\rian\Recent
[2009/11/02 16:12:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\rian\Application Data\YouSendIt
[2009/10/29 18:35:44 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/10/29 17:55:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\rian\My Documents\ACTUAL Photoshop Project Files
[2009/10/29 16:42:47 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/10/29 16:42:47 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/10/29 16:42:47 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/10/29 16:42:46 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/10/29 16:42:46 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/10/29 16:42:46 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/10/29 16:42:45 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/10/29 16:42:45 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/10/29 16:42:26 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/02/09 07:09:28 | 00,090,112 | R--- | C] ( ) -- C:\WINDOWS\System32\SCCD3X02.DLL
[2007/11/13 15:29:50 | 00,099,471 | ---- | C] (Uniblue Software) -- C:\Program Files\UBVarRB.dll
[2006/03/09 14:01:07 | 08,632,672 | ---- | C] (Nullsoft, Inc.) -- C:\Program Files\winamp52_full_bundle_emusic-7plus.exe
[2006/02/28 22:46:24 | 02,865,380 | ---- | C] (FilmLoop Inc.) -- C:\Program Files\FilmLoopSetup.exe
[2006/02/23 12:49:17 | 12,754,672 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MP10Setup.exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2009/11/12 06:32:24 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{616B6437-357A-4108-9B1C-68464B844E56}.job
[2009/11/12 06:15:40 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\rian\Desktop\settings.dat
[2009/11/12 06:00:02 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/12 04:27:01 | 00,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{55B64740-2EDE-4EF3-95FC-5DF5473EA78C}
[2009/11/12 04:26:54 | 00,000,005 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{55B64740-2EDE-4EF3-95FC-5DF5473EA78C}
[2009/11/12 04:26:44 | 00,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2009/11/12 04:26:35 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/11/12 04:26:14 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/12 04:25:38 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/12 04:25:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/12 04:25:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/12 04:25:21 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/11 22:33:19 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\rian\ntuser.ini
[2009/11/11 22:33:18 | 14,417,920 | -H-- | M] () -- C:\Documents and Settings\rian\NTUSER.DAT
[2009/11/11 09:05:25 | 00,205,824 | ---- | M] () -- C:\Documents and Settings\rian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/11 00:09:58 | 00,000,254 | -H-- | M] () -- C:\Documents and Settings\rian\Desktop\f a c e b o o k.url
[2009/11/10 23:49:56 | 00,000,196 | -H-- | M] () -- C:\Documents and Settings\rian\Desktop\W I K I.url
[2009/11/10 22:20:29 | 01,612,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/09 15:43:56 | 00,000,289 | -H-- | M] () -- C:\Documents and Settings\rian\Desktop\YAHOO.url
[2009/11/04 18:02:12 | 00,540,894 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/04 18:02:12 | 00,454,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/04 18:02:12 | 00,076,960 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/04 17:53:49 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/29 16:42:47 | 00,001,718 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\avast!.lnk
[2009/10/29 16:42:46 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/10/29 15:57:49 | 00,000,776 | ---- | M] () -- C:\Documents and Settings\rian\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
========== Files Created - No Company Name ==========
[2009/11/12 06:15:40 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\rian\Desktop\settings.dat
[2009/10/31 01:55:28 | 00,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/31 01:55:28 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/29 16:42:47 | 00,001,718 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\avast!.lnk
[2009/10/29 16:42:26 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/10/29 15:57:49 | 00,000,776 | ---- | C] () -- C:\Documents and Settings\rian\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/09/29 21:43:21 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\wlanapp.dll
[2009/09/29 21:43:21 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2009/09/29 21:42:46 | 00,385,024 | ---- | C] () -- C:\WINDOWS\System32\ANIOWPS.dll
[2009/09/19 18:42:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\swunilog.ini
[2009/07/21 20:08:29 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/03/17 11:11:46 | 04,239,130 | -H-- | C] () -- C:\Documents and Settings\rian\Local Settings\Application Data\IconCache.db
[2009/03/15 06:38:02 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/02/09 07:09:26 | 00,131,072 | R--- | C] () -- C:\WINDOWS\System32\SCCD3X01.DLL
[2008/10/17 12:13:25 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/10/17 12:13:25 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/10/17 11:55:37 | 00,000,212 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/10/17 11:55:37 | 00,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/10/17 11:49:44 | 00,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/09/15 16:14:24 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/15 16:12:02 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/15 16:12:02 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/15 16:11:10 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/08/13 12:05:01 | 00,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2008/08/13 10:32:07 | 01,216,512 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/08/13 10:32:07 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/08/13 10:32:07 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/08/13 10:32:07 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/08/13 10:32:07 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2008/03/08 16:03:52 | 00,013,940 | ---- | C] () -- C:\WINDOWS\ePrompter.ini
[2008/03/06 12:05:42 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/03/03 11:49:01 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2008/03/03 11:48:58 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2008/03/03 11:48:55 | 00,134,699 | ---- | C] () -- C:\WINDOWS\Cmuda.ini
[2008/03/03 11:48:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2008/03/03 11:48:54 | 00,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2008/03/02 05:52:44 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/03/02 05:52:43 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/03/02 05:52:43 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/02/24 22:40:58 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/02/24 22:40:58 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\rian\Application Data\PnkBstrK.sys
[2008/02/24 22:40:28 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/02/23 16:25:17 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008/02/05 21:55:47 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/01/30 12:10:46 | 00,274,432 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2007/12/04 21:41:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/10/31 05:39:54 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/10/08 16:17:06 | 00,068,560 | ---- | C] () -- C:\Documents and Settings\rian\Application Data\GDIPFONTCACHEV1.DAT
[2007/09/17 23:52:03 | 01,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2007/09/14 14:43:03 | 00,000,520 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2007/05/17 09:58:10 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/04/28 06:02:16 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/04/18 15:52:21 | 00,000,110 | ---- | C] () -- C:\WINDOWS\Sansa Media Converter.INI
[2007/04/03 16:10:21 | 00,299,288 | ---- | C] () -- C:\Program Files\GmailInstaller.exe
[2007/03/28 10:30:40 | 00,001,024 | ---- | C] () -- C:\Documents and Settings\rian\Application Data\WavCodec.wff
[2007/01/26 17:47:45 | 00,645,670 | ---- | C] () -- C:\Program Files\uTorrent-1.6-install.exe
[2007/01/14 16:23:01 | 00,000,044 | ---- | C] () -- C:\WINDOWS\aGuitarPro2.ini
[2007/01/06 04:50:25 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/11/18 15:28:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/10/29 07:55:44 | 00,000,102 | ---- | C] () -- C:\WINDOWS\smi.ini
[2006/06/29 09:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 09:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/06/02 14:15:44 | 00,294,912 | ---- | C] () -- C:\WINDOWS\System32\LDecVorbis.dll
[2006/04/22 11:57:51 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/04/18 10:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 10:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/03/08 23:09:12 | 00,393,392 | ---- | C] () -- C:\Program Files\aswclnr.exe
[2006/03/06 00:21:24 | 00,002,148 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/04 05:27:35 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/03/04 00:33:59 | 03,160,664 | ---- | C] () -- C:\Program Files\caaim55.exe
[2006/02/25 01:15:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/02/25 01:14:22 | 15,943,544 | ---- | C] () -- C:\Program Files\WinProxy.exe
[2006/02/24 00:41:59 | 00,438,272 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/02/24 00:41:59 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2006/02/23 08:36:20 | 01,798,144 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2006/02/23 08:36:20 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\LMOggSpl.dll
[2006/02/23 08:36:20 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\LMOggMux.dll
[2006/01/17 18:53:09 | 48,376,504 | ---- | C] () -- C:\Program Files\flstudio608_install.exe
[2005/12/29 21:35:21 | 00,000,382 | ---- | C] () -- C:\Documents and Settings\rian\Application Data\wklnhst.dat
[2005/12/28 06:28:04 | 00,084,512 | ---- | C] () -- C:\Documents and Settings\rian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/12/27 16:16:02 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\rian\Application Data\desktop.ini
[2005/12/27 16:16:00 | 00,205,824 | ---- | C] () -- C:\Documents and Settings\rian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/27 16:16:00 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\rian\Local Settings\Application Data\fusioncache.dat
[2005/09/09 08:37:03 | 00,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/09/09 07:00:46 | 00,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2005/09/09 07:00:46 | 00,049,152 | ---- | C] () -- C:\WINDOWS\CNYUSB.dll
[2005/09/09 07:00:46 | 00,024,576 | ---- | C] () -- C:\WINDOWS\HKCYDLL.dll
[2005/09/09 07:00:46 | 00,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2005/09/09 07:00:46 | 00,000,360 | ---- | C] () -- C:\WINDOWS\CNYHKey.ini
[2005/09/08 14:46:11 | 00,005,018 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/09/08 14:46:11 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\02836ADAB6.sys
[2005/08/29 08:15:32 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/26 16:55:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/26 16:50:40 | 00,000,873 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/26 16:50:12 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/26 09:38:26 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/08/26 07:32:29 | 00,000,868 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/26 07:32:08 | 00,000,826 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/26 07:32:07 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 10:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/15 13:08:09 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/07/15 13:08:09 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/07/15 13:08:09 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/07/15 13:08:09 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/07/15 13:08:04 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2002/06/05 11:43:58 | 00,282,112 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll
[2001/08/23 11:00:00 | 00,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1996/04/03 11:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2009/03/14 06:38:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/03/14 05:57:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2006/03/09 12:48:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA30.tmp
[2007/01/05 18:10:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2007/03/28 10:08:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/11/08 16:02:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2008/11/04 04:35:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/10/15 19:31:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/11/12 06:10:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/02/28 19:17:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2008/10/10 17:13:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2006/06/27 21:10:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\.gaim
[2006/03/04 00:44:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Aim
[2007/01/26 15:58:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Azureus
[2007/01/23 06:08:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\BitTorrent
[2007/09/05 13:07:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\BonkEnc
[2007/05/16 15:03:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Cakewalk
[2007/09/17 23:51:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\GetRightToGo
[2007/04/18 17:54:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\iShell
[2005/12/29 23:51:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Leadertech
[2006/03/25 18:46:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Movie Outline
[2007/02/28 19:43:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\MSNInstaller
[2005/09/08 14:25:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Musicmatch
[2006/02/25 00:56:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\My Battle for Middle-earth Files
[2007/03/28 10:09:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\NCH Swift Sound
[2008/10/17 13:08:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\OpenOffice.org
[2006/05/26 13:35:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Opera
[2007/03/28 10:08:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\RecordPad
[2007/11/13 14:49:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Registry Booster
[2008/11/01 05:22:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\SanDisk
[2008/10/17 13:39:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\ScanSoft
[2006/04/07 14:17:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Seven Zip
[2008/11/25 17:58:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Sony
[2006/01/31 15:38:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Template
[2009/03/14 06:19:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Uniblue
[2009/11/11 20:38:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\uTorrent
[2008/01/12 00:32:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\Viewpoint
[2008/10/15 11:50:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\WinPatrol
[2009/11/02 16:12:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\rian\Application Data\YouSendIt
[2004/08/10 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/12 04:25:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/11/12 06:32:24 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{616B6437-357A-4108-9B1C-68464B844E56}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2001/05/24 07:59:30 | 00,162,304 | ---- | M] () -- C:\UNWISE.EXE
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/10 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/10 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/10 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/10 04:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
========== Alternate Data Streams ==========
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B174FAE
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
< End of report >
OTL EXTRAS:
OTL Extras logfile created on: 12/11/2009 6:37:05 AM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Program Files\HIJACKTHIS
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
1023.48 Mb Total Physical Memory | 319.66 Mb Available Physical Memory | 31.23% Memory free
2.40 Gb Paging File | 1.84 Gb Available in Paging File | 76.73% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 330.34 Gb Total Space | 1.70 Gb Free Space | 0.52% Space Free | Partition Type: NTFS
Drive D: | 5.00 Gb Total Space | 0.67 Gb Free Space | 13.41% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MAIN
Current User Name: rian
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"56363:TCP" = 56363:TCP:*:Disabled:Pando P2P TCP Listening Port
"56363:UDP" = 56363:UDP:*:Disabled:Pando P2P UDP Listening Port
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"56276:TCP" = 56276:TCP:*:Disabled:Pando P2P TCP Listening Port
"56276:UDP" = 56276:UDP:*:Disabled:Pando P2P UDP Listening Port
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot
"1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\AOL 9.0\AOL.exe" = C:\Program Files\AOL 9.0\AOL.exe:*:enabled:AOL 9.0 -- File not found
"C:\Program Files\AOL 9.0\WAOL.exe" = C:\Program Files\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0 -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLACSD.exe" = C:\Program Files\Common Files\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service) -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDIAL.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer) -- File not found
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat" = C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat:*:Enabled:The Battle for Middle-earth ™ -- ()
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Blue Coat Systems\WinProxy 6\WinProxy.exe" = C:\Program Files\Blue Coat Systems\WinProxy 6\WinProxy.exe:*:Enabled:WinProxy Application -- File not found
"C:\Program Files\Messenger\Msmsgs.exe" = C:\Program Files\Messenger\Msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\crap\K-litePro\k-litepro.exe" = C:\Program Files\crap\K-litePro\k-litepro.exe:*:Enabled:K-litePro Ultimate File Sharing -- File not found
"C:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe" = C:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe:*:Enabled:dndclient -- File not found
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- File not found
"C:\Softimage\XSI_6.01\Application\bin\XSI.exe" = C:\Softimage\XSI_6.01\Application\bin\XSI.exe:*:Enabled:XSI -- (Softimage Co.)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\Program Files\AOL 9.0\AOL.exe" = C:\Program Files\AOL 9.0\AOL.exe:*:Disabled:AOL 9.0 -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDIAL.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDIAL.exe:*:Disabled:AOL 9.0 (Connectivity Service Dialer) -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLACSD.exe" = C:\Program Files\Common Files\AOL\ACS\AOLACSD.exe:*:Disabled:AOL 9.0 (Connectivity Service) -- File not found
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Disabled:Azureus -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- File not found
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Disabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Morpheus\Morpheus.exe" = C:\Program Files\Morpheus\Morpheus.exe:*:Disabled:Morpheus -- File not found
"C:\Program Files\Pando Networks\Pando\pando.exe" = C:\Program Files\Pando Networks\Pando\pando.exe:*:Disabled:Pando Application -- File not found
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver -- File not found
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Disabled:SopCast Main Application -- File not found
"C:\Program Files\SopCast\sopvod.exe" = C:\Program Files\SopCast\sopvod.exe:*:Disabled:sopvod -- File not found
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Disabled:TVUPlayer Component -- File not found
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\Airlink101\Airlink101 Cardbus & PCI Wireless LAN Utility\RtWLan.exe" = C:\Program Files\Airlink101\Airlink101 Cardbus & PCI Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan -- File not found
"C:\Program Files\AOL 9.0\WAOL.exe" = C:\Program Files\AOL 9.0\WAOL.exe:*:Disabled:AOL 9.0 -- File not found
"C:\Documents and Settings\rian\Local Settings\Temp\WZSE0.TMP\SymNRT.exe" = C:\Documents and Settings\rian\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Disabled:Norton Removal Tool -- File not found
"C:\Program Files\D-Link\DWA-130\D-Link Wizard.exe" = C:\Program Files\D-Link\DWA-130\D-Link Wizard.exe:*:Enabled:Connection Wizard -- ()
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AB149EB-2AE0-466C-9BA4-3A718CF06432}" = Information about your PC
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A9B719B-DD54-4565-A6A8-B27C26F8338F}" = SOFTIMAGE XSI 6.01
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E10E7FC-36CD-4C22-AC20-9E15692E8C2F}" = Virtual Sound Canvas DXi
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AA86B66-4232-4CCA-9530-51B991301376}" = D-Link Wireless N DWA-130
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D9B77E1-0078-0001-4447-ADD4C0A93D1D}" = Sansa Media Converter
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8419C98D-6818-443B-9362-156519FE4C6B}" = Windows Messenger 5.1
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}" = MobileMe Control Panel
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{962E05CF-3394-496D-0091-850CF1762F6B}" = The Battle for Middle-earth ™
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB19A235-66D4-47F7-9904-BAF84ED25BB6}" = ImageMixer3
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CD8C45CE-882F-49E1-AC72-784943AFF7EB}" = Phanku eTaxCanada 2008
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1955A3A-EA24-4682-8641-43B5B688B09A}" = USB Wireless Keyboard Driver
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2975B11-82F4-47D9-A0AC-99E36A0E9ECB}" = SOFTIMAGE Softimage License Server 1.1.11.1414
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0472857-5706-4248-978B-C04DCCAD9E47}" = SOFTIMAGE XSI 6.01
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F25B14A1-3863-41B6-9F8A-931DECA6D384}" = D-Link Wireless N DWA-130
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FE24D361-A3E8-11DE-88F3-005056806466}" = Google Earth Plug-in
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"avast!" = avast! Antivirus
"AVS Video Tools 5.1_is1" = AVS Video Tools 5.1
"AVSDiscCreator_is1" = AVS Disc Creator version 2.1
"C-Media Audio" = C-Media 3D Audio
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Decrypter" = DVD Decrypter (Remove Only)
"dvdSanta 4.50 - Make your own DVD movies!_is1" = dvdSanta 4.50
"ERUNT_is1" = ERUNT 1.1j
"FL Studio 6" = FL Studio 6
"FREE Hi-Q Recorder_is1" = FREE Hi-Q Recorder 1.92
"Google Updater" = Google Updater
"GTK 2.0" = GTK+ Runtime 2.6.9 rev a (remove only)
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InFlac" = InFlac 1.1.1
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.8.0 Standard
"MagicDisc 2.6.93" = MagicDisc 2.6.93
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectDock" = ObjectDock
"RealPlayer 6.0" = RealPlayer
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"SONAR 3 Producer Edition" = SONAR 3 Producer Edition
"SpeedUpMyPC_is1" = Uniblue SpeedUpMyPC 3
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SubDownloader2" = SubDownloader2
"SystemRequirementsLab" = System Requirements Lab
"UltimateZip 3.0_is1" = UltimateZip 3.0.3
"Veoh Web Player Beta" = Veoh Web Player Beta
"VLC media player" = VideoLAN VLC media player 0.8.6e
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sansa Updater" = Sansa Updater
"uTorrent" = µTorrent
"WeatherEye" = WeatherEye
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 07/11/2009 5:26:17 PM | Computer Name = MAIN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://clients1.goog...?...cavit&cp=13 failed,
0000A413.
Error - 07/11/2009 7:31:46 PM | Computer Name = MAIN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://clients1.goog...ch?...n du&cp=8 failed, 0000A413.
Error - 08/11/2009 10:24:01 PM | Computer Name = MAIN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://clients1.goog...ch?...v t&cp=13 failed,
0000A413.
[ Application Events ]
Error - 22/05/2008 4:36:16 PM | Computer Name = YOUR-290D819666 | Source = nview_info | ID = 11141121
Description =
Error - 22/05/2008 4:36:16 PM | Computer Name = YOUR-290D819666 | Source = nview_info | ID = 11141121
Description =
Error - 22/05/2008 4:36:16 PM | Computer Name = YOUR-290D819666 | Source = nview_info | ID = 11141121
Description =
Error - 22/05/2008 4:36:16 PM | Computer Name = YOUR-290D819666 | Source = nview_info | ID = 11141121
Description =
Error - 22/05/2008 4:36:16 PM | Computer Name = YOUR-290D819666 | Source = nview_info | ID = 11141121
Description =
Error - 22/05/2008 4:36:16 PM | Computer Name = YOUR-290D819666 | Source = nview_info | ID = 11141121
Description =
Error - 22/05/2008 4:36:16 PM | Computer Name = YOUR-290D819666 | Source = nview_info | ID = 11141121
Description =
Error - 22/05/2008 4:36:16 PM | Computer Name = YOUR-290D819666 | Source = nview_info | ID = 11141121
Description =
Error - 22/05/2008 4:36:16 PM | Computer Name = YOUR-290D819666 | Source = nview_info | ID = 11141121
Description =
Error - 22/05/2008 4:36:16 PM | Computer Name = YOUR-290D819666 | Source = nview_info | ID = 11141121
Description =
[ System Events ]
Error - 25/06/2008 7:10:59 AM | Computer Name = YOUR-290D819666 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 25/06/2008 7:10:59 AM | Computer Name = YOUR-290D819666 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 01/07/2008 3:34:57 PM | Computer Name = YOUR-290D819666 | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.
Error - 02/07/2008 4:58:28 PM | Computer Name = YOUR-290D819666 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.
Error - 05/07/2008 5:20:18 PM | Computer Name = YOUR-290D819666 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.
Error - 08/07/2008 3:56:22 PM | Computer Name = YOUR-290D819666 | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x80070057.
Error - 14/07/2008 2:46:49 PM | Computer Name = YOUR-290D819666 | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.
Error - 23/07/2008 5:39:15 PM | Computer Name = YOUR-290D819666 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 23/07/2008 5:39:15 PM | Computer Name = YOUR-290D819666 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 25/07/2008 12:25:49 PM | Computer Name = YOUR-290D819666 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.
< End of report >
Sign In
Create Account
