Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan, Malware, HELP PLEASE

Started by RecruiiTZ , Nov 15 2009 08:53 AM

  • Please log in to reply

#1
RecruiiTZ
Posted 15 November 2009 - 08:53 AM

RecruiiTZ

    New Member

  • Member
  • Pip
  • 2 posts
A few months ago I used Malwarebytes' Anti-Malware to scan my computer after my Steam account was hacked. It found a backdoor.bot in the C:\System Volume Information. I cannot be exact because when I tried opening it this morning, Malwarebytes' Anti-Malware it gives me a run time error.

Just last night I scanned again and found some type of trojan, two of them to be exact. So I quarantined those. The reason I'm telling you all this is to see if it has anything to do with what just happened when I booted up. Right when I turned on the computer and I could see the desktop it said that My Documents cannot be found (whether it got its named changed, etc.). Also my AVG Anti-Virus (Free Edition), was turned off for some reason.

So, can anyone help me with removing all these problems I'm having with viruses, malware, and anything else it may be.

These are the logs that wannabe1 told me to post in my other topic.

Report from ROOTREPEAL:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/15 09:46
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xADF65000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==

Report from OTL:

OTL logfile created on: 11/15/2009 9:48:14 AM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\owner\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 95.63% Memory free
4.00 Gb Paging File | 3.93 Gb Available in Paging File | 98.19% Paging File free
Paging file location(s): C:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 35.51 Gb Free Space | 47.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MATTSCOMPUTER
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/15 09:46:50 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\My Documents\Downloads\OTL.exe
PRC - [2009/11/12 16:34:38 | 02,020,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/11/12 16:34:36 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/09 01:43:49 | 00,910,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3.6 Beta 2\firefox.exe
PRC - [2009/10/24 14:49:18 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/24 14:49:08 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/04/14 04:42:42 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/14 04:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2009/11/15 09:46:50 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\My Documents\Downloads\OTL.exe
MOD - [2008/04/14 04:42:52 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 04:41:54 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (gupdate)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/24 14:49:09 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/10/24 14:49:08 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/21 10:42:04 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009/07/21 09:40:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/14 04:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/03/03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/05/20 10:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE -- (HP Port Resolver)
SRV - [2004/10/16 05:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE -- (HP Status Server)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6b2

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/07 15:07:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/03 12:48:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/09 19:37:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b2\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 2\components [2009/11/14 17:58:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 2\plugins [2009/11/14 17:58:11 | 00,000,000 | ---D | M]

[2009/11/14 17:59:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions
[2009/11/14 17:59:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/15 09:37:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\mtgfoqgv.default\extensions
[2009/11/14 18:11:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\mtgfoqgv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/15 09:37:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\mtgfoqgv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/11/14 19:46:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\mtgfoqgv.default\extensions\[email protected]
[2009/11/15 09:37:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\mtgfoqgv.default\extensions\staged-xpis
[2009/11/12 20:49:53 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/14 00:11:21 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/06/03 12:48:31 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/06/03 12:48:10 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/02/06 11:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/02/27 11:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/09/12 20:13:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/09/12 20:13:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/09/12 20:13:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/09/12 20:13:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/09/12 20:13:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/09/12 20:13:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/09/12 20:13:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Documents and Settings\owner\Desktop\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1219871090671 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} http://messenger.zon...ss.cab57176.cab (ZoneChess Object)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/27 09:46:21 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5e9ad12d-a650-11dd-b8ec-00156050e6ff}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O33 - MountPoints2\{9564dfba-746d-11dd-aa20-e5658c1b2368}\Shell - "" = AutoRun
O33 - MountPoints2\{9564dfba-746d-11dd-aa20-e5658c1b2368}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9564dfba-746d-11dd-aa20-e5658c1b2368}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/08/27 09:45:55 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/15 09:43:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/15 09:43:19 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/15 09:24:39 | 00,339,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\TFC.exe
[2009/11/14 22:46:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\My Documents\CamStudio.2.5.b1.bin
[2009/11/14 22:36:05 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/14 22:36:03 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/14 22:36:03 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/14 17:58:11 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 3.6 Beta 2
[2009/11/14 15:41:37 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009/11/13 17:09:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2009/11/13 17:01:31 | 00,000,000 | ---D | C] -- C:\Nexon
[2009/11/10 18:14:08 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/11/10 18:14:04 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/11/08 18:45:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/11/07 10:55:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\My Documents\Eyetoy
[2009/11/03 17:02:04 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[1 C:\Documents and Settings\owner\*.tmp files -> C:\Documents and Settings\owner\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/15 09:43:19 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\NTREGOPT.lnk
[2009/11/15 09:43:19 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\ERUNT.lnk
[2009/11/15 09:42:00 | 00,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/15 09:24:39 | 00,339,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\TFC.exe
[2009/11/15 09:16:53 | 45,159,593 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/15 09:16:51 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/15 09:16:51 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/15 09:16:51 | 00,092,923 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/15 09:05:06 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/15 09:04:28 | 00,500,104 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/15 09:04:28 | 00,426,400 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/15 09:04:28 | 00,065,284 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/15 09:01:03 | 18,612,224 | ---- | M] () -- C:\Documents and Settings\owner\ntuser.dat
[2009/11/15 09:00:28 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/15 08:59:57 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/15 08:59:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/15 08:59:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/15 00:10:47 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\owner\ntuser.ini
[2009/11/15 00:10:28 | 12,239,868 | -H-- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\IconCache.db
[2009/11/14 22:45:10 | 00,002,145 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Steam.lnk
[2009/11/14 22:42:26 | 00,012,288 | ---- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/14 21:44:24 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{05B1EF5C-25BE-41F1-93C7-E176BFD2BAEE}.job
[2009/11/14 17:58:15 | 00,001,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox 3.6 Beta 2.lnk
[2009/11/14 16:35:49 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/11 20:48:17 | 00,000,808 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/11 09:34:41 | 02,248,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/09 16:39:22 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/07 18:39:16 | 00,000,956 | ---- | M] () -- C:\Documents and Settings\owner\bin.lnk
[2009/11/04 07:49:10 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\Documents and Settings\owner\*.tmp files -> C:\Documents and Settings\owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/15 09:43:19 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\NTREGOPT.lnk
[2009/11/15 09:43:19 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\ERUNT.lnk
[2009/11/14 22:36:07 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/14 17:58:15 | 00,001,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox 3.6 Beta 2.lnk
[2009/11/10 18:14:54 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/08/03 18:42:06 | 00,000,081 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\RSBot Accounts.ini
[2009/06/19 17:10:58 | 00,000,153 | ---- | C] () -- C:\WINDOWS\cavscan.INI
[2009/06/12 00:03:22 | 00,000,110 | ---- | C] () -- C:\WINDOWS\GMouse.ini
[2009/05/14 15:50:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2009/04/18 18:01:07 | 00,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/03/13 19:35:55 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\PnkBstrK.sys
[2009/03/09 15:47:21 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/03/07 14:00:28 | 00,000,333 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\burnaware.ini
[2009/02/25 19:01:42 | 00,000,161 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/02/25 19:01:21 | 00,000,735 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/02/25 18:57:14 | 00,001,727 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/02/11 16:56:08 | 00,100,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\VBoxDrv.sys
[2008/12/30 16:19:09 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/12/25 11:46:15 | 00,012,288 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/27 17:17:30 | 00,035,680 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/08/27 10:22:34 | 12,239,868 | -H-- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\IconCache.db
[2008/08/27 09:54:26 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\owner\Application Data\desktop.ini
[2008/08/27 05:37:40 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/05/19 18:28:36 | 00,000,002 | ---- | C] () -- C:\WINDOWS\System32\RA.ini
[2006/12/31 19:00:00 | 00,000,808 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/12/31 19:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2001/07/07 03:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/11/08 18:45:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/08/30 13:58:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/10/24 14:49:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/04/26 09:17:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2009/08/03 20:45:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/11/13 17:09:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2009/02/07 14:36:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/08/30 19:10:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/07/26 15:58:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screaming Bee
[2009/06/26 14:39:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/03/16 19:32:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/19 16:13:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2009/03/27 16:03:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/03/13 22:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\uklpr
[2009/08/23 15:46:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/14 00:22:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/27 16:02:58 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/09/12 20:15:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/10 15:28:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/25 20:56:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\.purple
[2009/03/09 15:47:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\ATI
[2009/03/08 09:59:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Audacity
[2009/03/24 14:10:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\com.adobe.ExMan
[2009/02/21 20:07:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Feedreader
[2009/06/17 18:42:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\FileZilla
[2009/03/07 14:50:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Gamelab
[2009/04/18 20:51:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\GetRightToGo
[2009/11/07 18:31:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\godzHell
[2009/08/12 07:18:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\gtk-2.0
[2009/03/13 19:40:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\id Software
[2009/03/15 15:15:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\IObit
[2009/06/21 21:36:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\LogMeIn Rescue
[2009/07/11 15:25:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Nettalk
[2009/06/17 14:51:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Notepad++
[2008/12/25 09:22:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\OpenOffice.org
[2009/03/28 12:12:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Participatory Culture Foundation
[2009/03/28 12:21:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\PCF-VLC
[2009/07/26 15:58:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Screaming Bee
[2009/06/21 22:39:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\TeamViewer
[2009/09/06 09:38:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\The Creative Assembly
[2009/03/01 15:10:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Thunderbird
[2009/06/26 20:48:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Trillian
[2009/03/27 16:03:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\TuneUp Software
[2009/09/06 12:13:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\ViGlance
[2009/09/06 12:16:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\ViStart
[2008/12/26 17:01:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\WeGame
[2008/12/25 14:43:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\WinFF
[2006/12/31 19:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/12 20:31:17 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Minesweeper.job
[2009/11/15 08:59:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/11/14 21:44:24 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{05B1EF5C-25BE-41F1-93C7-E176BFD2BAEE}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2008/04/14 04:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2008/04/14 04:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2008/04/14 04:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2008/04/13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008/04/13 23:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 23:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:E90B3B1282958823
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F0FFA06
< End of report >


Report from OTL Extras:

OTL Extras logfile created on: 11/15/2009 9:48:14 AM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\owner\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 95.63% Memory free
4.00 Gb Paging File | 3.93 Gb Available in Paging File | 98.19% Paging File free
Paging file location(s): C:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 35.51 Gb Free Space | 47.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MATTSCOMPUTER
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3.6 Beta 2\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"43594:TCP" = 43594:TCP:*:Enabled:runescape private server
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\xxmattxx123\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\xxmattxx123\team fortress 2\hl2.exe:*:Enabled:hl2 -- File not found
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"D:\setup\HPZNET01.EXE" = D:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe -- File not found
"D:\setup\HPONICIFS01.EXE" = D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- File not found
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\Program Files\Adobe\Adobe Flash CS4\Flash.exe" = C:\Program Files\Adobe\Adobe Flash CS4\Flash.exe:*:Enabled:Adobe Flash CS4 -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Participatory Culture Foundation\Miro\Miro_Downloader.exe" = C:\Program Files\Participatory Culture Foundation\Miro\Miro_Downloader.exe:*:Enabled:Miro_Downloader -- File not found
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Program Files\Steam\steamapps\xxmattxx123\counter-strike source\hl2.exe" = C:\Program Files\Steam\steamapps\xxmattxx123\counter-strike source\hl2.exe:*:Enabled:hl2 -- File not found
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jdk1.6.0_13\bin\java.exe" = C:\Program Files\Java\jdk1.6.0_13\bin\java.exe:*:Enabled:Java™ Platform SE binary -- File not found
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe" = C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- File not found
"C:\Documents and Settings\owner\Desktop\SteamStats.exe" = C:\Documents and Settings\owner\Desktop\SteamStats.exe:*:Enabled:SteamStats -- File not found
"C:\Documents and Settings\owner\Desktop\Idler\SteamStats.exe" = C:\Documents and Settings\owner\Desktop\Idler\SteamStats.exe:*:Enabled:SteamStats -- File not found
"C:\Program Files\Counter-Strike 1.6\hl.exe" = C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Documents and Settings\owner\Desktop\Steam Games\TF2\Idler\SteamStats.exe" = C:\Documents and Settings\owner\Desktop\Steam Games\TF2\Idler\SteamStats.exe:*:Enabled:SteamStats -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- File not found
"C:\Program Files\Valve\hl.exe" = C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Program Files\Steam\steamapps\xxmattxx123\day of defeat source\hl2.exe" = C:\Program Files\Steam\steamapps\xxmattxx123\day of defeat source\hl2.exe:*:Enabled:hl2 -- File not found
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Program Files\Pidgin\pidgin.exe" = C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin -- File not found
"C:\Program Files\Steam\steamapps\epiidemiik\half-life 2 deathmatch\hl2.exe" = C:\Program Files\Steam\steamapps\epiidemiik\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.)
"C:\Program Files\Steam\steamapps\epiidemiik\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\epiidemiik\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- File not found
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Documents and Settings\owner\Desktop\Games\Left 4 Dead\left4dead.exe" = C:\Documents and Settings\owner\Desktop\Games\Left 4 Dead\left4dead.exe:*:Enabled:left4dead -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Steam\steamapps\pittsburgh867\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\pittsburgh867\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe:*:Enabled:left4dead2 -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0893078B-8A9A-84D6-D393-119B9B0B033A}" = CCC Help French
"{0E2A60F7-2907-5718-FF16-7D8FAF70051E}" = CCC Help Chinese Standard
"{10738BAA-C24D-5D0F-87FF-2CD559C7F515}" = CCC Help English
"{14FAE013-AE19-4FC9-B5BF-E56ADC01ECE6}" = CCC Help Turkish
"{17BB2784-6EE4-D7FF-FE63-58A3AD2B3708}" = CCC Help Russian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{233588CF-96D5-46AF-EF74-7EC382662791}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{2C98995F-76EF-0D6C-E94D-EBAA3056C2B2}" = Catalyst Control Center Graphics Previews Common
"{3260ECBC-9DDF-E7A3-0863-449473BC7BD5}" = CCC Help Chinese Traditional
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39C6C229-CFFD-639E-229A-E463FCD87478}" = CCC Help German
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{455875EB-92E1-DAD0-AA17-EFB4C5BE9140}" = ccc-core-preinstall
"{4CE5EEC7-FF28-72DE-D997-0F55715B6B56}" = Catalyst Control Center Graphics Full New
"{4E304114-DD15-41F5-6759-E9FC28D4564D}" = Catalyst Control Center Graphics Light
"{4F11FC80-CE8C-1BD4-5C39-EBE5744E5135}" = CCC Help Portuguese
"{4FAB2BA7-E16C-95D2-F326-60A68409373F}" = Catalyst Control Center HydraVision Full
"{529AA9A8-5020-6CFB-A809-BC5943C87077}" = CCC Help Thai
"{53604297-26FD-516D-6FF7-1063BA64A0A4}" = Catalyst Control Center Graphics Light
"{5487643D-AE39-3A71-709E-624F12E7CF8D}" = Catalyst Control Center Core Implementation
"{55BD3B0B-F054-9341-514F-295A5F7EA450}" = CCC Help Spanish
"{5A4FA9C8-ED56-08C3-153B-FC5C19256290}" = CCC Help Dutch
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C390D51-E5F0-4FCD-24C4-731ACAF34571}" = CCC Help Japanese
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AA8FA9A-1656-7DBD-633B-FE7A62BBED0C}" = CCC Help Czech
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8C22131B-8634-CECF-F0D1-A2ECC160B450}" = CCC Help Norwegian
"{90FBE4D0-2ACA-A8A8-2CC4-CFFBAE528504}" = CCC Help Finnish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D74375E-3012-E7D2-9229-B220C91F326A}" = Catalyst Control Center Core Implementation
"{9EE8BDCA-7505-4895-D91E-8108DD16292E}" = CCC Help English
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8AF8BD3-61B5-7945-4D1B-217421F604FC}" = CCC Help Hungarian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA46E1C5-A709-6D9B-D99D-92E4C6E042A9}" = CCC Help Korean
"{AA62A33C-9E5E-3913-7D88-7E58A8CB1493}" = CCC Help Greek
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B653F643-A1B4-9936-2DB6-FEA9A3110D8D}" = ccc-core-preinstall
"{B71C4637-0247-78CE-6A3D-D61645CB8921}" = ccc-utility
"{B72A712B-75E7-CA19-4DAA-BB34900829F4}" = ccc-core-static
"{BC2E7C0B-1AC6-5F6C-F31D-E1E72D8E0B5C}" = CCC Help Danish
"{BCF98F45-C1B6-1FCB-CEDE-3BD048FF03B8}" = Catalyst Control Center Graphics Full Existing
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BF8C7DA7-2DE6-ED67-6C82-6BE82F8BA8D3}" = Catalyst Control Center Graphics Full New
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C409F338-BB20-6C4A-F40D-20CA07AF714C}" = CCC Help Polish
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D4B7B2DC-E688-A9D6-6EC0-56AE540E074C}" = Catalyst Control Center Localization All
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D9CD701B-3F04-FC69-D974-F3A7F5E9BA30}" = CCC Help Swedish
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{E213321B-1E88-B38D-DAB2-D8CB9355984A}" = Skins
"{E56E075F-A030-F44A-AF17-51643A64C853}" = ccc-utility
"{E6AB8441-1CCF-C686-BAB8-F7326B75774A}" = Skins
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F4148D8F-ED3A-3097-509C-04D5560220F9}" = ccc-core-static
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7E68997-E626-952B-A7BF-F72066CD5D77}" = Catalyst Control Center Graphics Previews Common
"{FA36C82B-464D-51F2-A6A1-0BC9140BE067}" = CCC Help Italian
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom NetXtreme Ethernet Controller
"{FCC41976-0521-73F0-0A06-83292B9FC7AA}" = Catalyst Control Center HydraVision Full
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"Combat Arms" = Combat Arms
"D-Link VGA Webcam" = D-Link VGA Webcam
"ERUNT_is1" = ERUNT 1.1j
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6b2)" = Mozilla Firefox (3.6b2)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/31/2009 11:31:09 PM | Computer Name = WILLIAM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/31/2009 11:54:09 PM | Computer Name = WILLIAM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/31/2009 11:54:09 PM | Computer Name = WILLIAM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/1/2009 1:06:09 AM | Computer Name = WILLIAM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/1/2009 1:06:09 AM | Computer Name = WILLIAM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/1/2009 1:42:08 AM | Computer Name = WILLIAM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/1/2009 1:42:08 AM | Computer Name = WILLIAM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/1/2009 11:03:35 AM | Computer Name = WILLIAM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/1/2009 11:03:35 AM | Computer Name = WILLIAM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/1/2009 11:03:35 AM | Computer Name = WILLIAM | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 11/15/2009 12:47:08 AM | Computer Name = MATTSCOMPUTER | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 11/15/2009 10:00:25 AM | Computer Name = MATTSCOMPUTER | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 11/15/2009 10:00:25 AM | Computer Name = MATTSCOMPUTER | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%3

Error - 11/15/2009 10:00:25 AM | Computer Name = MATTSCOMPUTER | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 11/15/2009 10:24:47 AM | Computer Name = MATTSCOMPUTER | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/15/2009 10:24:47 AM | Computer Name = MATTSCOMPUTER | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 11/15/2009 10:24:48 AM | Computer Name = MATTSCOMPUTER | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/15/2009 10:24:48 AM | Computer Name = MATTSCOMPUTER | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/15/2009 10:24:48 AM | Computer Name = MATTSCOMPUTER | Source = Service Control Manager | ID = 7031
Description = The AVG Free WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 11/15/2009 10:24:48 AM | Computer Name = MATTSCOMPUTER | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).


< End of report >


In advance, thanks for trying to help/helping :)
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP