[cazpahdagost]

Hi, I was using Google and doing a search when my Firefox crashed. I restarted my computer and was met with a green wallpaper which said, "Your System is Infected". I've seen that others who have had this same problem as me have come here and been helped. I would greatly appreciate if someone could help me as well.

Thank you.

I apologize for the hasty post.

I updated my Malwarebytes and it found eight infections when previously it had found none. I had Malwarebytes fix the prblems and restarted my computer. Once loaded the green wallpaper saying, "Your System is Infected" was gone. Is there any system checks I can run to make sure the virus is completely gone?

By the way, here is my Malwarebytes log:

Malwarebytes' Anti-Malware 1.44
Database version: 3579
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

1/16/2010 4:40:37 PM
mbam-log-2010-01-16 (16-40-37).txt

Scan type: Quick Scan
Objects scanned: 159882
Time elapsed: 9 minute(s), 28 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Winlogon32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACowyjalcqps.db (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\IS15.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Edited by ldtate, 16 January 2010 - 04:11 PM.

[Advertisements]

GMER Report:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-16 18:42:20
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\CAZPAH~1\LOCALS~1\Temp\uwtdqpoc.sys


---- System - GMER 1.0.15 ----

SSDT A13C337E ZwCreateKey
SSDT A13C3374 ZwCreateThread
SSDT A13C3383 ZwDeleteKey
SSDT A13C338D ZwDeleteValueKey
SSDT spyg.sys ZwEnumerateKey [0xF7401DA4]
SSDT spyg.sys ZwEnumerateValueKey [0xF7402132]
SSDT A13C3392 ZwLoadKey
SSDT spyg.sys ZwOpenKey [0xF73E90C0]
SSDT A13C3360 ZwOpenProcess
SSDT A13C3365 ZwOpenThread
SSDT spyg.sys ZwQueryKey [0xF740220A]
SSDT spyg.sys ZwQueryValueKey [0xF740208A]
SSDT A13C339C ZwReplaceKey
SSDT A13C3397 ZwRestoreKey
SSDT A13C3388 ZwSetValueKey
SSDT A13C336F ZwTerminateProcess
SSDT A13C336A ZwWriteVirtualMemory

INT 0x62 ? 867DBBF8
INT 0x63 ? 8676BBF8
INT 0x73 ? 867DBBF8
INT 0x82 ? 867DBBF8
INT 0x83 ? 867DBBF8
INT 0xB4 ? 8676BBF8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 867DA1F8
Device \FileSystem\Fastfat \FatCdrom 85554500

AttachedDevice \Driver\Tcpip \Device\Ip avfwot.sys (TDI filtering kernel driver/Avira GmbH)

Device \Driver\usbohci \Device\USBPDO-0 865941F8
Device \Driver\usbohci \Device\USBPDO-1 865941F8

AttachedDevice \Driver\Tcpip \Device\Tcp avfwot.sys (TDI filtering kernel driver/Avira GmbH)

Device \Driver\PCI_PNP9178 \Device\00000057 spyg.sys
Device \Driver\PCI_PNP9178 \Device\00000057 spyg.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 867DC1F8
Device \Driver\Cdrom \Device\CdRom0 86461500
Device \Driver\nvatabus \Device\00000072 867DB1F8
Device \Driver\Cdrom \Device\CdRom1 86461500
Device \Driver\nvatabus \Device\00000074 867DB1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 85601500
Device \Driver\NetBT \Device\NetbiosSmb 85601500

AttachedDevice \Driver\Tcpip \Device\Udp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice \Driver\Tcpip \Device\RawIp avfwot.sys (TDI filtering kernel driver/Avira GmbH)

Device \Driver\usbohci \Device\USBFDO-0 865941F8
Device \Driver\nvatabus \Device\NvAta0 867DB1F8
Device \Driver\usbohci \Device\USBFDO-1 865941F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 855D61F8
Device \Driver\nvatabus \Device\NvAta1 867DB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 855D61F8
Device \Driver\nvatabus \Device\NvAta2 867DB1F8
Device \Driver\Ftdisk \Device\FtControl 867DC1F8
Device \Driver\sptd \Device\3062207928 spyg.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{F6321C12-0905-46BC-AC17-3EA868F1B83C} 85601500
Device \Driver\ao74himi \Device\Scsi\ao74himi1Port3Path0Target0Lun0 864431F8
Device \Driver\ao74himi \Device\Scsi\ao74himi1 864431F8
Device \FileSystem\Fastfat \Fat 85554500

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 864931F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x14 0xAC 0xCC 0xF8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7C 0xED 0x1D 0x63 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3F 0x0A 0x7C 0xE3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x14 0xAC 0xCC 0xF8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7C 0xED 0x1D 0x63 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3F 0x0A 0x7C 0xE3 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] 84EFCFBF246BC443979F647316BF4EF65A5380E3A648DB4EEB7C6C6AB90FB1D819512CF9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C
FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3D9DB7CE019D40AA5CC038D530D6EB345290B41C6D2
476845F38B59B2F520F59CDBB046607A2246EF7EA3DE2F85E507524512C082BFDFADB418FA2C0B4AEB60F820DEA20842DBB21067B45E7526BEF2F1325
77D89C0BF6A0620F6A5C44A761B4F865D776A769DCDC14C10B0759F47B692139ACE6DC9E8D06CB3825C300F40589143C05D73B966C8DFCCC0AEFA2E0E
DDCC24EA93EE661E931ABA2317E6EA29C405A9CF1EBEE4556133F3A820427E2C03790B98E9D1FCDB4BD5378AE49F714A27F7726DE0B545B08C002BF77
5AC287F31A48E4BEF7C7B3A138B9770495ED7B9C62B98BD3C2E313F45F0B252F3C362D0D994BCD61760DB7E42278F2D98601E20EF8151499D579F8942
BC646B5A9A58590401C85E5737B51B6F34DCE9CF4C62700451F9A3EB8D4F0605345155A551B1A8D0865AF787E044CD3941A88FD6D3C79813F92109416
972F577D3A142FA400C210E47488905BFBC8FCE4E4ABF3B13E5D24CF50F5B3C84ABD7B40FDDB0BB227AF2F3BB85A64811D3976B458DBB5B40F2C7C585
9E473E459FA54A70B998A4D43E380624808701D056709CB404EC2A05
Reg HKLM\SOFTWARE\Classes\CLSID\{74099617-91C0-6CB0-475BC8650FC6C929}\{C2CB2410-92BB-FC4E-376913EB15620FA4}\{B6CDFCFD-0A38-7380-A1288DE48E078F85}
Reg HKLM\SOFTWARE\Classes\CLSID\{74099617-91C0-6CB0-475BC8650FC6C929}\{C2CB2410-92BB-FC4E-376913EB15620FA4}\{B6CDFCFD-0A38-7380-A1288DE48E078F85}@SE4K5INHHR1EDZYY15BVZC6TKG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DF771B98-AC91-34D8-F0EE49DCFFD7BEDE}\{02C90D3B-A401-D38F-0F8BFA977E327E75}\{1704AFF6-6AA2-2F70-F8B468ED602E6063}
Reg HKLM\SOFTWARE\Classes\CLSID\{DF771B98-AC91-34D8-F0EE49DCFFD7BEDE}\{02C90D3B-A401-D38F-0F8BFA977E327E75}\{1704AFF6-6AA2-2F70-F8B468ED602E6063}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...

---- EOF - GMER 1.0.15 ----



OTL TEXT:

OTL logfile created on: 1/16/2010 6:43:29 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\CazpahDaGost\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 434.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 20.67 Gb Free Space | 13.87% Space Free | Partition Type: NTFS
Drive D: | 3.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAZPAH
Current User Name: CazpahDaGost
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/16 18:42:38 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CazpahDaGost\My Documents\Downloads\OTL.exe
PRC - [2010/01/12 08:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010/01/06 18:12:58 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/30 06:57:08 | 00,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/08/11 03:55:22 | 00,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\DigiDesign\Drivers\MMERefresh.exe
PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/05/12 13:46:39 | 00,434,945 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2009/05/11 09:37:59 | 00,388,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2009/05/11 09:31:46 | 00,194,817 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/09/06 14:09:14 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2007/05/30 13:52:32 | 00,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2006/09/11 03:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2004/08/04 07:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 07:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe
PRC - [2003/09/17 09:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
PRC - [2002/11/20 18:37:46 | 00,188,416 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpofxm07.exe
PRC - [2002/11/20 18:17:20 | 00,057,344 | ---- | M] (HP) -- C:\WINDOWS\system32\hpoipm07.exe
PRC - [2002/11/20 18:09:10 | 00,294,912 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hposts07.exe
PRC - [2002/11/20 17:48:24 | 00,299,008 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpoevm07.exe
PRC - [2002/11/20 17:15:00 | 00,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe


========== Modules (SafeList) ==========

MOD - [2010/01/16 18:42:38 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CazpahDaGost\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/12 08:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/08/28 17:52:59 | 00,980,512 | ---- | M] (Emsi Software GmbH) [On_Demand | Stopped] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/08/11 03:55:22 | 00,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/18 00:40:33 | 00,189,288 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009/06/17 16:10:10 | 00,075,064 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/05/12 13:46:39 | 00,434,945 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2009/05/11 09:37:59 | 00,388,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2009/05/11 09:31:46 | 00,194,817 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2009/03/03 13:53:32 | 00,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/04/05 14:06:46 | 00,607,576 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/08/16 07:56:16 | 00,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2007/08/16 07:56:14 | 00,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2007/08/16 07:56:10 | 01,092,080 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/07/25 15:50:26 | 00,079,136 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/07/24 04:14:08 | 00,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/07/24 04:14:06 | 00,358,896 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/06/01 10:21:30 | 00,271,920 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/04/13 21:09:56 | 00,792,112 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007/02/15 12:45:36 | 00,707,344 | ---- | M] (O&O Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2007/02/02 17:34:00 | 00,520,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2007/02/02 14:55:08 | 00,446,464 | ---- | M] (ATI Technologies Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/10/26 23:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/07/25 17:03:42 | 02,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 17:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/04/03 17:12:14 | 00,014,032 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/10/17 10:54:49 | 00,002,560 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2005/09/15 16:22:39 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2005/04/29 17:18:24 | 00,131,136 | ---- | M] (NVIDIA) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2005/04/29 17:18:08 | 00,057,412 | ---- | M] (NVIDIA) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2004/11/30 10:08:56 | 00,020,543 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2000/06/26 06:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service)
SRV - [1999/12/13 09:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\PE_C_OWNER\PE_C_OWNER\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\PE_C_OWNER\PE_C_OWNER\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-854245398-1364589140-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-854245398-1364589140-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-854245398-1364589140-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKU\S-1-5-21-854245398-1364589140-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://forum.videoediting.ru/
IE - HKU\S-1-5-21-854245398-1364589140-725345543-1004\S-1-5-21-854245398-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-854245398-1364589140-725345543-1004\S-1-5-21-854245398-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:3.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7


FF - HKLM\software\mozilla\Mozilla 1.7.8\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components [2009/08/21 19:27:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.8\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2009/08/21 19:27:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/16 15:30:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/12 08:17:48 | 00,000,000 | ---D | M]

[2008/08/30 14:21:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Mozilla\Extensions
[2010/01/16 16:21:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Mozilla\Firefox\Profiles\49atvsha.default\extensions
[2007/10/19 12:49:38 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CazpahDaGost\Application Data\Mozilla\Firefox\Profiles\49atvsha.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2006/10/08 16:42:48 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CazpahDaGost\Application Data\Mozilla\Firefox\Profiles\49atvsha.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/11/22 18:08:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Mozilla\Firefox\Profiles\49atvsha.default\extensions\[email protected]
[2010/01/16 16:21:14 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/17 15:23:10 | 00,626,688 | ---- | M] (ebrary) -- C:\Program Files\Mozilla Firefox\plugins\NPInfotl.dll
[2006/09/09 21:33:53 | 00,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

O1 HOSTS File: ([2007/08/16 23:15:32 | 00,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll File not found
O3 - HKU\S-1-5-21-854245398-1364589140-725345543-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-854245398-1364589140-725345543-1004\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-854245398-1364589140-725345543-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-854245398-1364589140-725345543-1004\..\Toolbar\WebBrowser: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\DigiDesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKU\.DEFAULT..\Run: [] File not found
O4 - HKU\.DEFAULT..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe File not found
O4 - HKU\PE_C_OWNER..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe File not found
O4 - HKU\S-1-5-18..\Run: [] File not found
O4 - HKU\S-1-5-18..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe File not found
O4 - HKU\S-1-5-21-854245398-1364589140-725345543-1004..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKU\S-1-5-21-854245398-1364589140-725345543-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-854245398-1364589140-725345543-1004..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\hp instant support.lnk = C:\Program Files\Hewlett-Packard\AiO\HPis\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe (Hewlett-Packard Co.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\PE_C_OWNER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-854245398-1364589140-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll File not found
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-854245398-1364589140-725345543-1004\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-854245398-1364589140-725345543-1004\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-854245398-1364589140-725345543-1004\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} http://www.cyberlink...xp/CheckDVD.cab (ChkDVDCtl Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinn...dy/jeopardy.cab (Jeopardy Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1126828603593 (MUWebControl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bw+0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {3E7B97CA-3D68-43C4-9775-81DEDAD512D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop BackupWallPaper: C:\Documents and Settings\CazpahDaGost\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/22 14:41:24 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6282c44d-ac12-11db-aa9d-000c76cdabe6}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{6282c44d-ac12-11db-aa9d-000c76cdabe6}\Shell\open\Command - "" = rundll32.exe .\\kbd1y6.dll,InstallM
O33 - MountPoints2\{9fbe9928-3136-11db-aa29-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{9fbe9928-3136-11db-aa29-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9fbe9928-3136-11db-aa29-806d6172696f}\Shell\AutoRun\command - "" = PC_Clickme.exe
O33 - MountPoints2\{c9befb4f-1320-11da-bec1-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c9befb4f-1320-11da-bec1-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c9befb4f-1320-11da-bec1-806d6172696f}\Shell\AutoRun\command - "" = D:\Setup.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\run.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/08/28 21:51:19 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53765113575899136)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/16 16:13:10 | 00,632,320 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\CazpahDaGost\Desktop\OTS.exe
[2010/01/14 19:48:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
[2010/01/14 19:48:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avid
[2010/01/14 19:42:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MEDIA
[2010/01/14 19:42:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PACE
[2010/01/14 19:40:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\Shared Avid Projects
[2010/01/14 19:40:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\AVX Plug-Ins Data
[2010/01/14 19:40:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\Avid Media Composer
[2010/01/14 19:40:13 | 00,000,000 | ---D | C] -- C:\LicenseFiles
[2010/01/14 19:39:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Avid
[2010/01/14 19:39:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\Avid MediaLog
[2010/01/14 19:38:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\FilmScribe
[2010/01/14 19:38:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\EDL Manager
[2010/01/14 19:37:33 | 00,000,000 | ---D | C] -- C:\Program Files\Licenses
[2010/01/14 19:37:28 | 00,000,000 | ---D | C] -- C:\Program Files\Avid
[2010/01/14 19:29:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SafeNet Sentinel
[2010/01/14 19:28:31 | 00,090,112 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\WinMMFix.dll
[2010/01/14 19:28:31 | 00,015,872 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\digicoin.dll
[2010/01/14 19:28:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Digidesign
[2010/01/14 19:28:27 | 02,554,622 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\dgfwdio.dll
[2010/01/14 19:28:27 | 00,368,640 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\digiasio.dll
[2010/01/14 19:28:27 | 00,196,608 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\Digi32.dll
[2010/01/14 19:28:27 | 00,176,128 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\Diomidi.DLL
[2010/01/14 19:28:27 | 00,024,080 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\drivers\dgfwboot.sys
[2010/01/14 19:28:27 | 00,016,400 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\drivers\diginet.sys
[2010/01/13 16:32:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CazpahDaGost\My Documents\Electronic Arts
[2010/01/13 16:29:02 | 00,447,752 | R--- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2010/01/13 16:29:01 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2010/01/13 14:15:01 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/01/13 14:14:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CazpahDaGost\Application Data\DAEMON Tools Lite
[2010/01/13 14:13:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite
[2010/01/13 13:37:51 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/01/13 13:37:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CazpahDaGost\Application Data\SystemRequirementsLab
[2010/01/12 10:39:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CazpahDaGost\Application Data\WinRAR
[2010/01/12 08:45:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CazpahDaGost\Application Data\Avira
[2010/01/12 08:17:54 | 00,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2007/04/17 22:28:27 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\CazpahDaGost\Application Data\pcouffin.sys
[2005/08/29 19:54:02 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2005/08/22 14:43:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/08/22 14:43:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/08/22 14:41:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/08/22 14:41:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[8 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\Documents and Settings\CazpahDaGost\My Documents\*.tmp files -> C:\Documents and Settings\CazpahDaGost\My Documents\*.tmp -> ]
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/16 16:42:50 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/16 16:42:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/16 16:42:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/16 16:42:10 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/16 16:42:05 | 00,222,324 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor
[2010/01/16 16:41:23 | 09,699,328 | ---- | M] () -- C:\Documents and Settings\CazpahDaGost\ntuser.dat
[2010/01/16 16:41:23 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\CazpahDaGost\ntuser.ini
[2010/01/16 16:36:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2010/01/16 16:16:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2010/01/16 16:13:13 | 00,632,320 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CazpahDaGost\Desktop\OTS.exe
[2010/01/16 15:56:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/01/16 15:29:43 | 00,000,001 | ---- | M] () -- C:\s
[2010/01/16 10:53:20 | 00,078,848 | ---- | M] () -- C:\Documents and Settings\CazpahDaGost\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/14 19:46:55 | 00,321,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/13 14:19:34 | 00,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/01/13 02:29:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/12 14:15:59 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\CazpahDaGost\Application Data\vso_ts_preview.xml
[2010/01/12 13:49:57 | 10,733,03552 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/01/12 08:03:05 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[8 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\Documents and Settings\CazpahDaGost\My Documents\*.tmp files -> C:\Documents and Settings\CazpahDaGost\My Documents\*.tmp -> ]
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/16 16:36:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2010/01/16 16:16:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2010/01/16 15:56:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/01/16 15:29:43 | 00,000,001 | ---- | C] () -- C:\s
[2010/01/14 19:28:28 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2010/01/13 14:19:31 | 00,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/12/25 14:07:45 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Application Data\vso_ts_preview.xml
[2009/12/25 14:06:59 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Application Data\inst.exe
[2009/11/17 00:15:58 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\PtSSE2.dll
[2009/11/17 00:15:54 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2009/11/16 23:46:22 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AvidXPSerial.sys
[2009/10/27 14:19:00 | 00,002,728 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2009/10/27 14:18:06 | 00,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2009/09/24 10:48:37 | 00,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\.811261211181235583101118113995
[2009/08/28 02:17:44 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/08/28 02:17:43 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/08/28 02:17:41 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/28 02:17:40 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/28 02:17:39 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/28 02:17:39 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/07/19 20:52:01 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/06/18 00:40:48 | 00,137,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/06/17 16:17:03 | 00,139,152 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Application Data\PnkBstrK.sys
[2009/06/17 15:41:42 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\leverage.drm.log
[2009/03/20 15:04:22 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/08/24 11:49:31 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/01/29 18:01:41 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/12 15:10:08 | 00,001,362 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2007/06/03 04:47:10 | 00,593,938 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2007/04/27 07:40:00 | 00,026,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\sentinel.sys
[2007/04/22 19:15:29 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/17 22:30:26 | 00,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\.zreglib
[2007/04/17 22:28:29 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Application Data\pcouffin.log
[2007/04/17 22:28:27 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Application Data\ezpinst.exe
[2007/04/17 22:28:27 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Application Data\pcouffin.cat
[2007/04/17 22:28:27 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Application Data\pcouffin.inf
[2007/04/12 14:13:02 | 00,000,120 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Application Data\FixVTS.ini
[2006/09/06 23:07:42 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/09/06 23:07:42 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/08/24 20:40:14 | 00,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/08/22 13:39:39 | 00,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\.119889580931711767808769176
[2006/08/22 13:37:56 | 00,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\.24554863501262644635642126105
[2006/02/02 20:07:45 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2005/10/17 10:54:49 | 00,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf(4)(3).sys
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf(4)(2).sys
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(4).sys
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(3).sys
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(2).sys
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(4).sys
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(3).sys
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(2).sys
[2005/09/15 16:07:01 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/11 22:44:53 | 00,078,848 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/09/11 17:07:17 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/09/11 17:07:05 | 00,067,428 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/09/11 17:07:05 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/09/11 17:07:04 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/09/11 17:07:04 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2005/09/08 16:46:18 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\ztLib.dll
[2005/09/04 00:19:46 | 00,000,114 | ---- | C] () -- C:\WINDOWS\NVProfileManager.INI
[2005/09/04 00:19:06 | 00,000,119 | ---- | C] () -- C:\WINDOWS\NVPerformance.INI
[2005/09/03 19:54:27 | 00,006,702 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2005/08/29 19:53:56 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/08/29 19:49:45 | 00,000,135 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Local Settings\Application Data\fusioncache.dat
[2004/10/15 09:10:04 | 00,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2004/08/04 07:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 07:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/07/10 17:55:38 | 00,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2004/06/29 19:07:26 | 01,658,973 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2002/11/20 18:51:34 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll

========== LOP Check ==========

[2009/06/17 15:41:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AA3DeployClient
[2010/01/14 19:48:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avid
[2010/01/13 14:14:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite
[2009/09/24 10:48:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Final Draft
[2008/03/16 11:37:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\fssg
[2009/06/15 21:44:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\iWin Games
[2008/01/26 19:25:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LightScribe
[2008/08/24 11:52:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Napster
[2010/01/14 19:48:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
[2007/04/17 22:30:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SlySoft
[2009/08/28 17:20:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2005/09/07 22:41:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
[2007/10/21 15:44:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\YAHOO
[2010/01/13 16:08:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\DAEMON Tools Lite
[2008/04/05 21:21:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\F-Secure
[2009/09/24 10:48:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Final Draft
[2008/11/21 10:31:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\goombah
[2009/08/28 16:32:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Logs
[2005/09/08 13:26:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\MetaProducts
[2005/09/08 13:15:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Musicmatch
[2006/01/21 17:41:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\NetMedia Providers
[2009/12/09 13:31:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Orbit
[2006/01/21 17:41:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Publish Providers
[2009/10/11 15:37:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Research In Motion
[2007/04/19 14:56:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\RipIt4Me
[2008/11/21 10:31:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Ruckus Network
[2007/04/21 20:03:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\SlySoft
[2009/09/20 12:17:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\StreamTorrent
[2006/03/18 00:23:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\System Requirements Lab
[2010/01/13 13:37:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\SystemRequirementsLab
[2008/11/25 21:27:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\tunebite
[2010/01/12 14:15:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Vso
[2009/09/06 04:42:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\wsInspector
[2010/01/13 02:29:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/12/05 18:33:46 | 00,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2004/03/10 16:16:33 | 00,077,824 | ---- | M] (Moodlogic) -- C:\catgen.exe
[2004/07/01 16:20:20 | 00,212,992 | ---- | M] (Moodlogic) -- C:\Updater.exe
[8 C:\*.tmp files -> C:\*.tmp -> ]


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 07:00:00 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2004/06/03 09:40:46 | 00,079,360 | R--- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\Documents and Settings\CazpahDaGost\Local Settings\Temp\Temporary Directory 1 for NF3_CK8S.zip\NF3_CK8S\Win2K-XP\IDE\Win2K\NvAtaBus.sys
[2004/06/03 09:40:46 | 00,079,360 | R--- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\Documents and Settings\CazpahDaGost\Local Settings\Temp\Temporary Directory 1 for NF3_CK8S.zip\NF3_CK8S\Win2K-XP\IDE\WinXP\NvAtaBus.sys
[2004/12/07 11:15:54 | 00,087,936 | ---- | M] (NVIDIA Corporation) MD5=E4F1F95A6BBBFBBFF9A713C6063AA2CB -- C:\WINDOWS\OemDir\nvatabus.sys
[2004/12/07 11:15:54 | 00,087,936 | ---- | M] (NVIDIA Corporation) MD5=E4F1F95A6BBBFBBFF9A713C6063AA2CB -- C:\WINDOWS\system32\drivers\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8E3D07DE
< End of report >


Extras Text:
OTL Extras logfile created on: 1/16/2010 6:43:29 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\CazpahDaGost\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 434.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 20.67 Gb Free Space | 13.87% Space Free | Partition Type: NTFS
Drive D: | 3.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAZPAH
Current User Name: CazpahDaGost
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-854245398-1364589140-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ruckus Player\Ruckus.exe" = C:\Program Files\Ruckus Player\Ruckus.exe:*:Enabled:Ruckus -- ( )
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Sonic Foundry\ACID 4.0\acid40.exe" = C:\Program Files\Sonic Foundry\ACID 4.0\acid40.exe:*:Disabled:ACID Pro 4.0 -- (Sonic Foundry, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03A26689-82BB-6FF9-1FDA-93B18547C8C8}" = Catalyst Control Center Graphics Full New
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{0886CCDD-DCBC-4A91-A22F-73179FE8F020}" = Avid EDL Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D048BE8-AE02-4CB5-A428-616B9848E4A7}" = BlackBerry Desktop Software 4.3
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A6A6531-08FC-47AD-BAC4-C41497E71033}" = Nero 7 Essentials
"{1D171963-9063-4423-898B-8EC4F1F190B7}" = EA downloader
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{21BC2871-0B96-9EC1-6CBF-A0B9BCBC0D89}" = Skins
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A38B5AA-EA84-4F87-9937-2FB23982243A}" = Sonic Foundry ACID 4.0
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E}" = ccc-core-static
"{410DB4DE-354D-F472-F66D-FCFF345A8960}" = Catalyst Control Center Graphics Previews Common
"{47813E93-F2A0-484A-838E-47EC1B28D190}" = Adobe Stock Photos 1.0
"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56DF5C9E-6392-46D3-B366-297B14E1DAAF}" = Bonjour Core for Windows
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.80
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5CB0F482-E860-4437-9EA3-AFD5B7C39D9A}" = Avid MediaLog
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = Roxio Media Manager
"{5F49D1B0-D558-F251-715E-A46CD0A30FED}" = ccc-utility
"{61BA2A5B-881D-EEF7-F5D2-5EFAF7CCBDA9}" = Catalyst Control Center Graphics Light
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{651E5E05-3416-E761-B919-37EF1F4272F9}" = Catalyst Control Center Core Implementation
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{71799E90-852D-4349-915B-99A692BBF07F}" = Avid Media Composer
"{7191C910-3F72-B2CA-0FA5-F0E78F5F8FD2}" = CCC Help English
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{734BB64A-5A3D-4624-867D-6358B7068496}" = Sound Blaster Live! 24-bit
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.3.104
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{799F774D-7D7B-4B5B-BCA4-E69F5BEEFC7B}" = Microsoft DirectX SDK (June 2006)
"{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}" = Final Draft
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{97A96172-A963-4A37-9FFB-DA6805BB915A}" = VeohTV BETA
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC5E685-58F5-4238-AA90-C803BCC6ED8B}" = Rapidshare Auto Downloader 3.8.2
"{9DE006A5-B384-4EDE-A760-0F217136B9EA}" = Microsoft IntelliType Pro 2.2
"{9F1D8E17-2AE6-4608-901D-42146D7D9C68}" = Digidesign Audio Drivers 8.0.1 for Avid
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AC5095A8-9C14-4941-B2D6-88DFB9DC9D5B}" = Avid FilmScribe
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2006
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}" = Windows Defender
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}" = Motorola Driver Installation 3.7.0
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{DA023D43-88B3-4F2E-B2E5-73D1F6B400B3}" = MetaSync
"{DB545558-38D0-4FC5-B185-D3D8250A89C1}" = Avid Log Exchange
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}" = Goombah Partner COM Server
"{EC33A4E0-A500-D4A2-C1F8-DCA04496B053}" = Catalyst Control Center Graphics Full Existing
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EE031CEC-748D-429A-9A5C-8C53CD193335}" = BlackBerry Device Software Updater
"{fe7ccec2-0f76-4921-bc75-caaf255cbbf2}" = DFX for Windows Media Player
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2007
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"All ATI Software" = ATI - Software Uninstall Utility
"AnyDVD" = AnyDVD
"AoA DVD Copy_is1" = AoA DVD Copy
"AOL Deskbar" = AOL Deskbar
"AOL Toolbar" = AOL Toolbar
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"a-squared Free_is1" = a-squared Free 4.5
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Premium Security Suite
"Bink and Smacker" = Bink and Smacker
"BlackBerry_{0D048BE8-AE02-4CB5-A428-616B9848E4A7}" = BlackBerry Desktop Software 4.3
"C1" = Waves C1+
"Collab" = Collab
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab Platinum_is1" = DVDFab Platinum 3.0.9.8
"DVDx_is1" = DVDx
"eMusic Promotion" = eMusic - 50 Free MP3 offer
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FL Studio 6" = FL Studio 6
"FLVPlayer" = FLV Player 1.3.3
"GoogleVideoPlayer" = Google Video Player
"Homepage" = Homepage Screen Saver
"hp instant support" = hp instant support
"hp officejet g series 1256671137" = hp officejet g series
"InstallShield_{1D171963-9063-4423-898B-8EC4F1F190B7}" = EA downloader
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{97A96172-A963-4A37-9FFB-DA6805BB915A}" = VeohTV BETA
"IsoBuster_is1" = IsoBuster 1.8
"i-Speeder" = i-Speeder
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.3.5 Full
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaProducts StartUp Organizer" = MetaProducts StartUp Organizer
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla (1.7.8)" = Mozilla (1.7.8)
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSI Live Update 3" = MSI Live Update 3
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"Pharos" = Pharos
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Ruckus Player" = Ruckus Player
"ShockwaveFlash" = Macromedia Flash Player 8
"SopCast" = SopCast 1.1.2
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Streamripper.Plugin" = Streamripper Plugin 1.61.24 (Remove only)
"StreamTorrent 1.0" = Stream Torrent 1.0
"SysInfo" = Creative System Information
"System Requirements Lab" = System Requirements Lab
"tunebite_is1" = tunebite 3.0.1.8
"TV Player" = Veetle TV Player 0.9.7
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.3.3.2
"Veetle TV Player" = Veetle TV Player 0.9.7
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual Labs for Physical Anthropology" = Virtual Labs for Physical Anthropology
"VLC media player" = VideoLAN VLC media player 0.8.5
"Waves Native Gold Bundle v3.01" = Waves Native Gold Bundle v3.01
"Waves Renaissance Collection 2" = Waves Renaissance Collection 2
"Winamp" = Winamp
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"x264 Revision 564 x264.nl" = x264 Revision 564 x264.nl (remove only)
"XBCD 360 Drivers (Win XP)" = XBCD 360 Drivers (Win XP)
"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows
"XChange 360_is1" = XChange 360
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zen V Series Media Explorer" = ZEN V Series Media Explorer
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-854245398-1364589140-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2a4f70b48f669acd" = AA3Deploy
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/7/2010 6:38:03 PM | Computer Name = CAZPAH | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 1/7/2010 6:40:52 PM | Computer Name = CAZPAH | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 1/7/2010 6:48:11 PM | Computer Name = CAZPAH | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 1/7/2010 6:48:11 PM | Computer Name = CAZPAH | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 1/12/2010 8:55:42 AM | Computer Name = CAZPAH | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 201 of d:\qxp_slp\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/12/2010 8:55:42 AM | Computer Name = CAZPAH | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 201 of d:\qxp_slp\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/13/2010 4:22:17 PM | Computer Name = CAZPAH | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/14/2010 8:36:45 PM | Computer Name = CAZPAH | Source = ESENT | ID = 490
Description = svchost (1492) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 1/14/2010 8:36:45 PM | Computer Name = CAZPAH | Source = ESENT | ID = 470
Description = Catalog Database (1492) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
is partially attached. Attachment stage: 3. Error: -1032.

Error - 1/16/2010 4:29:56 PM | Computer Name = CAZPAH | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3642, faulting module
3difr.x3d, version 9.1.0.0, fault address 0x0001d601.

[ Application Events ]
Error - 1/7/2010 6:38:03 PM | Computer Name = CAZPAH | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 1/7/2010 6:40:52 PM | Computer Name = CAZPAH | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 1/7/2010 6:48:11 PM | Computer Name = CAZPAH | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 1/7/2010 6:48:11 PM | Computer Name = CAZPAH | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 1/12/2010 8:55:42 AM | Computer Name = CAZPAH | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 201 of d:\qxp_slp\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/12/2010 8:55:42 AM | Computer Name = CAZPAH | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 201 of d:\qxp_slp\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/13/2010 4:22:17 PM | Computer Name = CAZPAH | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/14/2010 8:36:45 PM | Computer Name = CAZPAH | Source = ESENT | ID = 490
Description = svchost (1492) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 1/14/2010 8:36:45 PM | Computer Name = CAZPAH | Source = ESENT | ID = 470
Description = Catalog Database (1492) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
is partially attached. Attachment stage: 3. Error: -1032.

Error - 1/16/2010 4:29:56 PM | Computer Name = CAZPAH | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3642, faulting module
3difr.x3d, version 9.1.0.0, fault address 0x0001d601.

[ System Events ]
Error - 1/15/2010 8:59:36 AM | Computer Name = CAZPAH | Source = Service Control Manager | ID = 7024
Description = The Bonjour Service service terminated with service-specific error
4294967295 (0xFFFFFFFF).

Error - 1/15/2010 8:59:36 AM | Computer Name = CAZPAH | Source = WMPNetworkSvc | ID = 866293
Description = Service 'WMPNetworkSvc' did not start correctly because QueryService
encountered error '0x80004002'. In Windows Media Player, turn off media sharing,
and then turn it back on.

Error - 1/16/2010 9:30:22 AM | Computer Name = CAZPAH | Source = Service Control Manager | ID = 7024
Description = The Bonjour Service service terminated with service-specific error
4294967295 (0xFFFFFFFF).

Error - 1/16/2010 9:30:22 AM | Computer Name = CAZPAH | Source = WMPNetworkSvc | ID = 866293
Description = Service 'WMPNetworkSvc' did not start correctly because QueryService
encountered error '0x80004002'. In Windows Media Player, turn off media sharing,
and then turn it back on.

Error - 1/16/2010 4:34:18 PM | Computer Name = CAZPAH | Source = Service Control Manager | ID = 7024
Description = The Bonjour Service service terminated with service-specific error
4294967295 (0xFFFFFFFF).

Error - 1/16/2010 4:34:18 PM | Computer Name = CAZPAH | Source = WMPNetworkSvc | ID = 866293
Description = Service 'WMPNetworkSvc' did not start correctly because QueryService
encountered error '0x80004002'. In Windows Media Player, turn off media sharing,
and then turn it back on.

Error - 1/16/2010 4:37:25 PM | Computer Name = CAZPAH | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/16/2010 5:42:41 PM | Computer Name = CAZPAH | Source = WMPNetworkSvc | ID = 866293
Description = Service 'WMPNetworkSvc' did not start correctly because QueryService
encountered error '0x80004002'. In Windows Media Player, turn off media sharing,
and then turn it back on.

Error - 1/16/2010 5:42:43 PM | Computer Name = CAZPAH | Source = Service Control Manager | ID = 7024
Description = The Bonjour Service service terminated with service-specific error
4294967295 (0xFFFFFFFF).

Error - 1/16/2010 5:42:43 PM | Computer Name = CAZPAH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atapi PCIIde


< End of report >

[cazpahdagost]

GMER Report:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-16 18:42:20
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\CAZPAH~1\LOCALS~1\Temp\uwtdqpoc.sys


---- System - GMER 1.0.15 ----

SSDT A13C337E ZwCreateKey
SSDT A13C3374 ZwCreateThread
SSDT A13C3383 ZwDeleteKey
SSDT A13C338D ZwDeleteValueKey
SSDT spyg.sys ZwEnumerateKey [0xF7401DA4]
SSDT spyg.sys ZwEnumerateValueKey [0xF7402132]
SSDT A13C3392 ZwLoadKey
SSDT spyg.sys ZwOpenKey [0xF73E90C0]
SSDT A13C3360 ZwOpenProcess
SSDT A13C3365 ZwOpenThread
SSDT spyg.sys ZwQueryKey [0xF740220A]
SSDT spyg.sys ZwQueryValueKey [0xF740208A]
SSDT A13C339C ZwReplaceKey
SSDT A13C3397 ZwRestoreKey
SSDT A13C3388 ZwSetValueKey
SSDT A13C336F ZwTerminateProcess
SSDT A13C336A ZwWriteVirtualMemory

INT 0x62 ? 867DBBF8
INT 0x63 ? 8676BBF8
INT 0x73 ? 867DBBF8
INT 0x82 ? 867DBBF8
INT 0x83 ? 867DBBF8
INT 0xB4 ? 8676BBF8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 867DA1F8
Device \FileSystem\Fastfat \FatCdrom 85554500

AttachedDevice \Driver\Tcpip \Device\Ip avfwot.sys (TDI filtering kernel driver/Avira GmbH)

Device \Driver\usbohci \Device\USBPDO-0 865941F8
Device \Driver\usbohci \Device\USBPDO-1 865941F8

AttachedDevice \Driver\Tcpip \Device\Tcp avfwot.sys (TDI filtering kernel driver/Avira GmbH)

Device \Driver\PCI_PNP9178 \Device\00000057 spyg.sys
Device \Driver\PCI_PNP9178 \Device\00000057 spyg.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 867DC1F8
Device \Driver\Cdrom \Device\CdRom0 86461500
Device \Driver\nvatabus \Device\00000072 867DB1F8
Device \Driver\Cdrom \Device\CdRom1 86461500
Device \Driver\nvatabus \Device\00000074 867DB1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 85601500
Device \Driver\NetBT \Device\NetbiosSmb 85601500

AttachedDevice \Driver\Tcpip \Device\Udp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice \Driver\Tcpip \Device\RawIp avfwot.sys (TDI filtering kernel driver/Avira GmbH)

Device \Driver\usbohci \Device\USBFDO-0 865941F8
Device \Driver\nvatabus \Device\NvAta0 867DB1F8
Device \Driver\usbohci \Device\USBFDO-1 865941F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 855D61F8
Device \Driver\nvatabus \Device\NvAta1 867DB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 855D61F8
Device \Driver\nvatabus \Device\NvAta2 867DB1F8
Device \Driver\Ftdisk \Device\FtControl 867DC1F8
Device \Driver\sptd \Device\3062207928 spyg.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{F6321C12-0905-46BC-AC17-3EA868F1B83C} 85601500
Device \Driver\ao74himi \Device\Scsi\ao74himi1Port3Path0Target0Lun0 864431F8
Device \Driver\ao74himi \Device\Scsi\ao74himi1 864431F8
Device \FileSystem\Fastfat \Fat 85554500

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 864931F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x14 0xAC 0xCC 0xF8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7C 0xED 0x1D 0x63 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3F 0x0A 0x7C 0xE3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x14 0xAC 0xCC 0xF8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7C 0xED 0x1D 0x63 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3F 0x0A 0x7C 0xE3 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] 84EFCFBF246BC443979F647316BF4EF65A5380E3A648DB4EEB7C6C6AB90FB1D819512CF9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C
FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3D9DB7CE019D40AA5CC038D530D6EB345290B41C6D2
476845F38B59B2F520F59CDBB046607A2246EF7EA3DE2F85E507524512C082BFDFADB418FA2C0B4AEB60F820DEA20842DBB21067B45E7526BEF2F1325
77D89C0BF6A0620F6A5C44A761B4F865D776A769DCDC14C10B0759F47B692139ACE6DC9E8D06CB3825C300F40589143C05D73B966C8DFCCC0AEFA2E0E
DDCC24EA93EE661E931ABA2317E6EA29C405A9CF1EBEE4556133F3A820427E2C03790B98E9D1FCDB4BD5378AE49F714A27F7726DE0B545B08C002BF77
5AC287F31A48E4BEF7C7B3A138B9770495ED7B9C62B98BD3C2E313F45F0B252F3C362D0D994BCD61760DB7E42278F2D98601E20EF8151499D579F8942
BC646B5A9A58590401C85E5737B51B6F34DCE9CF4C62700451F9A3EB8D4F0605345155A551B1A8D0865AF787E044CD3941A88FD6D3C79813F92109416
972F577D3A142FA400C210E47488905BFBC8FCE4E4ABF3B13E5D24CF50F5B3C84ABD7B40FDDB0BB227AF2F3BB85A64811D3976B458DBB5B40F2C7C585
9E473E459FA54A70B998A4D43E380624808701D056709CB404EC2A05
Reg HKLM\SOFTWARE\Classes\CLSID\{74099617-91C0-6CB0-475BC8650FC6C929}\{C2CB2410-92BB-FC4E-376913EB15620FA4}\{B6CDFCFD-0A38-7380-A1288DE48E078F85}
Reg HKLM\SOFTWARE\Classes\CLSID\{74099617-91C0-6CB0-475BC8650FC6C929}\{C2CB2410-92BB-FC4E-376913EB15620FA4}\{B6CDFCFD-0A38-7380-A1288DE48E078F85}@SE4K5INHHR1EDZYY15BVZC6TKG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DF771B98-AC91-34D8-F0EE49DCFFD7BEDE}\{02C90D3B-A401-D38F-0F8BFA977E327E75}\{1704AFF6-6AA2-2F70-F8B468ED602E6063}
Reg HKLM\SOFTWARE\Classes\CLSID\{DF771B98-AC91-34D8-F0EE49DCFFD7BEDE}\{02C90D3B-A401-D38F-0F8BFA977E327E75}\{1704AFF6-6AA2-2F70-F8B468ED602E6063}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...

---- EOF - GMER 1.0.15 ----



OTL TEXT:

OTL logfile created on: 1/16/2010 6:43:29 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\CazpahDaGost\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 434.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 20.67 Gb Free Space | 13.87% Space Free | Partition Type: NTFS
Drive D: | 3.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAZPAH
Current User Name: CazpahDaGost
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/16 18:42:38 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CazpahDaGost\My Documents\Downloads\OTL.exe
PRC - [2010/01/12 08:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010/01/06 18:12:58 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/30 06:57:08 | 00,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/08/11 03:55:22 | 00,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\DigiDesign\Drivers\MMERefresh.exe
PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/05/12 13:46:39 | 00,434,945 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2009/05/11 09:37:59 | 00,388,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2009/05/11 09:31:46 | 00,194,817 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/09/06 14:09:14 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2007/05/30 13:52:32 | 00,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2006/09/11 03:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2004/08/04 07:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 07:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe
PRC - [2003/09/17 09:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
PRC - [2002/11/20 18:37:46 | 00,188,416 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpofxm07.exe
PRC - [2002/11/20 18:17:20 | 00,057,344 | ---- | M] (HP) -- C:\WINDOWS\system32\hpoipm07.exe
PRC - [2002/11/20 18:09:10 | 00,294,912 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hposts07.exe
PRC - [2002/11/20 17:48:24 | 00,299,008 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpoevm07.exe
PRC - [2002/11/20 17:15:00 | 00,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe


========== Modules (SafeList) ==========

MOD - [2010/01/16 18:42:38 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CazpahDaGost\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/12 08:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/08/28 17:52:59 | 00,980,512 | ---- | M] (Emsi Software GmbH) [On_Demand | Stopped] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/08/11 03:55:22 | 00,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/18 00:40:33 | 00,189,288 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009/06/17 16:10:10 | 00,075,064 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/05/12 13:46:39 | 00,434,945 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2009/05/11 09:37:59 | 00,388,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2009/05/11 09:31:46 | 00,194,817 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2009/03/03 13:53:32 | 00,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/04/05 14:06:46 | 00,607,576 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/08/16 07:56:16 | 00,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2007/08/16 07:56:14 | 00,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2007/08/16 07:56:10 | 01,092,080 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/07/25 15:50:26 | 00,079,136 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/07/24 04:14:08 | 00,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/07/24 04:14:06 | 00,358,896 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/06/01 10:21:30 | 00,271,920 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/04/13 21:09:56 | 00,792,112 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007/02/15 12:45:36 | 00,707,344 | ---- | M] (O&O Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2007/02/02 17:34:00 | 00,520,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2007/02/02 14:55:08 | 00,446,464 | ---- | M] (ATI Technologies Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/10/26 23:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/07/25 17:03:42 | 02,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 17:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/04/03 17:12:14 | 00,014,032 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/10/17 10:54:49 | 00,002,560 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2005/09/15 16:22:39 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2005/04/29 17:18:24 | 00,131,136 | ---- | M] (NVIDIA) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2005/04/29 17:18:08 | 00,057,412 | ---- | M] (NVIDIA) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2004/11/30 10:08:56 | 00,020,543 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2000/06/26 06:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service)
SRV - [1999/12/13 09:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\PE_C_OWNER\PE_C_OWNER\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\PE_C_OWNER\PE_C_OWNER\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-854245398-1364589140-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-854245398-1364589140-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-854245398-1364589140-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKU\S-1-5-21-854245398-1364589140-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://forum.videoediting.ru/
IE - HKU\S-1-5-21-854245398-1364589140-725345543-1004\S-1-5-21-854245398-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-854245398-1364589140-725345543-1004\S-1-5-21-854245398-1364589140-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:3.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7


FF - HKLM\software\mozilla\Mozilla 1.7.8\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components [2009/08/21 19:27:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.8\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2009/08/21 19:27:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/16 15:30:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/12 08:17:48 | 00,000,000 | ---D | M]

[2008/08/30 14:21:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Mozilla\Extensions
[2010/01/16 16:21:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Mozilla\Firefox\Profiles\49atvsha.default\extensions
[2007/10/19 12:49:38 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CazpahDaGost\Application Data\Mozilla\Firefox\Profiles\49atvsha.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2006/10/08 16:42:48 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CazpahDaGost\Application Data\Mozilla\Firefox\Profiles\49atvsha.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/11/22 18:08:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Mozilla\Firefox\Profiles\49atvsha.default\extensions\[email protected]
[2010/01/16 16:21:14 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/17 15:23:10 | 00,626,688 | ---- | M] (ebrary) -- C:\Program Files\Mozilla Firefox\plugins\NPInfotl.dll
[2006/09/09 21:33:53 | 00,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

O1 HOSTS File: ([2007/08/16 23:15:32 | 00,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll File not found
O3 - HKU\S-1-5-21-854245398-1364589140-725345543-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-854245398-1364589140-725345543-1004\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-854245398-1364589140-725345543-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-854245398-1364589140-725345543-1004\..\Toolbar\WebBrowser: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\DigiDesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKU\.DEFAULT..\Run: [] File not found
O4 - HKU\.DEFAULT..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe File not found
O4 - HKU\PE_C_OWNER..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe File not found
O4 - HKU\S-1-5-18..\Run: [] File not found
O4 - HKU\S-1-5-18..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe File not found
O4 - HKU\S-1-5-21-854245398-1364589140-725345543-1004..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKU\S-1-5-21-854245398-1364589140-725345543-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-854245398-1364589140-725345543-1004..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\hp instant support.lnk = C:\Program Files\Hewlett-Packard\AiO\HPis\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe (Hewlett-Packard Co.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\PE_C_OWNER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-854245398-1364589140-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll File not found
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-854245398-1364589140-725345543-1004\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-854245398-1364589140-725345543-1004\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-854245398-1364589140-725345543-1004\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} http://www.cyberlink...xp/CheckDVD.cab (ChkDVDCtl Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinn...dy/jeopardy.cab (Jeopardy Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1126828603593 (MUWebControl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bw+0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {3E7B97CA-3D68-43C4-9775-81DEDAD512D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop BackupWallPaper: C:\Documents and Settings\CazpahDaGost\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/22 14:41:24 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6282c44d-ac12-11db-aa9d-000c76cdabe6}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{6282c44d-ac12-11db-aa9d-000c76cdabe6}\Shell\open\Command - "" = rundll32.exe .\\kbd1y6.dll,InstallM
O33 - MountPoints2\{9fbe9928-3136-11db-aa29-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{9fbe9928-3136-11db-aa29-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9fbe9928-3136-11db-aa29-806d6172696f}\Shell\AutoRun\command - "" = PC_Clickme.exe
O33 - MountPoints2\{c9befb4f-1320-11da-bec1-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c9befb4f-1320-11da-bec1-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c9befb4f-1320-11da-bec1-806d6172696f}\Shell\AutoRun\command - "" = D:\Setup.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\run.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/08/28 21:51:19 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53765113575899136)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/16 16:13:10 | 00,632,320 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\CazpahDaGost\Desktop\OTS.exe
[2010/01/14 19:48:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
[2010/01/14 19:48:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avid
[2010/01/14 19:42:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MEDIA
[2010/01/14 19:42:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PACE
[2010/01/14 19:40:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\Shared Avid Projects
[2010/01/14 19:40:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\AVX Plug-Ins Data
[2010/01/14 19:40:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\Avid Media Composer
[2010/01/14 19:40:13 | 00,000,000 | ---D | C] -- C:\LicenseFiles
[2010/01/14 19:39:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Avid
[2010/01/14 19:39:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\Avid MediaLog
[2010/01/14 19:38:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\FilmScribe
[2010/01/14 19:38:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\EDL Manager
[2010/01/14 19:37:33 | 00,000,000 | ---D | C] -- C:\Program Files\Licenses
[2010/01/14 19:37:28 | 00,000,000 | ---D | C] -- C:\Program Files\Avid
[2010/01/14 19:29:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SafeNet Sentinel
[2010/01/14 19:28:31 | 00,090,112 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\WinMMFix.dll
[2010/01/14 19:28:31 | 00,015,872 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\digicoin.dll
[2010/01/14 19:28:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Digidesign
[2010/01/14 19:28:27 | 02,554,622 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\dgfwdio.dll
[2010/01/14 19:28:27 | 00,368,640 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\digiasio.dll
[2010/01/14 19:28:27 | 00,196,608 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\Digi32.dll
[2010/01/14 19:28:27 | 00,176,128 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\Diomidi.DLL
[2010/01/14 19:28:27 | 00,024,080 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\drivers\dgfwboot.sys
[2010/01/14 19:28:27 | 00,016,400 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\drivers\diginet.sys
[2010/01/13 16:32:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CazpahDaGost\My Documents\Electronic Arts
[2010/01/13 16:29:02 | 00,447,752 | R--- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2010/01/13 16:29:01 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2010/01/13 14:15:01 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/01/13 14:14:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CazpahDaGost\Application Data\DAEMON Tools Lite
[2010/01/13 14:13:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite
[2010/01/13 13:37:51 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/01/13 13:37:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CazpahDaGost\Application Data\SystemRequirementsLab
[2010/01/12 10:39:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CazpahDaGost\Application Data\WinRAR
[2010/01/12 08:45:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CazpahDaGost\Application Data\Avira
[2010/01/12 08:17:54 | 00,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2007/04/17 22:28:27 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\CazpahDaGost\Application Data\pcouffin.sys
[2005/08/29 19:54:02 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2005/08/22 14:43:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/08/22 14:43:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/08/22 14:41:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/08/22 14:41:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[8 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\Documents and Settings\CazpahDaGost\My Documents\*.tmp files -> C:\Documents and Settings\CazpahDaGost\My Documents\*.tmp -> ]
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/16 16:42:50 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/16 16:42:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/16 16:42:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/16 16:42:10 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/16 16:42:05 | 00,222,324 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor
[2010/01/16 16:41:23 | 09,699,328 | ---- | M] () -- C:\Documents and Settings\CazpahDaGost\ntuser.dat
[2010/01/16 16:41:23 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\CazpahDaGost\ntuser.ini
[2010/01/16 16:36:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2010/01/16 16:16:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2010/01/16 16:13:13 | 00,632,320 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CazpahDaGost\Desktop\OTS.exe
[2010/01/16 15:56:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/01/16 15:29:43 | 00,000,001 | ---- | M] () -- C:\s
[2010/01/16 10:53:20 | 00,078,848 | ---- | M] () -- C:\Documents and Settings\CazpahDaGost\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/14 19:46:55 | 00,321,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/13 14:19:34 | 00,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/01/13 02:29:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/12 14:15:59 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\CazpahDaGost\Application Data\vso_ts_preview.xml
[2010/01/12 13:49:57 | 10,733,03552 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/01/12 08:03:05 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[8 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\Documents and Settings\CazpahDaGost\My Documents\*.tmp files -> C:\Documents and Settings\CazpahDaGost\My Documents\*.tmp -> ]
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/16 16:36:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2010/01/16 16:16:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2010/01/16 15:56:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/01/16 15:29:43 | 00,000,001 | ---- | C] () -- C:\s
[2010/01/14 19:28:28 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2010/01/13 14:19:31 | 00,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/12/25 14:07:45 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Application Data\vso_ts_preview.xml
[2009/12/25 14:06:59 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Application Data\inst.exe
[2009/11/17 00:15:58 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\PtSSE2.dll
[2009/11/17 00:15:54 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2009/11/16 23:46:22 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AvidXPSerial.sys
[2009/10/27 14:19:00 | 00,002,728 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2009/10/27 14:18:06 | 00,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2009/09/24 10:48:37 | 00,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\.811261211181235583101118113995
[2009/08/28 02:17:44 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/08/28 02:17:43 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/08/28 02:17:41 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/28 02:17:40 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/28 02:17:39 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/28 02:17:39 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/07/19 20:52:01 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/06/18 00:40:48 | 00,137,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/06/17 16:17:03 | 00,139,152 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Application Data\PnkBstrK.sys
[2009/06/17 15:41:42 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\leverage.drm.log
[2009/03/20 15:04:22 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/08/24 11:49:31 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/01/29 18:01:41 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/12 15:10:08 | 00,001,362 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2007/06/03 04:47:10 | 00,593,938 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2007/04/27 07:40:00 | 00,026,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\sentinel.sys
[2007/04/22 19:15:29 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/17 22:30:26 | 00,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\.zreglib
[2007/04/17 22:28:29 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Application Data\pcouffin.log
[2007/04/17 22:28:27 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Application Data\ezpinst.exe
[2007/04/17 22:28:27 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Application Data\pcouffin.cat
[2007/04/17 22:28:27 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Application Data\pcouffin.inf
[2007/04/12 14:13:02 | 00,000,120 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Application Data\FixVTS.ini
[2006/09/06 23:07:42 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/09/06 23:07:42 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/08/24 20:40:14 | 00,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/08/22 13:39:39 | 00,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\.119889580931711767808769176
[2006/08/22 13:37:56 | 00,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\.24554863501262644635642126105
[2006/02/02 20:07:45 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2005/10/17 10:54:49 | 00,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf(4)(3).sys
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf(4)(2).sys
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(4).sys
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(3).sys
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(2).sys
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(4).sys
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(3).sys
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(2).sys
[2005/09/15 16:07:01 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/11 22:44:53 | 00,078,848 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/09/11 17:07:17 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/09/11 17:07:05 | 00,067,428 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/09/11 17:07:05 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/09/11 17:07:04 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/09/11 17:07:04 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2005/09/08 16:46:18 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\ztLib.dll
[2005/09/04 00:19:46 | 00,000,114 | ---- | C] () -- C:\WINDOWS\NVProfileManager.INI
[2005/09/04 00:19:06 | 00,000,119 | ---- | C] () -- C:\WINDOWS\NVPerformance.INI
[2005/09/03 19:54:27 | 00,006,702 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2005/08/29 19:53:56 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/08/29 19:49:45 | 00,000,135 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Local Settings\Application Data\fusioncache.dat
[2004/10/15 09:10:04 | 00,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2004/08/04 07:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 07:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/07/10 17:55:38 | 00,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2004/06/29 19:07:26 | 01,658,973 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2002/11/20 18:51:34 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll

========== LOP Check ==========

[2009/06/17 15:41:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AA3DeployClient
[2010/01/14 19:48:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avid
[2010/01/13 14:14:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite
[2009/09/24 10:48:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Final Draft
[2008/03/16 11:37:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\fssg
[2009/06/15 21:44:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\iWin Games
[2008/01/26 19:25:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LightScribe
[2008/08/24 11:52:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Napster
[2010/01/14 19:48:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
[2007/04/17 22:30:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SlySoft
[2009/08/28 17:20:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2005/09/07 22:41:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
[2007/10/21 15:44:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\YAHOO
[2010/01/13 16:08:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\DAEMON Tools Lite
[2008/04/05 21:21:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\F-Secure
[2009/09/24 10:48:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Final Draft
[2008/11/21 10:31:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\goombah
[2009/08/28 16:32:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Logs
[2005/09/08 13:26:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\MetaProducts
[2005/09/08 13:15:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Musicmatch
[2006/01/21 17:41:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\NetMedia Providers
[2009/12/09 13:31:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Orbit
[2006/01/21 17:41:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Publish Providers
[2009/10/11 15:37:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Research In Motion
[2007/04/19 14:56:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\RipIt4Me
[2008/11/21 10:31:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Ruckus Network
[2007/04/21 20:03:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\SlySoft
[2009/09/20 12:17:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\StreamTorrent
[2006/03/18 00:23:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\System Requirements Lab
[2010/01/13 13:37:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\SystemRequirementsLab
[2008/11/25 21:27:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\tunebite
[2010/01/12 14:15:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Vso
[2009/09/06 04:42:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\wsInspector
[2010/01/13 02:29:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/12/05 18:33:46 | 00,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2004/03/10 16:16:33 | 00,077,824 | ---- | M] (Moodlogic) -- C:\catgen.exe
[2004/07/01 16:20:20 | 00,212,992 | ---- | M] (Moodlogic) -- C:\Updater.exe
[8 C:\*.tmp files -> C:\*.tmp -> ]


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 07:00:00 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2004/06/03 09:40:46 | 00,079,360 | R--- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\Documents and Settings\CazpahDaGost\Local Settings\Temp\Temporary Directory 1 for NF3_CK8S.zip\NF3_CK8S\Win2K-XP\IDE\Win2K\NvAtaBus.sys
[2004/06/03 09:40:46 | 00,079,360 | R--- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\Documents and Settings\CazpahDaGost\Local Settings\Temp\Temporary Directory 1 for NF3_CK8S.zip\NF3_CK8S\Win2K-XP\IDE\WinXP\NvAtaBus.sys
[2004/12/07 11:15:54 | 00,087,936 | ---- | M] (NVIDIA Corporation) MD5=E4F1F95A6BBBFBBFF9A713C6063AA2CB -- C:\WINDOWS\OemDir\nvatabus.sys
[2004/12/07 11:15:54 | 00,087,936 | ---- | M] (NVIDIA Corporation) MD5=E4F1F95A6BBBFBBFF9A713C6063AA2CB -- C:\WINDOWS\system32\drivers\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8E3D07DE
< End of report >


Extras Text:
OTL Extras logfile created on: 1/16/2010 6:43:29 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\CazpahDaGost\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 434.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 20.67 Gb Free Space | 13.87% Space Free | Partition Type: NTFS
Drive D: | 3.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAZPAH
Current User Name: CazpahDaGost
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-854245398-1364589140-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ruckus Player\Ruckus.exe" = C:\Program Files\Ruckus Player\Ruckus.exe:*:Enabled:Ruckus -- ( )
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Sonic Foundry\ACID 4.0\acid40.exe" = C:\Program Files\Sonic Foundry\ACID 4.0\acid40.exe:*:Disabled:ACID Pro 4.0 -- (Sonic Foundry, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03A26689-82BB-6FF9-1FDA-93B18547C8C8}" = Catalyst Control Center Graphics Full New
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{0886CCDD-DCBC-4A91-A22F-73179FE8F020}" = Avid EDL Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D048BE8-AE02-4CB5-A428-616B9848E4A7}" = BlackBerry Desktop Software 4.3
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A6A6531-08FC-47AD-BAC4-C41497E71033}" = Nero 7 Essentials
"{1D171963-9063-4423-898B-8EC4F1F190B7}" = EA downloader
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{21BC2871-0B96-9EC1-6CBF-A0B9BCBC0D89}" = Skins
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A38B5AA-EA84-4F87-9937-2FB23982243A}" = Sonic Foundry ACID 4.0
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E}" = ccc-core-static
"{410DB4DE-354D-F472-F66D-FCFF345A8960}" = Catalyst Control Center Graphics Previews Common
"{47813E93-F2A0-484A-838E-47EC1B28D190}" = Adobe Stock Photos 1.0
"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56DF5C9E-6392-46D3-B366-297B14E1DAAF}" = Bonjour Core for Windows
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.80
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5CB0F482-E860-4437-9EA3-AFD5B7C39D9A}" = Avid MediaLog
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = Roxio Media Manager
"{5F49D1B0-D558-F251-715E-A46CD0A30FED}" = ccc-utility
"{61BA2A5B-881D-EEF7-F5D2-5EFAF7CCBDA9}" = Catalyst Control Center Graphics Light
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{651E5E05-3416-E761-B919-37EF1F4272F9}" = Catalyst Control Center Core Implementation
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{71799E90-852D-4349-915B-99A692BBF07F}" = Avid Media Composer
"{7191C910-3F72-B2CA-0FA5-F0E78F5F8FD2}" = CCC Help English
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{734BB64A-5A3D-4624-867D-6358B7068496}" = Sound Blaster Live! 24-bit
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.3.104
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{799F774D-7D7B-4B5B-BCA4-E69F5BEEFC7B}" = Microsoft DirectX SDK (June 2006)
"{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}" = Final Draft
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{97A96172-A963-4A37-9FFB-DA6805BB915A}" = VeohTV BETA
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC5E685-58F5-4238-AA90-C803BCC6ED8B}" = Rapidshare Auto Downloader 3.8.2
"{9DE006A5-B384-4EDE-A760-0F217136B9EA}" = Microsoft IntelliType Pro 2.2
"{9F1D8E17-2AE6-4608-901D-42146D7D9C68}" = Digidesign Audio Drivers 8.0.1 for Avid
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AC5095A8-9C14-4941-B2D6-88DFB9DC9D5B}" = Avid FilmScribe
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2006
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}" = Windows Defender
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}" = Motorola Driver Installation 3.7.0
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{DA023D43-88B3-4F2E-B2E5-73D1F6B400B3}" = MetaSync
"{DB545558-38D0-4FC5-B185-D3D8250A89C1}" = Avid Log Exchange
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}" = Goombah Partner COM Server
"{EC33A4E0-A500-D4A2-C1F8-DCA04496B053}" = Catalyst Control Center Graphics Full Existing
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EE031CEC-748D-429A-9A5C-8C53CD193335}" = BlackBerry Device Software Updater
"{fe7ccec2-0f76-4921-bc75-caaf255cbbf2}" = DFX for Windows Media Player
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2007
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"All ATI Software" = ATI - Software Uninstall Utility
"AnyDVD" = AnyDVD
"AoA DVD Copy_is1" = AoA DVD Copy
"AOL Deskbar" = AOL Deskbar
"AOL Toolbar" = AOL Toolbar
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"a-squared Free_is1" = a-squared Free 4.5
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Premium Security Suite
"Bink and Smacker" = Bink and Smacker
"BlackBerry_{0D048BE8-AE02-4CB5-A428-616B9848E4A7}" = BlackBerry Desktop Software 4.3
"C1" = Waves C1+
"Collab" = Collab
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab Platinum_is1" = DVDFab Platinum 3.0.9.8
"DVDx_is1" = DVDx
"eMusic Promotion" = eMusic - 50 Free MP3 offer
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FL Studio 6" = FL Studio 6
"FLVPlayer" = FLV Player 1.3.3
"GoogleVideoPlayer" = Google Video Player
"Homepage" = Homepage Screen Saver
"hp instant support" = hp instant support
"hp officejet g series 1256671137" = hp officejet g series
"InstallShield_{1D171963-9063-4423-898B-8EC4F1F190B7}" = EA downloader
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{97A96172-A963-4A37-9FFB-DA6805BB915A}" = VeohTV BETA
"IsoBuster_is1" = IsoBuster 1.8
"i-Speeder" = i-Speeder
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.3.5 Full
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaProducts StartUp Organizer" = MetaProducts StartUp Organizer
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla (1.7.8)" = Mozilla (1.7.8)
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSI Live Update 3" = MSI Live Update 3
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"Pharos" = Pharos
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Ruckus Player" = Ruckus Player
"ShockwaveFlash" = Macromedia Flash Player 8
"SopCast" = SopCast 1.1.2
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Streamripper.Plugin" = Streamripper Plugin 1.61.24 (Remove only)
"StreamTorrent 1.0" = Stream Torrent 1.0
"SysInfo" = Creative System Information
"System Requirements Lab" = System Requirements Lab
"tunebite_is1" = tunebite 3.0.1.8
"TV Player" = Veetle TV Player 0.9.7
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.3.3.2
"Veetle TV Player" = Veetle TV Player 0.9.7
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual Labs for Physical Anthropology" = Virtual Labs for Physical Anthropology
"VLC media player" = VideoLAN VLC media player 0.8.5
"Waves Native Gold Bundle v3.01" = Waves Native Gold Bundle v3.01
"Waves Renaissance Collection 2" = Waves Renaissance Collection 2
"Winamp" = Winamp
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"x264 Revision 564 x264.nl" = x264 Revision 564 x264.nl (remove only)
"XBCD 360 Drivers (Win XP)" = XBCD 360 Drivers (Win XP)
"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows
"XChange 360_is1" = XChange 360
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zen V Series Media Explorer" = ZEN V Series Media Explorer
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-854245398-1364589140-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2a4f70b48f669acd" = AA3Deploy
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/7/2010 6:38:03 PM | Computer Name = CAZPAH | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 1/7/2010 6:40:52 PM | Computer Name = CAZPAH | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 1/7/2010 6:48:11 PM | Computer Name = CAZPAH | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 1/7/2010 6:48:11 PM | Computer Name = CAZPAH | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 1/12/2010 8:55:42 AM | Computer Name = CAZPAH | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 201 of d:\qxp_slp\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/12/2010 8:55:42 AM | Computer Name = CAZPAH | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 201 of d:\qxp_slp\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/13/2010 4:22:17 PM | Computer Name = CAZPAH | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/14/2010 8:36:45 PM | Computer Name = CAZPAH | Source = ESENT | ID = 490
Description = svchost (1492) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 1/14/2010 8:36:45 PM | Computer Name = CAZPAH | Source = ESENT | ID = 470
Description = Catalog Database (1492) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
is partially attached. Attachment stage: 3. Error: -1032.

Error - 1/16/2010 4:29:56 PM | Computer Name = CAZPAH | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3642, faulting module
3difr.x3d, version 9.1.0.0, fault address 0x0001d601.

[ Application Events ]
Error - 1/7/2010 6:38:03 PM | Computer Name = CAZPAH | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 1/7/2010 6:40:52 PM | Computer Name = CAZPAH | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 1/7/2010 6:48:11 PM | Computer Name = CAZPAH | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 1/7/2010 6:48:11 PM | Computer Name = CAZPAH | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 1/12/2010 8:55:42 AM | Computer Name = CAZPAH | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 201 of d:\qxp_slp\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/12/2010 8:55:42 AM | Computer Name = CAZPAH | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 201 of d:\qxp_slp\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/13/2010 4:22:17 PM | Computer Name = CAZPAH | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/14/2010 8:36:45 PM | Computer Name = CAZPAH | Source = ESENT | ID = 490
Description = svchost (1492) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 1/14/2010 8:36:45 PM | Computer Name = CAZPAH | Source = ESENT | ID = 470
Description = Catalog Database (1492) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
is partially attached. Attachment stage: 3. Error: -1032.

Error - 1/16/2010 4:29:56 PM | Computer Name = CAZPAH | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3642, faulting module
3difr.x3d, version 9.1.0.0, fault address 0x0001d601.

[ System Events ]
Error - 1/15/2010 8:59:36 AM | Computer Name = CAZPAH | Source = Service Control Manager | ID = 7024
Description = The Bonjour Service service terminated with service-specific error
4294967295 (0xFFFFFFFF).

Error - 1/15/2010 8:59:36 AM | Computer Name = CAZPAH | Source = WMPNetworkSvc | ID = 866293
Description = Service 'WMPNetworkSvc' did not start correctly because QueryService
encountered error '0x80004002'. In Windows Media Player, turn off media sharing,
and then turn it back on.

Error - 1/16/2010 9:30:22 AM | Computer Name = CAZPAH | Source = Service Control Manager | ID = 7024
Description = The Bonjour Service service terminated with service-specific error
4294967295 (0xFFFFFFFF).

Error - 1/16/2010 9:30:22 AM | Computer Name = CAZPAH | Source = WMPNetworkSvc | ID = 866293
Description = Service 'WMPNetworkSvc' did not start correctly because QueryService
encountered error '0x80004002'. In Windows Media Player, turn off media sharing,
and then turn it back on.

Error - 1/16/2010 4:34:18 PM | Computer Name = CAZPAH | Source = Service Control Manager | ID = 7024
Description = The Bonjour Service service terminated with service-specific error
4294967295 (0xFFFFFFFF).

Error - 1/16/2010 4:34:18 PM | Computer Name = CAZPAH | Source = WMPNetworkSvc | ID = 866293
Description = Service 'WMPNetworkSvc' did not start correctly because QueryService
encountered error '0x80004002'. In Windows Media Player, turn off media sharing,
and then turn it back on.

Error - 1/16/2010 4:37:25 PM | Computer Name = CAZPAH | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/16/2010 5:42:41 PM | Computer Name = CAZPAH | Source = WMPNetworkSvc | ID = 866293
Description = Service 'WMPNetworkSvc' did not start correctly because QueryService
encountered error '0x80004002'. In Windows Media Player, turn off media sharing,
and then turn it back on.

Error - 1/16/2010 5:42:43 PM | Computer Name = CAZPAH | Source = Service Control Manager | ID = 7024
Description = The Bonjour Service service terminated with service-specific error
4294967295 (0xFFFFFFFF).

Error - 1/16/2010 5:42:43 PM | Computer Name = CAZPAH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atapi PCIIde


< End of report >

[Rorschach112]

hi


Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O33 - MountPoints2\{6282c44d-ac12-11db-aa9d-000c76cdabe6}\Shell\AutoRun\command - "" = E:\
  O33 - MountPoints2\{6282c44d-ac12-11db-aa9d-000c76cdabe6}\Shell\open\Command - "" = rundll32.exe .\\kbd1y6.dll,InstallM
  O33 - MountPoints2\{9fbe9928-3136-11db-aa29-806d6172696f}\Shell - "" = AutoRun
  O33 - MountPoints2\{9fbe9928-3136-11db-aa29-806d6172696f}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{9fbe9928-3136-11db-aa29-806d6172696f}\Shell\AutoRun\command - "" = PC_Clickme.exe
  O33 - MountPoints2\{c9befb4f-1320-11da-bec1-806d6172696f}\Shell - "" = AutoRun
  O33 - MountPoints2\{c9befb4f-1320-11da-bec1-806d6172696f}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{c9befb4f-1320-11da-bec1-806d6172696f}\Shell\AutoRun\command - "" = D:\Setup.exe -- File not found
  O33 - MountPoints2\D\Shell - "" = AutoRun
  O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\run.exe -- File not found
  [2010/01/16 16:36:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
  [2010/01/16 16:16:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
  [2010/01/16 15:56:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
  [2010/01/16 15:29:43 | 00,000,001 | ---- | M] () -- C:\s
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

[cazpahdagost]

Hey, Rorschach112, thanks for the help.

I actually had already run Combofix prior to your telling me because I had seen it helped someone in another thread. I ran it again, however, after running OTL with the fixes you provided. I've included both logs in this post.

Here is LOG #1, the log I received when I ran Combofix prior to your help:


ComboFix 10-01-16.04 - CazpahDaGost 01/17/2010 10:24:49.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.632 [GMT -5:00]
Running from: c:\documents and settings\CazpahDaGost\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: NVIDIA Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\CazpahDaGost\Application Data\inst.exe
c:\documents and settings\CazpahDaGost\Application Data\Logs\scns.log
c:\recycler\S-1-5-21-1993962763-651377827-725345543-1003
C:\s
c:\windows\run.log
c:\windows\system32\18467.exe
c:\windows\system32\26500.exe
c:\windows\system32\6334.exe
c:\windows\system32\Data

.
((((((((((((((((((((((((( Files Created from 2009-12-17 to 2010-01-17 )))))))))))))))))))))))))))))))
.

2010-01-15 00:48 . 2010-01-15 00:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Pinnacle
2010-01-15 00:48 . 2010-01-15 00:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avid
2010-01-15 00:42 . 2010-01-15 00:42 -------- d-----w- c:\windows\system32\MEDIA
2010-01-15 00:42 . 2010-01-15 00:42 -------- d-----w- c:\program files\Common Files\PACE
2010-01-15 00:40 . 2010-01-15 00:40 -------- d-----w- C:\LicenseFiles
2010-01-15 00:39 . 2010-01-15 00:40 -------- d-----w- c:\program files\Common Files\Avid
2010-01-15 00:37 . 2010-01-15 00:37 -------- d-----w- c:\program files\Licenses
2010-01-15 00:37 . 2010-01-15 00:41 -------- d-----w- c:\program files\Avid
2010-01-15 00:29 . 2010-01-15 00:29 -------- d-----w- c:\program files\Common Files\SafeNet Sentinel
2010-01-15 00:28 . 2009-08-11 08:56 15872 ----a-w- c:\windows\system32\digicoin.dll
2010-01-15 00:28 . 2006-12-09 04:21 90112 ----a-w- c:\windows\system32\WinMMFix.dll
2010-01-15 00:28 . 2010-01-15 00:28 -------- d-----w- c:\program files\Common Files\Digidesign
2010-01-15 00:28 . 2001-06-27 15:13 217088 ----a-w- c:\windows\system32\qtmlClient.dll
2010-01-15 00:28 . 2009-08-11 11:46 16400 ----a-w- c:\windows\system32\drivers\diginet.sys
2010-01-15 00:28 . 2009-08-11 11:46 24080 ----a-w- c:\windows\system32\drivers\dgfwboot.sys
2010-01-15 00:28 . 2009-08-11 10:09 2554622 ----a-w- c:\windows\system32\dgfwdio.dll
2010-01-15 00:28 . 2009-08-11 08:55 176128 ----a-w- c:\windows\system32\Diomidi.DLL
2010-01-15 00:28 . 2009-08-11 08:54 196608 ----a-w- c:\windows\system32\Digi32.dll
2010-01-15 00:28 . 2009-08-11 08:53 368640 ----a-w- c:\windows\system32\digiasio.dll
2010-01-13 21:29 . 2008-09-05 00:22 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2010-01-13 21:29 . 2010-01-13 21:29 10134 ----a-r- c:\documents and settings\CazpahDaGost\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-01-13 21:29 . 2010-01-13 21:29 -------- d-----w- c:\program files\Microsoft WSE
2010-01-13 19:19 . 2010-01-13 19:19 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-13 19:15 . 2010-01-13 19:20 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-13 19:14 . 2010-01-13 21:08 -------- d-----w- c:\documents and settings\CazpahDaGost\Application Data\DAEMON Tools Lite
2010-01-13 19:13 . 2010-01-13 19:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite
2010-01-13 18:37 . 2010-01-13 18:37 -------- d-----w- c:\program files\SystemRequirementsLab
2010-01-13 18:37 . 2010-01-13 18:37 138240 ----a-w- c:\documents and settings\CazpahDaGost\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2010-01-13 18:37 . 2010-01-13 18:37 138240 ----a-w- c:\documents and settings\CazpahDaGost\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2010-01-13 18:37 . 2010-01-13 18:37 138240 ----a-w- c:\documents and settings\CazpahDaGost\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2010-01-13 18:37 . 2010-01-13 18:37 138240 ----a-w- c:\documents and settings\CazpahDaGost\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2010-01-13 18:37 . 2010-01-13 18:37 -------- d-----w- c:\documents and settings\CazpahDaGost\Application Data\SystemRequirementsLab
2010-01-12 13:45 . 2010-01-12 13:45 -------- d-----w- c:\documents and settings\CazpahDaGost\Application Data\Avira
2010-01-12 13:17 . 2010-01-16 20:26 -------- d-----w- c:\program files\JDownloader
2010-01-12 13:17 . 2010-01-12 13:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-12 13:17 . 2010-01-12 13:17 152576 ----a-w- c:\documents and settings\CazpahDaGost\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2010-01-01 21:42 . 2010-01-01 21:42 -------- d-----w- c:\program files\vSoft
2010-01-01 21:41 . 2009-12-14 14:28 -------- d---a-w- c:\program files\RAD3.8.2
2009-12-25 19:06 . 2007-03-19 01:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-12-25 19:06 . 2006-09-29 17:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-12-25 19:06 . 2006-09-29 17:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-12-25 19:06 . 2006-09-29 17:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-12-25 19:06 . 2006-05-12 00:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-12-25 19:06 . 2002-12-10 07:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-12-25 19:06 . 2009-12-25 19:06 -------- d-----w- c:\program files\VSO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 15:31 . 2009-08-28 21:32 -------- d-----w- c:\documents and settings\CazpahDaGost\Application Data\Logs
2010-01-17 02:38 . 2008-02-26 06:26 -------- d-----w- c:\program files\Lavasoft
2010-01-17 01:57 . 2006-01-20 00:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-16 21:58 . 2008-02-26 06:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-16 21:13 . 2009-06-27 21:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-16 21:13 . 2009-08-21 02:28 5115824 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-15 00:28 . 2006-01-21 22:42 -------- d-----w- c:\program files\DigiDesign
2010-01-15 00:28 . 2005-08-27 15:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-13 21:16 . 2006-08-29 21:01 -------- d-----w- c:\program files\Electronic Arts
2010-01-12 19:15 . 2007-04-18 03:28 -------- d-----w- c:\documents and settings\CazpahDaGost\Application Data\Vso
2010-01-12 13:17 . 2005-10-30 05:47 -------- d-----w- c:\program files\Java
2010-01-11 16:05 . 2007-04-12 18:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DVD Shrink
2010-01-07 21:07 . 2009-06-27 21:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-06-27 21:14 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-25 19:06 . 2007-04-18 03:28 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-25 19:06 . 2007-04-18 03:28 47360 ----a-w- c:\documents and settings\CazpahDaGost\Application Data\pcouffin.sys
2009-12-25 19:06 . 2007-04-18 03:28 47360 ----a-w- c:\documents and settings\CazpahDaGost\Application Data\pcouffin.sys
2009-12-18 21:18 . 2005-08-28 19:06 -------- d-----w- c:\program files\Creative
2009-12-18 21:18 . 2008-08-20 14:52 -------- d--h--w- c:\program files\Creative Installation Information
2009-12-09 18:31 . 2009-06-27 21:07 -------- d-----w- c:\documents and settings\CazpahDaGost\Application Data\Orbit
2009-12-05 07:01 . 2009-11-07 18:11 -------- d-----w- c:\documents and settings\CazpahDaGost\Application Data\Move Networks
2009-11-17 05:57 . 2009-11-17 05:57 675840 ----a-w- c:\windows\system32\mmclientVC7.dll
2009-11-17 05:57 . 2009-11-17 05:57 32768 ----a-w- c:\windows\system32\AvidQTUpdaterVC7.dll
2009-11-17 05:30 . 2009-11-17 05:30 45056 ----a-w- c:\windows\system32\wnaspi32.dll
2009-11-17 05:30 . 2009-11-17 05:30 25244 ----a-w- c:\windows\system32\drivers\aspi32.sys
2009-11-17 05:24 . 2009-11-17 05:24 7962624 ----a-w- c:\windows\system32\SVI.dll
2009-11-17 05:15 . 2009-11-17 05:15 184320 ----a-w- c:\windows\system32\libguide40.dll
2009-11-17 05:15 . 2009-11-17 05:15 122880 ----a-w- c:\windows\system32\PtSSE2.dll
2009-11-17 05:15 . 2009-11-17 05:15 2981888 ----a-w- c:\windows\system32\iplw7.dll
2009-11-17 05:15 . 2009-11-17 05:15 2531328 ----a-w- c:\windows\system32\iplP6.dll
2009-11-17 05:15 . 2009-11-17 05:15 2502656 ----a-w- c:\windows\system32\iplPX.dll
2009-11-17 05:15 . 2009-11-17 05:15 53248 ----a-w- c:\windows\system32\ipl.dll
2009-11-17 05:15 . 2009-11-17 05:15 2973696 ----a-w- c:\windows\system32\iplA6.dll
2009-11-17 05:15 . 2009-11-17 05:15 2785280 ----a-w- c:\windows\system32\iplM6.dll
2009-11-17 05:15 . 2009-11-17 05:15 2686976 ----a-w- c:\windows\system32\iplM5.dll
2009-11-17 05:15 . 2009-11-17 05:15 19968 ----a-w- c:\windows\system32\Cpuinf32.dll
2009-11-17 04:46 . 2009-11-17 04:46 56832 ----a-w- c:\windows\system32\drivers\AvidXPSerial.sys
2009-11-17 04:45 . 2009-11-17 04:45 102400 ----a-w- c:\windows\system32\Dac32.dll
2009-11-17 04:39 . 2009-11-17 04:39 614400 ----a-w- c:\windows\system32\AvOmfToolkit.dll
2009-11-17 04:39 . 2009-11-17 04:39 61440 ----a-w- c:\windows\system32\libjpegV4.dll
2009-11-17 04:37 . 2009-11-17 04:37 66560 ----a-w- c:\windows\system32\ntrights.exe
2009-11-07 19:21 . 2009-10-11 17:04 260944 ----a-w- c:\documents and settings\CazpahDaGost\Application Data\SopCast\adv\SopAdver.exe
2009-11-07 18:11 . 2009-11-07 18:11 143976 ----a-w- c:\documents and settings\CazpahDaGost\Application Data\Move Networks\uninstall.exe
2009-11-07 18:11 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\CazpahDaGost\Application Data\Move Networks\plugins\npqmp071701000002.dll
2007-10-01 01:55 . 2005-10-17 15:54 2601 --sha-w- c:\windows\system32\mmf(2)(2).sys
2007-10-01 02:12 . 2005-10-17 15:54 2601 --sha-w- c:\windows\system32\mmf(2)(3).sys
2007-09-30 08:21 . 2005-10-17 15:54 2601 --sha-w- c:\windows\system32\mmf(2)(4).sys
2007-10-01 01:40 . 2005-10-17 15:54 2601 --sha-w- c:\windows\system32\mmf(3)(2).sys
2007-09-27 12:17 . 2005-10-17 15:54 2601 --sha-w- c:\windows\system32\mmf(3)(3).sys
2007-09-30 08:16 . 2005-10-17 15:54 2601 --sha-w- c:\windows\system32\mmf(3)(4).sys
2007-10-01 01:37 . 2005-10-17 15:54 2601 --sha-w- c:\windows\system32\mmf(4)(2).sys
2007-09-28 18:50 . 2005-10-17 15:54 2601 --sha-w- c:\windows\system32\mmf(4)(3).sys
2008-04-06 02:10 . 2005-10-17 15:54 2601 --sha-w- c:\windows\system32\mmf.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-05-30 868352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2009-08-11 77824]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
hp instant support.lnk - c:\program files\Hewlett-Packard\AiO\HPis\bin\matcli.exe [2009-10-27 208896]
HPAiODevice(hp officejet g series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe [2002-11-20 151552]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave3"=Digi32.dll
"MIDI3"=diomidi.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0sprestrt\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-01 15:21 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-07-18 22:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Ruckus Player\\Ruckus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Sonic Foundry\\ACID 4.0\\acid40.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [9/24/2009 5:48 PM 97608]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 3:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 3:06 PM 74480]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [9/24/2009 5:48 PM 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [9/24/2009 5:48 PM 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/24/2009 5:48 PM 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [9/24/2009 5:48 PM 434945]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [1/14/2010 7:28 PM 16400]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [9/24/2009 5:48 PM 69632]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/13/2010 2:19 PM 691696]
S3 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [8/28/2009 5:50 PM 980512]
S3 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [10/17/2005 10:54 AM 2560]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [6/28/2009 1:02 AM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [6/28/2009 1:02 AM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/28/2009 1:02 AM 23680]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 3:06 PM 7408]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [9/10/2005 6:02 PM 19677]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [4/3/2006 5:12 PM 14032]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 22:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 22:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://forum.videoediting.ru/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: aol.com\free
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\CazpahDaGost\Application Data\Mozilla\Firefox\Profiles\49atvsha.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: c:\documents and settings\CazpahDaGost\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLC\npvlc.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.12.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-ATICCC - c:\program files\ATI Technologies\ATI.ACE\cli.exe
MSConfigStartUp-AOL Fast Start - c:\progra~1\AMERIC~1.0\AOL.EXE
ActiveSetup-ccc-core-static - msiexec
AddRemove-C1 - c:\progra~1\Waves\Plug-Ins\Unwise32
AddRemove-Virtual Labs for Physical Anthropology - c:\windows\unvise32.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 10:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74099617-91C0-6CB0-475BC8650FC6C929}\{C2CB2410-92BB-FC4E-376913EB15620FA4}\{B6CDFCFD-0A38-7380-A1288DE48E078F85}*]
"SE4K5INHHR1EDZYY15BVZC6TKG1"=hex:01,00,01,00,00,00,00,00,7e,c3,c3,8e,86,b4,21,
5e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DF771B98-AC91-34D8-F0EE49DCFFD7BEDE}\{02C90D3B-A401-D38F-0F8BFA977E327E75}\{1704AFF6-6AA2-2F70-F8B468ED602E6063}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,47,e4,75,
72,b9,33,5b,7b,fe,5b,0a,a2,63,1c,a9,66,e3,4b,21,99,48,78,53,43,89,63,ae,61,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,42,54,3b,7e,24,3e,19,f8
"2"=hex:f1,df,16,de,80,08,0e,2a,d1,38,b5,6f,94,ca,dc,d2,b3,e8,d2,40,6c,6f,61,
5e,d2,5e,7f,21,14,b5,b2,29
"3"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,f2,55,76,c8,bc,53,92,25,3f,d1,b6,bc,00,35,73,43,96,90,79,f6,5b,97,35,47,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\3A71B9BC7A708556C64E1FFE8777C71C]
"1"=hex:c0,52,20,b1,47,91,30,5f,58,6a,ea,d4,ff,71,4b,c6,a8,87,6f,5a,78,c6,5d,
5b,22,26,64,2f,88,eb,a4,7b
"2"=hex:ec,dc,99,df,a4,fc,c3,72
"3"=hex:7b,a0,e3,5c,42,10,29,92,7a,85,75,f6,99,e8,27,7d,80,e9,fa,eb,5c,c6,49,
82,97,5c,d9,56,84,43,13,bd,d1,09,c6,bb,4e,d5,fa,eb,9d,05,7f,15,94,af,d1,26,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:c0,52,20,b1,47,91,30,5f,58,6a,ea,d4,ff,71,4b,c6,a8,87,6f,5a,78,c6,5d,
5b,8c,75,7b,03,a2,57,45,f3,a4,28,e8,25,8b,6e,a5,fe,e6,74,42,64,f5,1f,13,7f,\
"7"=hex:9c,0f,26,c5,43,55,e2,9e,79,40,de,a7,ca,bc,f3,99,99,4d,91,38,55,4f,0b,
a5,8f,9b,e5,fc,d6,5f,45,dd,f6,df,ab,53,85,3c,a2,16,6d,58,d5,44,e1,b2,db,fb,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,6b,8d,dd,0b,84,72,f6,
f2,3d,a6,3c,a0,07,7d,db,f3,88,a8,6c,3f,5c,60,94,94,50,c0,20,2f,ff,27,64,21,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:80,a3,68,26,f0,c5,60,66,4c,bb,68,77,c9,0f,7a,3f,64,4b,5b,7e,6a,59,23,
83,15,4c,34,e9,74,b6,5e,2a,91,4d,a4,fd,10,f8,25,e2,b8,a5,58,18,c1,21,40,c5,\
"13"=hex:8e,85,01,dd,08,93,cb,62,9d,d2,74,54,a7,d3,35,86,44,94,36,cd,81,ce,b5,
d8
"14"=hex:2c,e5,37,c4,79,e4,f5,f4
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:3f,ff,4a,54,76,fa,4d,a3,42,a3,68,49,3b,0f,d0,6d
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:83,e2,22,c7,43,f1,36,d1,e8,ac,76,64,d3,0a,52,2a,ab,ad,f9,a4,1c,d3,01,
fe,18,9a,02,57,d0,b2,0e,2d,f1,83,66,77,23,ba,0c,3f,73,2c,47,89,ec,be,9d,bb,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="84EFCFBF246BC443979F647316BF4EF65A5380E3A648DB4EEB7C6C6AB90FB1D819512CF9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BE
CC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3D9DB7CE019D40AA5CC038D530D6EB345290B4
1C6D2476845F38B59B2F520F59CDBB046607A2246EF7EA3DE2F85E507524512C082BFDFADB418FA2C0B4AEB60F820DEA20842DBB21067B45E7526BEF2
F132577D89C0BF6A0620F6A5C44A761B4F865D776A769DCDC14C10B0759F47B692139ACE6DC9E8D06CB3825C300F40589143C05D73B966C8DFCCC0AEF
A2E0EDDCC24EA93EE661E931ABA2317E6EA29C405A9CF1EBEE4556133F3A820427E2C03790B98E9D1FCDB4BD5378AE49F714A27F7726DE0B545B08C00
2BF775AC287F31A48E4BEF7C7B3A138B9770495ED7B9C62B98BD3C2E313F45F0B252F3C362D0D994BCD61760DB7E42278F2D98601E20EF8151499D579
F8942BC646B5A9A58590401C85E5737B51B6F34DCE9CF4C62700451F9A3EB8D4F0605345155A551B1A8D0865AF787E044CD3941A88FD6D3C79813F921
09416972F577D3A142FA400C210E47488905BFBC8FCE4E4ABF3B13E5D24CF50F5B3C84ABD7B40FDDB0BB227AF2F3BB85A64811D3976B458DBB5B40F2C
7C5859E473E459FA54A70B998A4D43E380624808701D056709CB404EC2A0551325AB550774301318EBB3828C8C776EB59FA9DA07F40DB46D82E210CE5
A509C123B0F8E1D96A1A99A51D9280A33E724CEACD14F5FF66591BBB0A8DDBA02D4D0FE613F75F781E837DD17806479678A44AF4C8D24B0BD6CE495EB
3F628404724680BB6A1A021EE6358D5504C15752FA14AA25880029551E5D1489BC7DB2EC233296F434B6341CB1832D23357134648DBB66E25EAB900E2
B8A21E82A2E5F0D91B00F3B33A49E6D12E41122574633CF48C75EB42193BE7C7663FEE8079D39FA1F3E90BEF1E264C60502637422390F0DE6A8604F55
C822F796BF3F6E4492010EE03F1336F014BC243DE5A34043E591D656320F69F27FBA1DD8DE49E2C7FD0E659EF7E3DA21FE734220802130590C9CAB391
D613FE8911FCC3BDFDBB2EB6F4B60D414A26A6C0FE6A3C62303F3F70EA34F6606A211167B772A71CA83CD7F1EB6A5B4A24626AA538B8E0007C2BC2876
2F4869EC71A1515E811D6407A62AC463621E229395D42DFDE78D4BC62D41E5EF5CE27FB7BFB8E3FE0ED22DE27BBE6F3D73F5B5BFADBE366717ED5F636
63D21CA59AC1B2C56A189C6833B1E8E8D892CCD269EBBE00032FB0848C325BD62EE3EFAEBF964794EAC7341D90BB8A13D0B175A47CEB51551022B80BF
E1BA1E6B9894976C62342D96ACC620A0B73514BE47C24D3AFCD6DEB9816114D36571B11F02705CC6BF993E72FA9D3976017F4319C6363573E88924"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-01-17 10:33:29
ComboFix-quarantined-files.txt 2010-01-17 15:33

Pre-Run: 21,942,116,352 bytes free
Post-Run: 23,376,584,704 bytes free

- - End Of File - - B6DDFCDB83E24364BE08DAE8A0B911C8





And here is Log #2, the log I received following the fixes your provided in OTL:

ComboFix 10-01-16.04 - CazpahDaGost 01/17/2010 11:07:44.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.627 [GMT -5:00]
Running from: c:\documents and settings\CazpahDaGost\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: NVIDIA Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((( Files Created from 2009-12-17 to 2010-01-17 )))))))))))))))))))))))))))))))
.

2010-01-17 15:52 . 2010-01-17 15:52 -------- d-----w- C:\_OTL
2010-01-15 00:48 . 2010-01-15 00:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Pinnacle
2010-01-15 00:48 . 2010-01-15 00:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avid
2010-01-15 00:42 . 2010-01-15 00:42 -------- d-----w- c:\windows\system32\MEDIA
2010-01-15 00:42 . 2010-01-15 00:42 -------- d-----w- c:\program files\Common Files\PACE
2010-01-15 00:40 . 2010-01-15 00:40 -------- d-----w- C:\LicenseFiles
2010-01-15 00:39 . 2010-01-15 00:40 -------- d-----w- c:\program files\Common Files\Avid
2010-01-15 00:37 . 2010-01-15 00:37 -------- d-----w- c:\program files\Licenses
2010-01-15 00:37 . 2010-01-15 00:41 -------- d-----w- c:\program files\Avid
2010-01-15 00:29 . 2010-01-15 00:29 -------- d-----w- c:\program files\Common Files\SafeNet Sentinel
2010-01-15 00:28 . 2009-08-11 08:56 15872 ----a-w- c:\windows\system32\digicoin.dll
2010-01-15 00:28 . 2006-12-09 04:21 90112 ----a-w- c:\windows\system32\WinMMFix.dll
2010-01-15 00:28 . 2010-01-15 00:28 -------- d-----w- c:\program files\Common Files\Digidesign
2010-01-15 00:28 . 2001-06-27 15:13 217088 ----a-w- c:\windows\system32\qtmlClient.dll
2010-01-15 00:28 . 2009-08-11 11:46 16400 ----a-w- c:\windows\system32\drivers\diginet.sys
2010-01-15 00:28 . 2009-08-11 11:46 24080 ----a-w- c:\windows\system32\drivers\dgfwboot.sys
2010-01-15 00:28 . 2009-08-11 10:09 2554622 ----a-w- c:\windows\system32\dgfwdio.dll
2010-01-15 00:28 . 2009-08-11 08:55 176128 ----a-w- c:\windows\system32\Diomidi.DLL
2010-01-15 00:28 . 2009-08-11 08:54 196608 ----a-w- c:\windows\system32\Digi32.dll
2010-01-15 00:28 . 2009-08-11 08:53 368640 ----a-w- c:\windows\system32\digiasio.dll
2010-01-13 21:29 . 2008-09-05 00:22 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2010-01-13 21:29 . 2010-01-13 21:29 10134 ----a-r- c:\documents and settings\CazpahDaGost\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-01-13 21:29 . 2010-01-13 21:29 -------- d-----w- c:\program files\Microsoft WSE
2010-01-13 19:19 . 2010-01-13 19:19 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-13 19:15 . 2010-01-13 19:20 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-13 19:14 . 2010-01-13 21:08 -------- d-----w- c:\documents and settings\CazpahDaGost\Application Data\DAEMON Tools Lite
2010-01-13 19:13 . 2010-01-13 19:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite
2010-01-13 18:37 . 2010-01-13 18:37 -------- d-----w- c:\program files\SystemRequirementsLab
2010-01-13 18:37 . 2010-01-13 18:37 138240 ----a-w- c:\documents and settings\CazpahDaGost\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2010-01-13 18:37 . 2010-01-13 18:37 138240 ----a-w- c:\documents and settings\CazpahDaGost\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2010-01-13 18:37 . 2010-01-13 18:37 138240 ----a-w- c:\documents and settings\CazpahDaGost\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2010-01-13 18:37 . 2010-01-13 18:37 138240 ----a-w- c:\documents and settings\CazpahDaGost\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2010-01-13 18:37 . 2010-01-13 18:37 -------- d-----w- c:\documents and settings\CazpahDaGost\Application Data\SystemRequirementsLab
2010-01-12 13:45 . 2010-01-12 13:45 -------- d-----w- c:\documents and settings\CazpahDaGost\Application Data\Avira
2010-01-12 13:17 . 2010-01-16 20:26 -------- d-----w- c:\program files\JDownloader
2010-01-12 13:17 . 2010-01-12 13:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-12 13:17 . 2010-01-12 13:17 152576 ----a-w- c:\documents and settings\CazpahDaGost\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2010-01-01 21:42 . 2010-01-01 21:42 -------- d-----w- c:\program files\vSoft
2010-01-01 21:41 . 2009-12-14 14:28 -------- d---a-w- c:\program files\RAD3.8.2
2009-12-25 19:06 . 2007-03-19 01:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-12-25 19:06 . 2006-09-29 17:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-12-25 19:06 . 2006-09-29 17:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-12-25 19:06 . 2006-09-29 17:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-12-25 19:06 . 2006-05-12 00:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-12-25 19:06 . 2002-12-10 07:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-12-25 19:06 . 2009-12-25 19:06 -------- d-----w- c:\program files\VSO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 15:41 . 2006-09-04 04:11 -------- d-----w- c:\documents and settings\CazpahDaGost\Application Data\wsInspector
2010-01-17 15:31 . 2009-08-28 21:32 -------- d-----w- c:\documents and settings\CazpahDaGost\Application Data\Logs
2010-01-17 02:38 . 2008-02-26 06:26 -------- d-----w- c:\program files\Lavasoft
2010-01-17 01:57 . 2006-01-20 00:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-16 21:58 . 2008-02-26 06:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-16 21:13 . 2009-06-27 21:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-16 21:13 . 2009-08-21 02:28 5115824 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-15 00:28 . 2006-01-21 22:42 -------- d-----w- c:\program files\DigiDesign
2010-01-15 00:28 . 2005-08-27 15:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-13 21:16 . 2006-08-29 21:01 -------- d-----w- c:\program files\Electronic Arts
2010-01-12 19:15 . 2007-04-18 03:28 -------- d-----w- c:\documents and settings\CazpahDaGost\Application Data\Vso
2010-01-12 13:17 . 2005-10-30 05:47 -------- d-----w- c:\program files\Java
2010-01-11 16:05 . 2007-04-12 18:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DVD Shrink
2010-01-07 21:07 . 2009-06-27 21:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-06-27 21:14 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-25 19:06 . 2007-04-18 03:28 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-25 19:06 . 2007-04-18 03:28 47360 ----a-w- c:\documents and settings\CazpahDaGost\Application Data\pcouffin.sys
2009-12-25 19:06 . 2007-04-18 03:28 47360 ----a-w- c:\documents and settings\CazpahDaGost\Application Data\pcouffin.sys
2009-12-18 21:18 . 2005-08-28 19:06 -------- d-----w- c:\program files\Creative
2009-12-18 21:18 . 2008-08-20 14:52 -------- d--h--w- c:\program files\Creative Installation Information
2009-12-09 18:31 . 2009-06-27 21:07 -------- d-----w- c:\documents and settings\CazpahDaGost\Application Data\Orbit
2009-12-05 07:01 . 2009-11-07 18:11 -------- d-----w- c:\documents and settings\CazpahDaGost\Application Data\Move Networks
2009-11-17 05:57 . 2009-11-17 05:57 675840 ----a-w- c:\windows\system32\mmclientVC7.dll
2009-11-17 05:57 . 2009-11-17 05:57 32768 ----a-w- c:\windows\system32\AvidQTUpdaterVC7.dll
2009-11-17 05:30 . 2009-11-17 05:30 45056 ----a-w- c:\windows\system32\wnaspi32.dll
2009-11-17 05:30 . 2009-11-17 05:30 25244 ----a-w- c:\windows\system32\drivers\aspi32.sys
2009-11-17 05:24 . 2009-11-17 05:24 7962624 ----a-w- c:\windows\system32\SVI.dll
2009-11-17 05:15 . 2009-11-17 05:15 184320 ----a-w- c:\windows\system32\libguide40.dll
2009-11-17 05:15 . 2009-11-17 05:15 122880 ----a-w- c:\windows\system32\PtSSE2.dll
2009-11-17 05:15 . 2009-11-17 05:15 2981888 ----a-w- c:\windows\system32\iplw7.dll
2009-11-17 05:15 . 2009-11-17 05:15 2531328 ----a-w- c:\windows\system32\iplP6.dll
2009-11-17 05:15 . 2009-11-17 05:15 2502656 ----a-w- c:\windows\system32\iplPX.dll
2009-11-17 05:15 . 2009-11-17 05:15 53248 ----a-w- c:\windows\system32\ipl.dll
2009-11-17 05:15 . 2009-11-17 05:15 2973696 ----a-w- c:\windows\system32\iplA6.dll
2009-11-17 05:15 . 2009-11-17 05:15 2785280 ----a-w- c:\windows\system32\iplM6.dll
2009-11-17 05:15 . 2009-11-17 05:15 2686976 ----a-w- c:\windows\system32\iplM5.dll
2009-11-17 05:15 . 2009-11-17 05:15 19968 ----a-w- c:\windows\system32\Cpuinf32.dll
2009-11-17 04:46 . 2009-11-17 04:46 56832 ----a-w- c:\windows\system32\drivers\AvidXPSerial.sys
2009-11-17 04:45 . 2009-11-17 04:45 102400 ----a-w- c:\windows\system32\Dac32.dll
2009-11-17 04:39 . 2009-11-17 04:39 614400 ----a-w- c:\windows\system32\AvOmfToolkit.dll
2009-11-17 04:39 . 2009-11-17 04:39 61440 ----a-w- c:\windows\system32\libjpegV4.dll
2009-11-17 04:37 . 2009-11-17 04:37 66560 ----a-w- c:\windows\system32\ntrights.exe
2009-11-07 19:21 . 2009-10-11 17:04 260944 ----a-w- c:\documents and settings\CazpahDaGost\Application Data\SopCast\adv\SopAdver.exe
2009-11-07 18:11 . 2009-11-07 18:11 143976 ----a-w- c:\documents and settings\CazpahDaGost\Application Data\Move Networks\uninstall.exe
2009-11-07 18:11 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\CazpahDaGost\Application Data\Move Networks\plugins\npqmp071701000002.dll
2007-10-01 01:55 . 2005-10-17 15:54 2601 --sha-w- c:\windows\system32\mmf(2)(2).sys
2007-10-01 02:12 . 2005-10-17 15:54 2601 --sha-w- c:\windows\system32\mmf(2)(3).sys
2007-09-30 08:21 . 2005-10-17 15:54 2601 --sha-w- c:\windows\system32\mmf(2)(4).sys
2007-10-01 01:40 . 2005-10-17 15:54 2601 --sha-w- c:\windows\system32\mmf(3)(2).sys
2007-09-27 12:17 . 2005-10-17 15:54 2601 --sha-w- c:\windows\system32\mmf(3)(3).sys
2007-09-30 08:16 . 2005-10-17 15:54 2601 --sha-w- c:\windows\system32\mmf(3)(4).sys
2007-10-01 01:37 . 2005-10-17 15:54 2601 --sha-w- c:\windows\system32\mmf(4)(2).sys
2007-09-28 18:50 . 2005-10-17 15:54 2601 --sha-w- c:\windows\system32\mmf(4)(3).sys
2008-04-06 02:10 . 2005-10-17 15:54 2601 --sha-w- c:\windows\system32\mmf.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-01-17_15.32.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-17 16:06 . 2010-01-17 16:06 16384 c:\windows\Temp\Perflib_Perfdata_134.dat
+ 2001-07-14 22:32 . 2001-07-14 22:32 69632 c:\windows\setupupd\temp\wsdueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
hp instant support.lnk - c:\program files\Hewlett-Packard\AiO\HPis\bin\matcli.exe [2009-10-27 208896]
HPAiODevice(hp officejet g series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe [2002-11-20 151552]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave3"=Digi32.dll
"MIDI3"=diomidi.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0sprestrt\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-01 15:21 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-07-18 22:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Ruckus Player\\Ruckus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Sonic Foundry\\ACID 4.0\\acid40.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [9/24/2009 5:48 PM 97608]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 3:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 3:06 PM 74480]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [9/24/2009 5:48 PM 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [9/24/2009 5:48 PM 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/24/2009 5:48 PM 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [9/24/2009 5:48 PM 434945]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [1/14/2010 7:28 PM 16400]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [9/24/2009 5:48 PM 69632]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/13/2010 2:19 PM 691696]
S3 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [8/28/2009 5:50 PM 980512]
S3 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [10/17/2005 10:54 AM 2560]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [6/28/2009 1:02 AM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [6/28/2009 1:02 AM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/28/2009 1:02 AM 23680]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 3:06 PM 7408]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [9/10/2005 6:02 PM 19677]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [4/3/2006 5:12 PM 14032]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 22:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 22:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://forum.videoediting.ru/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: aol.com\free
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\CazpahDaGost\Application Data\Mozilla\Firefox\Profiles\49atvsha.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: c:\documents and settings\CazpahDaGost\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLC\npvlc.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.12.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 11:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74099617-91C0-6CB0-475BC8650FC6C929}\{C2CB2410-92BB-FC4E-376913EB15620FA4}\{B6CDFCFD-0A38-7380-A1288DE48E078F85}*]
"SE4K5INHHR1EDZYY15BVZC6TKG1"=hex:01,00,01,00,00,00,00,00,7e,c3,c3,8e,86,b4,21,
5e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DF771B98-AC91-34D8-F0EE49DCFFD7BEDE}\{02C90D3B-A401-D38F-0F8BFA977E327E75}\{1704AFF6-6AA2-2F70-F8B468ED602E6063}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,47,e4,75,
72,b9,33,5b,7b,fe,5b,0a,a2,63,1c,a9,66,e3,4b,21,99,48,78,53,43,89,63,ae,61,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,42,54,3b,7e,24,3e,19,f8
"2"=hex:f1,df,16,de,80,08,0e,2a,d1,38,b5,6f,94,ca,dc,d2,b3,e8,d2,40,6c,6f,61,
5e,d2,5e,7f,21,14,b5,b2,29
"3"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,f2,55,76,c8,bc,53,92,25,3f,d1,b6,bc,00,35,73,43,96,90,79,f6,5b,97,35,47,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\3A71B9BC7A708556C64E1FFE8777C71C]
"1"=hex:c0,52,20,b1,47,91,30,5f,58,6a,ea,d4,ff,71,4b,c6,a8,87,6f,5a,78,c6,5d,
5b,22,26,64,2f,88,eb,a4,7b
"2"=hex:ec,dc,99,df,a4,fc,c3,72
"3"=hex:7b,a0,e3,5c,42,10,29,92,7a,85,75,f6,99,e8,27,7d,80,e9,fa,eb,5c,c6,49,
82,97,5c,d9,56,84,43,13,bd,d1,09,c6,bb,4e,d5,fa,eb,9d,05,7f,15,94,af,d1,26,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:c0,52,20,b1,47,91,30,5f,58,6a,ea,d4,ff,71,4b,c6,a8,87,6f,5a,78,c6,5d,
5b,8c,75,7b,03,a2,57,45,f3,a4,28,e8,25,8b,6e,a5,fe,e6,74,42,64,f5,1f,13,7f,\
"7"=hex:9c,0f,26,c5,43,55,e2,9e,79,40,de,a7,ca,bc,f3,99,99,4d,91,38,55,4f,0b,
a5,8f,9b,e5,fc,d6,5f,45,dd,f6,df,ab,53,85,3c,a2,16,6d,58,d5,44,e1,b2,db,fb,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,6b,8d,dd,0b,84,72,f6,
f2,3d,a6,3c,a0,07,7d,db,f3,88,a8,6c,3f,5c,60,94,94,50,c0,20,2f,ff,27,64,21,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:80,a3,68,26,f0,c5,60,66,4c,bb,68,77,c9,0f,7a,3f,64,4b,5b,7e,6a,59,23,
83,15,4c,34,e9,74,b6,5e,2a,91,4d,a4,fd,10,f8,25,e2,b8,a5,58,18,c1,21,40,c5,\
"13"=hex:8e,85,01,dd,08,93,cb,62,9d,d2,74,54,a7,d3,35,86,44,94,36,cd,81,ce,b5,
d8
"14"=hex:2c,e5,37,c4,79,e4,f5,f4
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:3f,ff,4a,54,76,fa,4d,a3,42,a3,68,49,3b,0f,d0,6d
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:83,e2,22,c7,43,f1,36,d1,e8,ac,76,64,d3,0a,52,2a,ab,ad,f9,a4,1c,d3,01,
fe,18,9a,02,57,d0,b2,0e,2d,f1,83,66,77,23,ba,0c,3f,73,2c,47,89,ec,be,9d,bb,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="84EFCFBF246BC443979F647316BF4EF65A5380E3A648DB4EEB7C6C6AB90FB1D819512CF9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BE
CC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3D9DB7CE019D40AA5CC038D530D6EB345290B4
1C6D2476845F38B59B2F520F59CDBB046607A2246EF7EA3DE2F85E507524512C082BFDFADB418FA2C0B4AEB60F820DEA20842DBB21067B45E7526BEF2
F132577D89C0BF6A0620F6A5C44A761B4F865D776A769DCDC14C10B0759F47B692139ACE6DC9E8D06CB3825C300F40589143C05D73B966C8DFCCC0AEF
A2E0EDDCC24EA93EE661E931ABA2317E6EA29C405A9CF1EBEE4556133F3A820427E2C03790B98E9D1FCDB4BD5378AE49F714A27F7726DE0B545B08C00
2BF775AC287F31A48E4BEF7C7B3A138B9770495ED7B9C62B98BD3C2E313F45F0B252F3C362D0D994BCD61760DB7E42278F2D98601E20EF8151499D579
F8942BC646B5A9A58590401C85E5737B51B6F34DCE9CF4C62700451F9A3EB8D4F0605345155A551B1A8D0865AF787E044CD3941A88FD6D3C79813F921
09416972F577D3A142FA400C210E47488905BFBC8FCE4E4ABF3B13E5D24CF50F5B3C84ABD7B40FDDB0BB227AF2F3BB85A64811D3976B458DBB5B40F2C
7C5859E473E459FA54A70B998A4D43E380624808701D056709CB404EC2A0551325AB550774301318EBB3828C8C776EB59FA9DA07F40DB46D82E210CE5
A509C123B0F8E1D96A1A99A51D9280A33E724CEACD14F5FF66591BBB0A8DDBA02D4D0FE613F75F781E837DD17806479678A44AF4C8D24B0BD6CE495EB
3F628404724680BB6A1A021EE6358D5504C15752FA14AA25880029551E5D1489BC7DB2EC233296F434B6341CB1832D23357134648DBB66E25EAB900E2
B8A21E82A2E5F0D91B00F3B33A49E6D12E41122574633CF48C75EB42193BE7C7663FEE8079D39FA1F3E90BEF1E264C60502637422390F0DE6A8604F55
C822F796BF3F6E4492010EE03F1336F014BC243DE5A34043E591D656320F69F27FBA1DD8DE49E2C7FD0E659EF7E3DA21FE734220802130590C9CAB391
D613FE8911FCC3BDFDBB2EB6F4B60D414A26A6C0FE6A3C62303F3F70EA34F6606A211167B772A71CA83CD7F1EB6A5B4A24626AA538B8E0007C2BC2876
2F4869EC71A1515E811D6407A62AC463621E229395D42DFDE78D4BC62D41E5EF5CE27FB7BFB8E3FE0ED22DE27BBE6F3D73F5B5BFADBE366717ED5F636
63D21CA59AC1B2C56A189C6833B1E8E8D892CCD269EBBE00032FB0848C325BD62EE3EFAEBF964794EAC7341D90BB8A13D0B175A47CEB51551022B80BF
E1BA1E6B9894976C62342D96ACC620A0B73514BE47C24D3AFCD6DEB9816114D36571B11F02705CC6BF993E72FA9D3976017F4319C6363573E88924"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1048)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-01-17 11:15:14
ComboFix-quarantined-files.txt 2010-01-17 16:15
ComboFix2.txt 2010-01-17 15:33

Pre-Run: 23,622,283,264 bytes free
Post-Run: 23,589,957,632 bytes free

- - End Of File - - 667857B421DB4D0BBDB6131879ED211D

[Rorschach112]

hi

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

[cazpahdagost]

Sorry, it took over two hours for the Kaspersky scan to finish.

Here is the MWBM Report:

Malwarebytes' Anti-Malware 1.44
Database version: 3583
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

1/17/2010 12:23:48 PM
mbam-log-2010-01-17 (12-23-48).txt

Scan type: Quick Scan
Objects scanned: 152904
Time elapsed: 5 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



And here is the Kaspersky Report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, January 17, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, January 17, 2010 17:38:46
Records in database: 3324978
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 110119
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:34:48

No threats found. Scanned area is clean.

Selected area has been scanned.

[Rorschach112]

[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[cazpahdagost]

Here is the log:

OTL logfile created on: 1/17/2010 5:05:48 PM - Run 2
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\CazpahDaGost\Desktop\The Things They Carried\Virus Protection
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 541.00 Mb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 17.48 Gb Free Space | 11.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAZPAH
Current User Name: CazpahDaGost
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/16 18:42:38 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CazpahDaGost\Desktop\The Things They Carried\Virus Protection\OTL.exe
PRC - [2010/01/12 08:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010/01/06 18:12:58 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/11 03:55:22 | 00,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\DigiDesign\Drivers\MMERefresh.exe
PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/05/12 13:46:39 | 00,434,945 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2009/05/11 09:37:59 | 00,388,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2009/05/11 09:31:46 | 00,194,817 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 19:12:33 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/09/17 09:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
PRC - [2002/11/20 18:37:46 | 00,188,416 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpofxm07.exe
PRC - [2002/11/20 18:17:20 | 00,057,344 | ---- | M] (HP) -- C:\WINDOWS\system32\hpoipm07.exe
PRC - [2002/11/20 18:09:10 | 00,294,912 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hposts07.exe
PRC - [2002/11/20 17:48:24 | 00,299,008 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpoevm07.exe
PRC - [2002/11/20 17:15:00 | 00,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
PRC - [2002/05/09 09:44:16 | 00,208,896 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Hewlett-Packard\AiO\HPis\common\MotiveDirectory.exe


========== Modules (SafeList) ==========

MOD - [2010/01/16 18:42:38 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CazpahDaGost\Desktop\The Things They Carried\Virus Protection\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/01/12 08:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/08/28 17:52:59 | 00,980,512 | ---- | M] (Emsi Software GmbH) [On_Demand | Stopped] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/08/11 03:55:22 | 00,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/18 00:40:33 | 00,189,288 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009/06/17 16:10:10 | 00,075,064 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/05/12 13:46:39 | 00,434,945 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2009/05/11 09:37:59 | 00,388,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2009/05/11 09:31:46 | 00,194,817 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2009/03/03 13:53:32 | 00,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007/08/16 07:56:16 | 00,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2007/08/16 07:56:14 | 00,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2007/08/16 07:56:10 | 01,092,080 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/07/25 15:50:26 | 00,079,136 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/07/24 04:14:08 | 00,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/07/24 04:14:06 | 00,358,896 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/06/01 10:21:30 | 00,271,920 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/04/13 21:09:56 | 00,792,112 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007/02/15 12:45:36 | 00,707,344 | ---- | M] (O&O Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2007/02/02 17:34:00 | 00,520,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2007/02/02 14:55:08 | 00,446,464 | ---- | M] (ATI Technologies Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/10/26 23:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/07/25 17:03:42 | 02,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 17:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/04/03 17:12:14 | 00,014,032 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/10/17 10:54:49 | 00,002,560 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2005/09/15 16:22:39 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2005/04/29 17:18:24 | 00,131,136 | ---- | M] (NVIDIA) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2005/04/29 17:18:08 | 00,057,412 | ---- | M] (NVIDIA) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2004/11/30 10:08:56 | 00,020,543 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2000/06/26 06:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service)
SRV - [1999/12/13 09:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:3.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7


FF - HKLM\software\mozilla\Mozilla 1.7.8\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components [2009/08/21 19:27:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.8\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2009/08/21 19:27:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/16 15:30:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/12 08:17:48 | 00,000,000 | ---D | M]

[2008/08/30 14:21:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Mozilla\Extensions
[2010/01/16 16:21:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Mozilla\Firefox\Profiles\49atvsha.default\extensions
[2007/10/19 12:49:38 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CazpahDaGost\Application Data\Mozilla\Firefox\Profiles\49atvsha.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2006/10/08 16:42:48 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CazpahDaGost\Application Data\Mozilla\Firefox\Profiles\49atvsha.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/11/22 18:08:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Mozilla\Firefox\Profiles\49atvsha.default\extensions\[email protected]
[2010/01/16 16:21:14 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/17 15:23:10 | 00,626,688 | ---- | M] (ebrary) -- C:\Program Files\Mozilla Firefox\plugins\NPInfotl.dll
[2006/09/09 21:33:53 | 00,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

O1 HOSTS File: ([2010/01/17 10:52:58 | 00,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\hp instant support.lnk = C:\Program Files\Hewlett-Packard\AiO\HPis\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll File not found
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} http://www.cyberlink...xp/CheckDVD.cab (ChkDVDCtl Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1263762099531 (WUWebControl Class)
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinn...dy/jeopardy.cab (Jeopardy Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1126828603593 (MUWebControl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bw+0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {3e7b97ca-3d68-43c4-9775-81dedad512d1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {3E7B97CA-3D68-43C4-9775-81DEDAD512D1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop BackupWallPaper: C:\Documents and Settings\CazpahDaGost\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/22 14:41:24 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/01/17 17:02:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/01/17 16:55:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/01/17 16:55:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/01/17 16:55:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/01/17 16:55:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/01/17 16:53:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/01/17 16:49:05 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/01/17 16:49:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/01/17 12:10:11 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/17 10:52:57 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/17 10:48:33 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/17 10:48:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2010/01/17 10:23:33 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/17 10:23:33 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/17 10:23:32 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/17 10:23:32 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/17 10:21:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/17 10:20:26 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/14 19:48:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
[2010/01/14 19:48:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avid
[2010/01/14 19:42:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MEDIA
[2010/01/14 19:42:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PACE
[2010/01/14 19:40:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\Shared Avid Projects
[2010/01/14 19:40:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\AVX Plug-Ins Data
[2010/01/14 19:40:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\Avid Media Composer
[2010/01/14 19:40:13 | 00,000,000 | ---D | C] -- C:\LicenseFiles
[2010/01/14 19:39:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Avid
[2010/01/14 19:39:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\Avid MediaLog
[2010/01/14 19:38:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\FilmScribe
[2010/01/14 19:38:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\EDL Manager
[2010/01/14 19:37:33 | 00,000,000 | ---D | C] -- C:\Program Files\Licenses
[2010/01/14 19:37:28 | 00,000,000 | ---D | C] -- C:\Program Files\Avid
[2010/01/14 19:29:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SafeNet Sentinel
[2010/01/14 19:28:31 | 00,090,112 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\WinMMFix.dll
[2010/01/14 19:28:31 | 00,015,872 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\digicoin.dll
[2010/01/14 19:28:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Digidesign
[2010/01/14 19:28:27 | 02,554,622 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\dgfwdio.dll
[2010/01/14 19:28:27 | 00,368,640 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\digiasio.dll
[2010/01/14 19:28:27 | 00,196,608 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\Digi32.dll
[2010/01/14 19:28:27 | 00,176,128 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\Diomidi.DLL
[2010/01/14 19:28:27 | 00,024,080 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\drivers\dgfwboot.sys
[2010/01/14 19:28:27 | 00,016,400 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\drivers\diginet.sys
[2010/01/13 16:32:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CazpahDaGost\My Documents\Electronic Arts
[2010/01/13 16:29:02 | 00,447,752 | R--- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2010/01/13 16:29:01 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2010/01/13 14:15:01 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/01/13 14:14:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CazpahDaGost\Application Data\DAEMON Tools Lite
[2010/01/13 14:13:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite
[2010/01/13 13:37:51 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/01/13 13:37:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CazpahDaGost\Application Data\SystemRequirementsLab
[2010/01/12 10:39:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CazpahDaGost\Application Data\WinRAR
[2010/01/12 08:45:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CazpahDaGost\Application Data\Avira
[2010/01/12 08:17:54 | 00,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2007/04/17 22:28:27 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\CazpahDaGost\Application Data\pcouffin.sys
[2005/08/29 19:54:02 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2005/08/22 14:43:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/08/22 14:43:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/08/22 14:41:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/08/22 14:41:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2 C:\Documents and Settings\CazpahDaGost\My Documents\*.tmp files -> C:\Documents and Settings\CazpahDaGost\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/17 17:07:49 | 00,444,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/17 17:07:49 | 00,072,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/17 17:07:48 | 00,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/17 17:03:58 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/17 17:03:47 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/01/17 17:02:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/17 17:01:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/17 17:01:03 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/17 17:01:03 | 00,322,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/17 17:00:56 | 00,224,652 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor
[2010/01/17 17:00:19 | 09,699,328 | ---- | M] () -- C:\Documents and Settings\CazpahDaGost\ntuser.dat
[2010/01/17 17:00:02 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\CazpahDaGost\ntuser.ini
[2010/01/17 16:51:57 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2010/01/17 16:45:52 | 00,077,312 | ---- | M] () -- C:\Documents and Settings\CazpahDaGost\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/17 15:57:09 | 00,085,952 | ---- | M] () -- C:\Documents and Settings\CazpahDaGost\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/17 11:13:59 | 00,000,259 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/17 10:52:58 | 00,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/01/17 10:48:47 | 00,000,282 | RHS- | M] () -- C:\boot.ini
[2010/01/17 10:41:44 | 00,001,808 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\hp instant support.lnk
[2010/01/17 10:41:44 | 00,001,201 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HPAiODevice(hp officejet g series) - 1.lnk
[2010/01/14 19:34:00 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/13 14:19:34 | 00,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/01/13 02:29:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/12 14:15:59 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\CazpahDaGost\Application Data\vso_ts_preview.xml
[2010/01/12 13:49:57 | 10,733,03552 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/01/12 08:03:05 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2 C:\Documents and Settings\CazpahDaGost\My Documents\*.tmp files -> C:\Documents and Settings\CazpahDaGost\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/17 16:43:50 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/01/17 16:42:18 | 00,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/01/17 16:41:40 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/01/17 16:41:24 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/01/17 10:48:47 | 00,000,211 | -HS- | C] () -- C:\BOOT.BAK
[2010/01/17 10:48:44 | 00,260,272 | RHS- | C] () -- C:\cmldr
[2010/01/17 10:23:33 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/17 10:23:33 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/17 10:23:33 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/17 10:23:33 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/17 10:23:33 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/14 19:28:28 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2010/01/13 14:19:31 | 00,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/12/25 14:07:45 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Application Data\vso_ts_preview.xml
[2009/11/17 00:15:58 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\PtSSE2.dll
[2009/11/17 00:15:54 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2009/11/16 23:46:22 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AvidXPSerial.sys
[2009/10/27 14:19:00 | 00,002,728 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2009/10/27 14:18:06 | 00,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2009/09/24 10:48:37 | 00,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\.811261211181235583101118113995
[2009/08/28 02:17:44 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/08/28 02:17:43 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/08/28 02:17:41 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/28 02:17:40 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/28 02:17:39 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/28 02:17:39 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/07/19 20:52:01 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/06/18 00:40:48 | 00,137,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/06/17 16:17:03 | 00,139,152 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Application Data\PnkBstrK.sys
[2009/06/17 15:41:42 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\leverage.drm.log
[2009/03/20 15:04:22 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/08/24 11:49:31 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/01/29 18:01:41 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/12 15:10:08 | 00,001,362 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2007/06/03 04:47:10 | 00,593,938 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2007/04/27 07:40:00 | 00,026,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\sentinel.sys
[2007/04/22 19:15:29 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/17 22:30:26 | 00,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\.zreglib
[2007/04/17 22:28:29 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Application Data\pcouffin.log
[2007/04/17 22:28:27 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Application Data\ezpinst.exe
[2007/04/17 22:28:27 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Application Data\pcouffin.cat
[2007/04/17 22:28:27 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Application Data\pcouffin.inf
[2007/04/12 14:13:02 | 00,000,120 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Application Data\FixVTS.ini
[2006/09/06 23:07:42 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/09/06 23:07:42 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/08/24 20:40:14 | 00,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/08/22 13:39:39 | 00,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\.119889580931711767808769176
[2006/08/22 13:37:56 | 00,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\.24554863501262644635642126105
[2006/02/02 20:07:45 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2005/10/17 10:54:49 | 00,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf(4)(3).sys
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf(4)(2).sys
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(4).sys
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(3).sys
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(2).sys
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(4).sys
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(3).sys
[2005/10/17 10:54:49 | 00,002,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(2).sys
[2005/09/15 16:07:01 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/11 22:44:53 | 00,077,312 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/09/11 17:07:17 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/09/11 17:07:05 | 00,067,428 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/09/11 17:07:05 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/09/11 17:07:04 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/09/11 17:07:04 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2005/09/08 16:46:18 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\ztLib.dll
[2005/09/04 00:19:46 | 00,000,114 | ---- | C] () -- C:\WINDOWS\NVProfileManager.INI
[2005/09/04 00:19:06 | 00,000,119 | ---- | C] () -- C:\WINDOWS\NVPerformance.INI
[2005/09/03 19:54:27 | 00,006,702 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2005/08/29 19:53:56 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/08/29 19:49:45 | 00,000,135 | ---- | C] () -- C:\Documents and Settings\CazpahDaGost\Local Settings\Application Data\fusioncache.dat
[2004/10/15 09:10:04 | 00,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2004/07/10 17:55:38 | 00,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2004/06/29 19:07:26 | 01,658,973 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2002/11/20 18:51:34 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll

========== LOP Check ==========

[2009/06/17 15:41:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AA3DeployClient
[2010/01/14 19:48:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avid
[2010/01/13 14:14:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite
[2009/09/24 10:48:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Final Draft
[2008/03/16 11:37:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\fssg
[2009/06/15 21:44:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\iWin Games
[2008/01/26 19:25:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LightScribe
[2008/08/24 11:52:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Napster
[2010/01/14 19:48:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
[2007/04/17 22:30:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SlySoft
[2009/08/28 17:20:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2005/09/07 22:41:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
[2007/10/21 15:44:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\YAHOO
[2010/01/13 16:08:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\DAEMON Tools Lite
[2008/04/05 21:21:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\F-Secure
[2009/09/24 10:48:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Final Draft
[2008/11/21 10:31:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\goombah
[2010/01/17 10:31:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Logs
[2005/09/08 13:26:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\MetaProducts
[2005/09/08 13:15:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Musicmatch
[2006/01/21 17:41:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\NetMedia Providers
[2009/12/09 13:31:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Orbit
[2006/01/21 17:41:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Publish Providers
[2009/10/11 15:37:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Research In Motion
[2007/04/19 14:56:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\RipIt4Me
[2008/11/21 10:31:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Ruckus Network
[2007/04/21 20:03:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\SlySoft
[2009/09/20 12:17:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\StreamTorrent
[2006/03/18 00:23:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\System Requirements Lab
[2010/01/13 13:37:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\SystemRequirementsLab
[2008/11/25 21:27:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\tunebite
[2010/01/12 14:15:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\Vso
[2010/01/17 10:41:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CazpahDaGost\Application Data\wsInspector
[2010/01/13 02:29:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8E3D07DE
< End of report >

[Rorschach112]

Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
  
• Please follow the prompts to uninstall Combofix.
• You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

• Download OTC to your desktop and run it
• Click Yes to beginning the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Below I have included a number of recommendations for how to protect your computer against malware infections.

• Keep Windows updated by regularly checking their website at :
  http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
  
• Make Internet Explorer more secure
  
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
• TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
  
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  
  
• Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
  secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
  blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
  Here
  
  
  If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
  
  • NoScript - for blocking ads and other potential website attacks
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
  
  
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  
  
• FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  
  
• Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
  
  
• Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

[cazpahdagost]

Thank you very much, my friend! The work you guys do for us layman free of charge is amazing. I appreciate you taking the time from your day to provide me with support, thanks again, Rorschach112. Have a wonderful new year and I wish you all the best, my friend.

[Rorschach112]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.