Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32 Nugel.E


  • Please log in to reply

#1
stallion74

stallion74

    New Member

  • Member
  • Pip
  • 7 posts
keep getting files infected. after i ran scans i can't connected to the internet. here is the logs of ots, gamer, and mbam

when i ran malwarebytes it didn't find anything but still get the downloader.zlob warnings

thanks for your help and let me know what else i need to do or run

ots:
OTS logfile created on: 2/8/2010 12:47:37 PM - Run 2
OTS by OldTimer - Version 3.1.20.1	 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
446.00 Mb Total Physical Memory | 101.00 Mb Available Physical Memory | 23.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.06 Gb Total Space | 23.49 Gb Free Space | 16.19% Space Free | Partition Type: NTFS
Drive D: | 3.98 Gb Total Space | 2.72 Gb Free Space | 68.31% Space Free | Partition Type: FAT32
Drive E: | 382.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.83% Space Free | Partition Type: FAT32
 
Computer Name: R-W2A4L6L8
Current User Name: Owner
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 90 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2010/02/08 12:08:38 | 000,632,320 | ---- | M] (OldTimer Tools)
avgtray.exe -> C:\Program Files\AVG\AVG9\avgtray.exe -> [2009/12/31 11:39:07 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> C:\Program Files\AVG\AVG9\avgrsx.exe -> [2009/12/11 17:52:00 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgnsx.exe -> C:\Program Files\AVG\AVG9\avgnsx.exe -> [2009/12/11 17:51:59 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgchsvx.exe -> C:\Program Files\AVG\AVG9\avgchsvx.exe -> [2009/11/30 22:34:58 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgcsrvx.exe -> C:\Program Files\AVG\AVG9\avgcsrvx.exe -> [2009/11/30 22:34:55 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files\AVG\AVG9\avgwdsvc.exe -> [2009/11/30 22:34:34 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.)
ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.)
ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.)
qttask.exe -> C:\Program Files\QuickTime\QTTask.exe -> [2009/11/10 23:08:18 | 000,417,792 | ---- | M] (Apple Inc.)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.)
ymsgr_tray.exe -> C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe -> [2009/05/26 20:06:32 | 000,079,088 | ---- | M] (Yahoo! Inc.)
askupgrade.exe -> C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -> [2009/04/02 12:47:04 | 000,234,888 | ---- | M] ()
askservice.exe -> C:\Program Files\AskBarDis\bar\bin\AskService.exe -> [2009/04/02 12:47:02 | 000,464,264 | ---- | M] ()
teatimer.exe -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -> [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.)
searchprotection.exe -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe -> [2009/02/23 08:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.)
yahooauservice.exe -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
wscntfy.exe -> C:\WINDOWS\system32\wscntfy.exe -> [2008/04/13 19:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
googletoolbarnotifier.exe -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2007/07/26 20:58:28 | 000,068,856 | ---- | M] (Google Inc.)
viewpointservice.exe -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation)
ustorsrv.exe -> C:\WINDOWS\system32\UStorSrv.exe -> [2006/02/17 06:19:55 | 000,139,264 | ---- | M] (OTi)
lexbces.exe -> C:\WINDOWS\system32\LEXBCES.EXE -> [2002/02/11 13:29:44 | 000,303,104 | ---- | M] (Lexmark International, Inc.)
lexpps.exe -> C:\WINDOWS\system32\LEXPPS.EXE -> [2002/02/09 14:48:42 | 000,174,592 | ---- | M] (Lexmark International, Inc.)
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2010/02/08 12:08:38 | 000,632,320 | ---- | M] (OldTimer Tools)
 
[Win32 Services - Safe List]
(gupdate) Google Update Service (gupdate) [Auto | Stopped] -> C:\Program Files\Google\Update\GoogleUpdate.exe -> [2010/02/03 17:42:34 | 000,135,664 | ---- | M] (Google Inc.)
(avg9wd) AVG Free WatchDog [Auto | Running] -> C:\Program Files\AVG\AVG9\avgwdsvc.exe -> [2009/11/30 22:34:34 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.)
(iPod Service) iPod Service [On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.)
(Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.)
(gusvc) Google Software Updater [On_Demand | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/06/19 16:14:30 | 000,182,768 | ---- | M] (Google)
(ASKUpgrade) ASKUpgrade [Auto | Running] -> C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -> [2009/04/02 12:47:04 | 000,234,888 | ---- | M] ()
(ASKService) ASKService [Auto | Running] -> C:\Program Files\AskBarDis\bar\bin\AskService.exe -> [2009/04/02 12:47:02 | 000,464,264 | ---- | M] ()
(Bonjour Service) Bonjour Service [Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.)
(YahooAUService) Yahoo! Updater [Auto | Running] -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
(Viewpoint Manager Service) Viewpoint Manager Service [Auto | Running] -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation)
(WinDefend) Windows Defender [Auto | Stopped] -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)
(UStorage Server Service) UStorage Server Service [Auto | Running] -> C:\WINDOWS\System32\UStorSrv.exe -> [2006/02/17 06:19:55 | 000,139,264 | ---- | M] (OTi)
(PrismXL) PrismXL [Disabled | Stopped] -> C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -> [2005/07/29 07:08:53 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.)
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation)
(ose) Office Source Engine [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 14:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation)
(LexBceS) LexBce Server [Auto | Running] -> C:\WINDOWS\system32\LEXBCES.EXE -> [2002/02/11 13:29:44 | 000,303,104 | ---- | M] (Lexmark International, Inc.)
 
[Driver Services - Safe List]
(AvgTdiX) AVG Free8 Network Redirector [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgtdix.sys -> [2009/11/30 22:35:58 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgldx86.sys -> [2009/11/30 22:35:55 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> C:\WINDOWS\System32\Drivers\avgmfx86.sys -> [2009/11/30 22:35:55 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usbaapl.sys -> [2009/08/28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -> [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\amdagp.sys -> [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(Secdrv) Secdrv [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2007/07/25 21:53:30 | 000,043,528 | ---- | M] (Sonic Solutions)
(VIAudio) Vinyl AC'97 Audio Controller (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\vinyl97.sys -> [2006/08/10 06:32:14 | 000,204,672 | ---- | M] (VIA Technologies, Inc.)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\mdmxsdk.sys -> [2005/10/05 15:57:08 | 000,012,544 | ---- | M] (Conexant)
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\asctrm.sys -> [2005/07/29 07:26:48 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_DPV.sys -> [2005/07/22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.)
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSFHWBS2.sys -> [2005/07/22 11:01:10 | 000,231,168 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_CNXT.sys -> [2005/07/22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.)
(viagfx) viagfx [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\vtmini.sys -> [2005/04/06 20:31:36 | 000,173,696 | ---- | M] (Copyright (C) VIA/S3 Graphics Co, Ltd.)
(SunkFilt) Alcor Micro Corp Reader [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Sunkfilt.sys -> [2004/11/15 19:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.)
(RTL8023) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Rtlnic51.sys -> [2004/08/13 12:49:00 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation						   )
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2004/08/04 14:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.)
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\RTL8139.sys -> [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation)
(nv) nv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation)
(HSF_DP) HSF_DP [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HSF_DP.sys -> [2004/06/17 17:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.)
(ldiskl) ldiskl [Kernel | On_Demand | Stopped] -> C:\Documents and Settings\Owner\Local Settings\Temp\ldiskl.sys -> [2004/04/19 11:17:41 | 000,015,872 | ---- | M] ()
(incdrm) InCD EasyWrite Reader [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\incdrm.sys -> [2003/12/30 06:38:52 | 000,028,080 | ---- | M] (Ahead Software AG)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ALCXWDM.SYS -> [2003/12/09 13:16:00 | 000,626,977 | ---- | M] (Realtek Semiconductor Corp.)
(ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ALCXSENS.SYS -> [2003/12/09 13:16:00 | 000,400,384 | ---- | M] (Sensaura)
(viaagp1) VIA AGP Filter [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\viaagp1.sys -> [2003/07/02 07:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wanatw4.sys -> [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.)
(Sparrow) Sparrow [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\sparrow.sys -> [2001/08/17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.)
(sym_u3) sym_u3 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys -> [2001/08/17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys -> [2001/08/17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic)
(symc8xx) symc8xx [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys -> [2001/08/17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic)
(symc810) symc810 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\symc810.sys -> [2001/08/17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.)
(ultra) ultra [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\ultra.sys -> [2001/08/17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.)
(ql12160) ql12160 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\ql12160.sys -> [2001/08/17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation)
(ql1080) ql1080 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\ql1080.sys -> [2001/08/17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\ql1280.sys -> [2001/08/17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation)
(dac2w2k) dac2w2k [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation)
(mraid35x) mraid35x [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys -> [2001/08/17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.)
(asc) asc [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\asc.sys -> [2001/08/17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\asc3550.sys -> [2001/08/17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.)
(AliIde) AliIde [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\aliide.sys -> [2001/08/17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.)
(CmdIde) CmdIde [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\cmdide.sys -> [2001/08/17 22:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.)
(mxnic) Macronix MX987xx Family Fast Ethernet NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mxnic.sys -> [2001/08/17 15:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd.											   )
(FastPara) FastPara [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\fastpara.sys -> [1999/04/13 11:00:58 | 000,037,696 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_USERS\.DEFAULT\: SearchURL\\"" -> http://www.google.com/keyword/%s -> 
HKEY_USERS\.DEFAULT\: SearchURL\\"provider" -> gogl -> 
HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/11/25 13:01:54 | 001,230,080 | ---- | M] ()
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_USERS\S-1-5-18\: SearchURL\\"" -> http://www.google.com/keyword/%s -> 
HKEY_USERS\S-1-5-18\: SearchURL\\"provider" -> gogl -> 
HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/11/25 13:01:54 | 001,230,080 | ---- | M] ()
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\] > -> -> 
HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\: Main\\"Start Page" -> http://www.ewebforce.com/ -> 
HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 
HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\: URLSearchHooks\\"*{C94E154B-1459-4A47-966B-4B843BEFC7DB}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\: URLSearchHooks\\"*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/11/25 13:01:54 | 001,230,080 | ---- | M] ()
HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\: "ProxyEnable" -> 1 -> 
HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\: "ProxyOverride" -> <local> -> 
HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\: "ProxyServer" -> http=127.0.0.1:5555 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions -> [2009/12/28 13:10:02 | 000,000,000 | ---D | M]
No name found   -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} -> [2009/12/28 13:10:03 | 000,000,000 | ---D | M]
< HOSTS File > (351267 bytes and 12086 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
First 25 entries...
Reset Hosts
127.0.0.1	   localhost
127.0.0.1	007guard.com
127.0.0.1	www.007guard.com
127.0.0.1	010402.com
127.0.0.1	032439.com
127.0.0.1	www.032439.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	123topsearch.com
127.0.0.1	www.123topsearch.com
127.0.0.1	132.com
127.0.0.1	www.132.com
127.0.0.1	136136.net
127.0.0.1	www.136136.net
127.0.0.1	163ns.com
127.0.0.1	www.163ns.com
127.0.0.1	171203.com
127.0.0.1	17-plus.com
127.0.0.1	1800searchonline.com
127.0.0.1	www.1800searchonline.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 22:08:42 | 000,062,080 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG9\avgssie.dll [AVG Safe Search] -> [2009/12/11 17:51:59 | 001,484,056 | ---- | M] (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/09/15 13:25:44 | 001,562,960 | RHS- | M] (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> [2007/07/12 03:00:35 | 000,501,136 | ---- | M] (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/02/03 17:33:47 | 000,279,664 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [Google Toolbar Notifier BHO] -> [2010/02/03 17:42:28 | 000,812,528 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/03 17:33:47 | 000,279,664 | ---- | M] (Google Inc.)
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}" [HKLM] -> C:\Program Files\AskBarDis\bar\bin\askBar.dll [Ask Toolbar] -> [2009/04/02 12:47:00 | 000,333,192 | ---- | M] (Ask.com)
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/11/25 13:01:54 | 001,230,080 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/03 17:33:47 | 000,279,664 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/03 17:33:47 | 000,279,664 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\] > -> HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/03 17:33:47 | 000,279,664 | ---- | M] (Google Inc.)
ShellBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/03 17:33:47 | 000,279,664 | ---- | M] (Google Inc.)
WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/11/25 13:01:54 | 001,230,080 | ---- | M] ()
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AVG9_TRAY" -> C:\Program Files\AVG\AVG9\avgtray.exe [C:\PROGRA~1\AVG\AVG9\avgtray.exe] -> [2009/12/31 11:39:07 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.)
"iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.)
"QuickTime Task" -> C:\Program Files\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2009/11/10 23:08:18 | 000,417,792 | ---- | M] (Apple Inc.)
"yrbufvpr" -> C:\Documents and Settings\Owner\Local Settings\Application Data\hhtpeo\kxnasftav.exe [C:\Documents and Settings\Owner\Local Settings\Application Data\hhtpeo\kxnasftav.exe] -> [2010/02/06 20:57:38 | 000,279,808 | ---- | M] ()
"YSearchProtection" -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe ["C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"] -> [2009/02/23 08:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc)
< RunServices [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices -> 
"RegisterDropHandler" -> C:\Program Files\TextBridge Classic 2.0\Bin\RegisterDropHandler.exe [C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE] -> [1998/07/07 16:20:30 | 000,022,528 | ---- | M] ()
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"DWQueuedReporting" -> C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE ["C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t] -> [2007/03/22 19:29:28 | 000,039,264 | ---- | M] (Microsoft Corporation)
"MySpaceIM" -> C:\Program Files\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] -> [2007/08/13 19:04:18 | 005,562,368 | ---- | M] ()
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"DWQueuedReporting" -> C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE ["C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t] -> [2007/03/22 19:29:28 | 000,039,264 | ---- | M] (Microsoft Corporation)
"MySpaceIM" -> C:\Program Files\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] -> [2007/08/13 19:04:18 | 005,562,368 | ---- | M] ()
< Run [HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\] > -> HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"DW6" -> C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe ["C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"] -> [2009/03/19 14:10:10 | 000,801,904 | ---- | M] (The Weather Channel Interactive, Inc.)
"Messenger (Yahoo!)" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2009/05/26 20:06:32 | 004,351,216 | ---- | M] (Yahoo! Inc.)
"Search Protection" -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe] -> [2009/02/23 08:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc)
"SpybotSD TeaTimer" -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.)
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2007/07/26 20:58:28 | 000,068,856 | ---- | M] (Google Inc.)
"yrbufvpr" -> C:\Documents and Settings\Owner\Local Settings\Application Data\hhtpeo\kxnasftav.exe [C:\Documents and Settings\Owner\Local Settings\Application Data\hhtpeo\kxnasftav.exe] -> [2010/02/06 20:57:38 | 000,279,808 | ---- | M] ()
< RunOnce [HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\] > -> HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"Shockwave Updater" -> C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0;  [C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.3; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www8.agame.com/games/shockwave/t/traffic_slam/game_agame_com.htm"] -> File not found
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE -> [2005/10/20 12:04:08 | 000,038,912 | ---- | M] ()
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> 
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE -> [2005/10/20 12:04:08 | 000,038,912 | ---- | M] ()
 -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe -> [2009/10/13 20:49:20 | 000,189,952 | ---- | M] ()
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
\\"CDRAutoRun" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
\\"CDRAutoRun" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003] > -> HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003] > -> HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Google Search -> C:\Program Files\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html] -> File not found
Backward Links -> C:\Program Files\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html] -> File not found
Cached Snapshot of Page -> C:\Program Files\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html] -> File not found
Similar Pages -> C:\Program Files\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html] -> File not found
Translate into English -> C:\Program Files\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Google Search -> C:\Program Files\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html] -> File not found
Backward Links -> C:\Program Files\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html] -> File not found
Cached Snapshot of Page -> C:\Program Files\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html] -> File not found
Similar Pages -> C:\Program Files\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html] -> File not found
Translate into English -> C:\Program Files\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\] > -> HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Google Sidewiki... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html] -> [2010/02/03 17:34:24 | 000,848,896 | ---- | M] (Google Inc.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll [Menu: Sun Java Console] -> [2007/07/12 03:00:35 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 001,562,960 | RHS- | M] (Safer Networking Limited)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec [HKLM] -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [Button: Yahoo! Messenger] -> [2009/05/26 20:06:32 | 004,351,216 | ---- | M] (Yahoo! Inc.)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec [HKLM] -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [Menu: Yahoo! Messenger] -> [2009/05/26 20:06:32 | 004,351,216 | ---- | M] (Yahoo! Inc.)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> [2007/07/12 03:00:35 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\"{3369AF0D-62E9-4bda-8103-B4C75499B578}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 001,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2009/05/26 20:06:32 | 004,351,216 | ---- | M] (Yahoo! Inc.)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> [2007/07/12 03:00:35 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\"{3369AF0D-62E9-4bda-8103-B4C75499B578}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 001,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2009/05/26 20:06:32 | 004,351,216 | ---- | M] (Yahoo! Inc.)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\] > -> HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> [2007/07/12 03:00:35 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 13:25:44 | 001,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2009/05/26 20:06:32 | 004,351,216 | ---- | M] (Yahoo! Inc.)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6237 domain(s) found. -> 
59 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6236 domain(s) found. -> 
58 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6236 domain(s) found. -> 
58 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4152 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4152 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\] > -> HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6236 domain(s) found. -> 
58 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\] > -> HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> http://www.apple.com/qtactivex/qtplugin.cab [QuickTime Object] -> 
{15B782AF-55D8-11D1-B477-006097098764} [HKLM] -> http://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab [Macromedia Authorware Web Player Control] -> 
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=39204 [Windows Genuine Advantage Validation Tool] -> 
{1EF9F042-C2EB-4293-8213-474CAEEF531D} [HKLM] -> http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB [TmHcmsX Control] -> 
{215B8138-A3CF-44C5-803F-8226143CFC0A} [HKLM] -> http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab [Trend Micro ActiveX Scan Agent 6.6] -> 
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll [YInstStarter Class] -> 
{3DCEC959-378A-4922-AD7E-FD5C925D927F} [HKLM] -> http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab [Disney Online Games ActiveX Control] -> 
{48DD0448-9209-4F81-9F6D-D83562940134} [HKLM] -> http://lads.myspace.com/upload/MySpaceUploader1006.cab [MySpace Uploader Control] -> 
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [HKLM] -> http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab [Reg Error: Key error.] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155994418250 [MUWebControl Class] -> 
{8100D56A-5661-482C-BEE8-AFECE305D968} [HKLM] -> http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab [Facebook Photo Uploader 5 Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Java Plug-in 1.6.0_02] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] -> 
{B1826A9F-4AA0-4510-BA77-9013E74E4B9B} [HKLM] -> http://www.trendmicro.com/spyware-scan/as4web.cab [Reg Error: Key error.] -> 
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [HKLM] -> http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab [Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab [Java Plug-in 1.5.0_09] -> 
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab [Java Plug-in 1.5.0_10] -> 
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab [Java Plug-in 1.5.0_11] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab [Java Plug-in 1.6.0_01] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Java Plug-in 1.6.0_02] -> 
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [HKLM] ->  [Reg Error: Value error.] -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
avgrsstarter -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/11/30 22:35:26 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> C:\Program Files\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 18:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\AVG\AVG9\avgnsx.exe" -> C:\Program Files\AVG\AVG9\avgnsx.exe [C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe] -> [2009/12/11 17:51:59 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" -> C:\Program Files\AVG\AVG9\avgupd.exe [C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe] -> [2009/12/11 17:49:25 | 001,007,896 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/11/12 16:33:04 | 010,358,048 | ---- | M] (Apple Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found
"C:\Program Files\Pearl Harbor - Zero Hour\PHarbor.exe" -> C:\Program Files\Pearl Harbor - Zero Hour\PHarbor.exe [C:\Program Files\Pearl Harbor - Zero Hour\PHarbor.exe:*:Disabled:PHarbor] -> [2001/05/14 16:19:28 | 000,340,019 | ---- | M] ()
"C:\Program Files\VideoLAN\VLC\vlc.exe" -> C:\Program Files\VideoLAN\VLC\vlc.exe [C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player] -> [2008/11/13 06:34:18 | 000,114,840 | ---- | M] ()
"C:\Program Files\Vuze\Azureus.exe" -> C:\Program Files\Vuze\Azureus.exe [C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus] -> [2009/06/22 18:45:12 | 000,199,616 | ---- | M] (Vuze Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2009/05/26 20:06:32 | 004,351,216 | ---- | M] (Yahoo! Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/08/26 13:04:39 | 000,000,000 | ---- | M] ()
D:\Autorun.inf [[AUTORUN] | SHELLEXECUTE=Info.exe folder.htt 480 480 | ] -> D:\Autorun.inf [ FAT32 ] -> [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] ()
D:\autorun.inf.aug.8 [[AUTORUN] | OPEN=Info.exe folder.htt 480 480 | ] -> D:\autorun.inf.aug.8 [ FAT32 ] -> [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] ()
E:\Autorun.inf [[autorun] | OPEN=Install.EXE | ICON=VDSFish.ICO | ] -> E:\Autorun.inf [ CDFS ] -> [1999/01/08 22:53:24 | 000,000,047 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{36db705f-3c72-11d8-a150-806d6172696f}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36db705f-3c72-11d8-a150-806d6172696f}\Shell
\{36db705f-3c72-11d8-a150-806d6172696f}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36db705f-3c72-11d8-a150-806d6172696f}\Shell\AutoRun
\{36db705f-3c72-11d8-a150-806d6172696f}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
\{4021e6df-0a2a-11da-b762-806d6172696f}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4021e6df-0a2a-11da-b762-806d6172696f}\Shell
\{4021e6df-0a2a-11da-b762-806d6172696f}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4021e6df-0a2a-11da-b762-806d6172696f}\Shell\AutoRun
\{4021e6df-0a2a-11da-b762-806d6172696f}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
\{dcd886df-1ef9-11da-9a49-806d6172696f}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcd886df-1ef9-11da-9a49-806d6172696f}\Shell
\{dcd886df-1ef9-11da-9a49-806d6172696f}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcd886df-1ef9-11da-9a49-806d6172696f}\Shell\AutoRun
\{dcd886df-1ef9-11da-9a49-806d6172696f}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
\{deff3a65-0821-11da-8b7d-806d6172696f}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{deff3a65-0821-11da-8b7d-806d6172696f}\Shell
\{deff3a65-0821-11da-8b7d-806d6172696f}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{deff3a65-0821-11da-8b7d-806d6172696f}\Shell\AutoRun
\{deff3a65-0821-11da-8b7d-806d6172696f}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services -> 
"Apple Mobile Device" -> -> 
"AresChatServer" -> -> 
"AVGEMS" -> -> 
"gusvc" -> -> 
"iPod Service" -> -> 
"PrismXL" -> -> 
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk -> C:\Program Files\BigFix\BigFix.exe -> [2002/07/31 12:22:26 | 001,742,384 | ---- | M] (BigFix Inc.)
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EZ Station.lnk -> C:\WINDOWS\twain_32\IBMScanner\SxCenter.exe -> [1999/04/29 17:03:54 | 000,452,608 | ---- | M] (Compeye Corp.)
C:^Documents and Settings^Owner^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk -> C:\Program Files\TextBridge Classic 2.0\Ereg\REMIND32.EXE -> [1998/07/07 14:13:58 | 000,045,056 | ---- | M] ()
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
Adobe Photo Downloader hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe -> [2007/03/09 10:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated)
Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe -> [2008/10/15 00:04:34 | 000,039,792 | ---- | M] (Adobe Systems Incorporated)
Aim6 hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
CanonMyPrinter hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Canon\MyPrinter\BJMyPrt.exe -> [2006/10/16 20:40:00 | 001,197,648 | ---- | M] (CANON INC.)
ctfmon.exe hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
dqdnsxdxuq hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> c:\documents and settings\owner\local settings\application data\dqdnsxdxuq.exe -> File not found
DSS hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE -> File not found
HostManager hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\AOL\1142267845\ee\aolsoftware.exe -> [2006/05/09 19:24:16 | 000,050,760 | ---- | M] (America Online, Inc.)
InCD hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Ahead\InCD\InCD.exe -> File not found
InstantAccess hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\TextBridge Classic 2.0\Bin\InstantAccess.exe -> [1998/07/07 16:04:24 | 000,037,376 | ---- | M] ()
IPHSend hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe -> [2006/02/17 11:59:46 | 000,124,520 | ---- | M] (America Online, Inc.)
iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\iTunes\iTunesHelper.exe -> [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.)
MySpaceIM hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\MySpace\IM\MySpaceIM.exe -> [2007/08/13 19:04:18 | 005,562,368 | ---- | M] ()
NeroFilterCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\QuickTime\QTTask.exe -> [2009/11/10 23:08:18 | 000,417,792 | ---- | M] (Apple Inc.)
Random scan hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
Recguard hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\SMINST\Recguard.exe -> [2002/09/14 01:42:26 | 000,212,992 | ---- | M] ()
RegisterDropHandler hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\TextBridge Classic 2.0\Bin\RegisterDropHandler.exe -> [1998/07/07 16:20:30 | 000,022,528 | ---- | M] ()
Reminder hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\creator\remind_xp.exe -> [2005/03/15 12:04:08 | 000,966,656 | ---- | M] (SoftThinks)
RemoteControl hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe -> [2004/11/02 22:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.)
SoundMan hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\SOUNDMAN.EXE -> [2003/12/09 13:17:00 | 000,067,584 | ---- | M] (Realtek Semiconductor Corp.)
SpybotSD TeaTimer hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -> [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.)
SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe -> [2007/07/12 03:00:36 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.)
SunKistEM hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Digital Media Reader\shwiconEM.exe -> [2004/11/15 17:04:32 | 000,135,168 | ---- | M] (Alcor Micro, Corp.)
swg hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2007/07/26 20:58:28 | 000,068,856 | ---- | M] (Google Inc.)
VTTimer hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
Windows Defender hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Windows Defender\MSASCui.exe -> [2006/11/03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation)
wpmpormd.exe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 0 -> 
"services" -> 2 -> 
"startup" -> 2 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 -> 
"msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax [C:\WINDOWS\system32\iac25_32.ax] -> [2000/06/23 13:06:08 | 000,192,000 | ---- | M] (Ligos Corporation)
"msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\system32\l3codeca.acm] -> [2008/04/13 19:09:57 | 000,290,816 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2008/04/13 19:10:50 | 000,086,016 | ---- | M] (Sipro Lab Telecom Inc.)
"msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2004/08/04 14:00:00 | 000,008,192 | ---- | M] (DSP GROUP, INC.)
"vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2008/04/13 19:11:54 | 000,080,384 | ---- | M] (Radius Inc.)
"vidc.DIVX" -> C:\WINDOWS\System32\DivX.dll [DivX.dll] -> [2008/11/21 16:45:06 | 000,684,032 | ---- | M] (DivX, Inc.)
"vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/04 14:00:00 | 000,199,168 | ---- | M] ()
"vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/04 14:00:00 | 000,199,168 | ---- | M] ()
"vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2008/04/13 19:12:42 | 000,848,384 | ---- | M] (Intel Corporation)
"vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2000/06/23 09:36:48 | 000,745,984 | ---- | M] (Ligos Corporation)
"vidc.yv12" -> C:\WINDOWS\System32\DivX.dll [DivX.dll] -> [2008/11/21 16:45:06 | 000,684,032 | ---- | M] (DivX, Inc.)
< Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ -> 
{0291E591-EA41-4c82-8106-3DC6CE7F7664} [HKLM] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll [YInstStarterUpgrade Class] -> [2006/07/30 13:25:34 | 000,188,968 | ---- | M] (Yahoo! Inc.)
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2009/11/10 23:35:52 | 000,795,952 | ---- | M] (Apple Inc.)
{03F998B2-0E00-11D3-A498-00104B6EB52E} [HKLM] -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll [MetaStreamCtl Class] -> [2007/01/05 10:32:12 | 000,254,022 | ---- | M] (Viewpoint Corporation)
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> C:\WINDOWS\system32\Adobe\Director\SwDir.dll [Shockwave ActiveX Control] -> [2009/01/16 16:19:40 | 000,202,168 | ---- | M] (Adobe Systems, Inc.)
{1A7793DE-2598-4fa8-9EC5-9442CDE5E1CC} [HKLM] -> C:\Program Files\Screensavers.com\SSSInst\bin\SSSInst.dll [Installer Class] -> File not found
{1B00725B-C455-4DE6-BFB6-AD540AD427CD} [HKLM] -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll [MetaStreamCtl Class] -> [2007/01/05 10:32:12 | 000,254,022 | ---- | M] (Viewpoint Corporation)
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> C:\WINDOWS\system32\Adobe\Director\SwDir.dll [Shockwave ActiveX Control] -> [2009/01/16 16:19:40 | 000,202,168 | ---- | M] (Adobe Systems, Inc.)
{2C70F37F-144A-49b4-BC53-3CB658E6D247} [HKLM] -> C:\Program Files\Screensavers.com\SSSInst\bin\SSSInst.dll [Sinstaller Class] -> File not found
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} [HKLM] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll [YInstStarter Class] -> [2006/07/30 13:25:34 | 000,188,968 | ---- | M] (Yahoo! Inc.)
{33B16641-F94B-4CD0-8D2B-0633B2C35790} [HKLM] -> C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll [Google Update Plugin] -> [2010/02/03 17:42:34 | 000,220,144 | ---- | M] (Google Inc.)
{347B0667-C7ED-429B-BDE3-CC8D3BACAA31} [HKLM] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll [YSearchSetting2 Class] -> [2006/07/30 13:25:34 | 000,188,968 | ---- | M] (Yahoo! Inc.)
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2009/11/10 23:35:52 | 000,795,952 | ---- | M] (Apple Inc.)
{444785F1-DE89-4295-863A-D46C3A781394} [HKLM] -> C:\Program Files\Unity\WebPlayer\loader\UnityWebPluginAX.ocx [UnityWebPlayer Control] -> [2009/04/13 14:06:11 | 000,591,088 | ---- | M] (Unity Technologies ApS)
{5852F5ED-8BF4-11D4-A245-0080C6F74284} [HKLM] -> C:\Program Files\Java\jre1.6.0_02\bin\wsdetect.dll [isInstalled Class] -> [2007/07/12 03:00:46 | 000,110,592 | ---- | M] (Sun Microsystems, Inc.)
{64AA7031-C150-4118-8D31-FD273A2BB22C} [HKLM] -> C:\Program Files\Yahoo!\Common\Yverinfo.dll [PSFactoryBuffer] -> [2007/08/27 13:53:58 | 000,079,128 | ---- | M] (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> [2007/07/12 03:00:35 | 000,501,136 | ---- | M] (Sun Microsystems, Inc.)
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll [Java Plug-in 1.6.0_02] -> [2007/07/12 03:00:35 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.)
{B345F37E-6763-433b-BC53-9B526A9B7B8B} [HKLM] -> C:\Program Files\Yahoo!\Common\Yverinfo.dll [Yahoo! VersionInfo2] -> [2007/08/27 13:53:58 | 000,079,128 | ---- | M] (Yahoo! Inc.)
{BAEB32D0-732D-11d2-8BF4-0060B0A4A9EA} [HKLM] -> C:\Program Files\AIM6\services\imApp\ver6_5_9_1\isAim.dll [aimlocator Class] -> [2008/01/03 11:12:25 | 000,083,296 | ---- | M] (America Online Inc)
{CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2008/10/14 20:29:50 | 000,632,168 | ---- | M] (Adobe Systems, Inc.)
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll [Java Plug-in 1.6.0_02] -> [2007/07/12 03:00:35 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB} [HKLM] -> C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll [Java Plug-in 1.6.0_02] -> [2007/07/12 03:00:35 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll [Java Plug-in 1.6.0_02] -> [2007/07/12 03:00:35 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CB927D12-4FF7-4A9E-A169-56E4B8A75598} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [Behavior Object] -> [2009/11/10 23:35:52 | 000,795,952 | ---- | M] (Apple Inc.)
{CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [HKLM] -> C:\WINDOWS\system32\rmoc3260.dll [RealPlayer G2 Control] -> [2005/07/29 07:26:50 | 000,157,696 | ---- | M] (RealNetworks)
{D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx [Shockwave Flash Object] -> [2009/10/27 22:31:12 | 003,982,240 | R--- | M] (Adobe Systems, Inc.)
{D5184A39-CBDF-4A4F-AC1A-7A45A852C883} [HKLM] -> C:\Program Files\Yahoo!\Common\Yverinfo.dll [Yahoo! VersionInfo] -> [2007/08/27 13:53:58 | 000,079,128 | ---- | M] (Yahoo! Inc.)
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [HKLM] -> C:\Program Files\iTunes\ITDetector.ocx [iTunesDetector Class] -> [2009/11/12 16:33:00 | 000,111,912 | ---- | M] (Apple Inc.)
{DA4F543C-C8A9-4E88-9A79-548CBB46F18F} [HKLM] -> C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll [MessengerChecker Class] -> [2009/05/26 20:06:34 | 000,103,664 | ---- | M] (Yahoo! Inc.)
< Ext (Settings) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 22:08:42 | 000,062,080 | ---- | M] (Adobe Systems Incorporated)
{201F27D4-3704-41D6-89C1-AA35E39143ED} [HKLM] -> C:\Program Files\AskBarDis\bar\bin\askBar.dll [AskBar BHO] -> [2009/04/02 12:47:00 | 000,333,192 | ---- | M] (Ask.com)
{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/03 17:33:47 | 000,279,664 | ---- | M] (Google Inc.)
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> C:\WINDOWS\system32\Adobe\Director\SwDir.dll [Shockwave ActiveX Control] -> [2009/01/16 16:19:40 | 000,202,168 | ---- | M] (Adobe Systems, Inc.)
{3041D03E-FD4B-44E0-B742-2D9B88305F98} [HKLM] -> C:\Program Files\AskBarDis\bar\bin\askBar.dll [Ask Toolbar] -> [2009/04/02 12:47:00 | 000,333,192 | ---- | M] (Ask.com)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG9\avgssie.dll [AVG Safe Search] -> [2009/12/11 17:51:59 | 001,484,056 | ---- | M] (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/09/15 13:25:44 | 001,562,960 | RHS- | M] (Safer Networking Limited)
{754FF233-5D4E-11D2-875B-00A0C93C09B3} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> [2007/07/12 03:00:35 | 000,501,136 | ---- | M] (Sun Microsystems, Inc.)
{8100D56A-5661-482C-BEE8-AFECE305D968} [HKLM] -> C:\WINDOWS\Downloaded Program Files\PhotoUploader55.ocx [Facebook Photo Uploader 5 Control] -> [2009/07/29 21:21:24 | 003,540,488 | ---- | M] ()
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll [Java Plug-in 1.6.0_02] -> [2007/07/12 03:00:35 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.)
{A3BC75A2-1F87-4686-AA43-5347D756017C} [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/11/25 13:01:54 | 001,230,080 | ---- | M] ()
{AA58ED58-01DD-4D91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/02/03 17:33:47 | 000,279,664 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [Google Toolbar Notifier BHO] -> [2010/02/03 17:42:28 | 000,812,528 | ---- | M] (Google Inc.)
{B1549E58-3894-11D2-BB7F-00A0C999C4C1} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{BDD307C3-7BC0-4542-9F8F-A9611FE6C1BF} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{C533ADF1-0C80-11D1-8C54-00A02468F316} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/11/25 13:01:54 | 001,230,080 | ---- | M] ()
{CCCCCCD3-666F-4F81-8B69-745DE9F6D897} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx [Shockwave Flash Object] -> [2009/10/27 22:31:12 | 003,982,240 | R--- | M] (Adobe Systems, Inc.)
< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ -> 
{0006F033-0000-0000-C000-000000000046} [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE [Microsoft Outlook 8.0 Object Library] -> [2009/06/22 20:23:38 | 000,196,424 | ---- | M] (Microsoft Corporation)
{0006F03A-0000-0000-C000-000000000046} [HKLM] -> Reg Error: Value error. [Microsoft Office Outlook] -> File not found
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Script Object] -> [2010/02/03 17:33:47 | 000,279,664 | ---- | M] (Google Inc.)
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 22:08:42 | 000,062,080 | ---- | M] (Adobe Systems Incorporated)
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
{201F27D4-3704-41D6-89C1-AA35E39143ED} [HKLM] -> C:\Program Files\AskBarDis\bar\bin\askBar.dll [AskBar BHO] -> [2009/04/02 12:47:00 | 000,333,192 | ---- | M] (Ask.com)
{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/03 17:33:47 | 000,279,664 | ---- | M] (Google Inc.)
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> C:\WINDOWS\system32\Adobe\Director\SwDir.dll [Shockwave ActiveX Control] -> [2009/01/16 16:19:40 | 000,202,168 | ---- | M] (Adobe Systems, Inc.)
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx [DHTML Edit Control Safe for Scripting for IE5] -> [2009/07/27 17:27:12 | 000,128,512 | ---- | M] (Microsoft Corporation)
{3041D03E-FD4B-44E0-B742-2D9B88305F98} [HKLM] -> C:\Program Files\AskBarDis\bar\bin\askBar.dll [Ask Toolbar] -> [2009/04/02 12:47:00 | 000,333,192 | ---- | M] (Ask.com)
{38481807-CA0E-42D2-BF39-B33AF135CC4D} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Smart Tag\IETAG.DLL [IETag Factory] -> [2007/04/19 14:09:30 | 000,167,256 | ---- | M] (Microsoft Corporation)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG9\avgssie.dll [AVG Safe Search] -> [2009/12/11 17:51:59 | 001,484,056 | ---- | M] (AVG Technologies CZ, s.r.o.)
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2009/11/10 23:35:52 | 000,795,952 | ---- | M] (Apple Inc.)
{444785F1-DE89-4295-863A-D46C3A781394} [HKLM] -> C:\Program Files\Unity\WebPlayer\loader\UnityWebPluginAX.ocx [UnityWebPlayer Control] -> [2009/04/13 14:06:11 | 000,591,088 | ---- | M] (Unity Technologies ApS)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/09/15 13:25:44 | 001,562,960 | RHS- | M] (Safer Networking Limited)
{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> [2007/07/12 03:00:35 | 000,501,136 | ---- | M] (Sun Microsystems, Inc.)
{7CED64F0-1DD2-11B2-B67A-EBF3610319AB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8100D56A-5661-482C-BEE8-AFECE305D968} [HKLM] -> C:\WINDOWS\Downloaded Program Files\PhotoUploader55.ocx [Facebook Photo Uploader 5 Control] -> [2009/07/29 21:21:24 | 003,540,488 | ---- | M] ()
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll [Java Plug-in 1.6.0_02] -> [2007/07/12 03:00:35 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{9522B3FB-7A2B-4646-8AF6-36E7F593073C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{A057A204-BACC-4D26-9990-79A187E2698E} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{A3BC75A2-1F87-4686-AA43-5347D756017C} [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/11/25 13:01:54 | 001,230,080 | ---- | M] ()
{AA58ED58-01DD-4D91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/02/03 17:33:47 | 000,279,664 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [Google Toolbar Notifier BHO] -> [2010/02/03 17:42:28 | 000,812,528 | ---- | M] (Google Inc.)
{BD96C556-65A3-11D0-983A-00C04FC29E36} [HKLM] -> C:\Program Files\Common Files\System\msadc\msadco.dll [RDS.DataSpace] -> [2008/04/13 19:11:58 | 000,143,360 | ---- | M] (Microsoft Corporation)
{BDEADE3F-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\OWSCLT.DLL [OWSClientMiscApis Class] -> [2007/04/19 14:10:32 | 000,648,544 | ---- | M] (Microsoft Corporation)
{BDEADE43-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\OWSCLT.DLL [OWSBrowserUI Class] -> [2007/04/19 14:10:32 | 000,648,544 | ---- | M] (Microsoft Corporation)
{BEAC7DC8-E106-4C6A-931E-5A42E7362883} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2008/10/14 20:29:50 | 000,632,168 | ---- | M] (Adobe Systems, Inc.)
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/11/25 13:01:54 | 001,230,080 | ---- | M] ()
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [HKLM] -> C:\WINDOWS\system32\rmoc3260.dll [RealPlayer G2 Control] -> [2005/07/29 07:26:50 | 000,157,696 | ---- | M] (RealNetworks)
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx [Shockwave Flash Object] -> [2009/10/27 22:31:12 | 003,982,240 | R--- | M] (Adobe Systems, Inc.)
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [HKLM] -> C:\Program Files\iTunes\ITDetector.ocx [iTunesDetector Class] -> [2009/11/12 16:33:00 | 000,111,912 | ---- | M] (Apple Inc.)
{DA4F543C-C8A9-4E88-9A79-548CBB46F18F} [HKLM] -> C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll [MessengerChecker Class] -> [2009/05/26 20:06:34 | 000,103,664 | ---- | M] (Yahoo! Inc.)
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} [HKLM] -> C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx [QuickTimeCheck Class] -> [2009/11/10 23:35:52 | 000,136,496 | ---- | M] (Apple Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05} [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\NAME.DLL [NameCtrl Class] -> [2007/04/19 14:10:26 | 000,080,216 | ---- | M] (Microsoft Corporation)
{E2E2DD38-D088-4134-82B7-F2BA38496583} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{e3e02f12-2adb-478c-8742-5f0819f9f0f4} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{e473a65c-8087-49a3-affd-c5bc4a10669b} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2009/05/26 20:06:32 | 004,351,216 | ---- | M] (Yahoo! Inc.)
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{F0E42D40-368C-11D0-AD81-00A0C90DC8D9} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Snapshot Viewer\SNAPVIEW.OCX [Snapshot Viewer Control 11.0] -> [2008/07/12 12:35:48 | 000,136,200 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11D2-BB9E-00C04F795683} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{FC345D4C-B8F4-4674-BFF7-3C37D2E535EE} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{fd6484ed-ebe3-4c3d-938a-8238003b41b7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.bat [@ = batfile] -> "%1" %* -> 
.cmd [@ = cmdfile] -> "%1" %* -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
.html [@ = htmlfile] -> C:\Program Files\Internet Explorer\IEXPLORE.EXE -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
.pif [@ = piffile] -> "%1" %* -> 
.scr [@ = scrfile] -> "%1" /S -> 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 ->  -> File not found
Ias -> C:\WINDOWS\system32\ias -> [2004/08/26 13:03:54 | 000,000,000 | ---D | M]
Iprip ->  -> File not found
Irmon ->  -> File not found
NWCWorkstation ->  -> File not found
Nwsapagent ->  -> File not found
Wmi -> C:\WINDOWS\system32\wmi.dll -> [2008/04/13 19:11:15 | 000,005,632 | ---- | M] (Microsoft Corporation)
WmdmPmSp ->  -> File not found
*MultiFile Done* -> -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKLM] -> C:\Program Files\AVG\AVG9\avgpp.dll[XPLPPFilter Class] -> [2009/11/30 22:35:08 | 000,091,416 | ---- | M] (AVG Technologies CZ, s.r.o.)
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> 
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
System Bus Extender -> Driver Group
vds -> Service
vga.sys -> Driver
WinDefend -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ -> 
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} -> Net
{4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
NDIS Wrapper -> Driver Group
NetBIOSGroup -> Driver Group
NetDDEGroup -> Driver Group
Network -> Driver Group
NetworkProvider -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
PNP_TDI -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
Streams Drivers -> Driver Group
System Bus Extender -> Driver Group
TDI -> Driver Group
vga.sys -> Driver
WinDefend -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\\"FirstRunDisabled" ->  [1] -> File not found
\\"AntiVirusDisableNotify" ->  [0] -> File not found
\\"FirewallDisableNotify" ->  [0] -> File not found
\\"UpdatesDisableNotify" ->  [0] -> File not found
\\"AntiVirusOverride" ->  [0] -> File not found
\\"FirewallOverride" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\\"EnableFirewall" ->  [0] -> File not found
\\"DoNotAllowExceptions" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> C:\Program Files\Bonjour\mdnsNSP.dll -> [2008/12/12 10:11:44 | 000,147,456 | ---- | M] (Apple Inc.)
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{07287123-B8AC-41CE-8346-3D777245C35B} -> Bonjour
{0A053D60-9267-11D5-8A2B-0050DA8B7D89} -> Planescape - Torment
{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series -> Canon iP1800 series
{1451DE6B-ABE1-4F62-BE9A-B363A17588A2} -> QuickTime
{15377C3E-9655-400F-B441-E69F0A6BEAFE} -> Recovery Software Suite eMachines
{18455581-E099-4BA8-BC6B-F34B2F06600C} -> Google Toolbar for Internet Explorer
{18D10072035C4515918F7E37EAFAACFC} -> AutoUpdate
{1C7575B0-CCE2-4B96-83A8-F6DB45C0B945} -> Atlantis - Trial by Fire
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer
{2B43252C-A1E3-4C47-927C-9F2C276D3515} -> S3GSetup
{3248F0A8-6813-11D6-A77B-00B0D0150020} -> J2SE Runtime Environment 5.0 Update 2
{3248F0A8-6813-11D6-A77B-00B0D0150060} -> J2SE Runtime Environment 5.0 Update 6
{3248F0A8-6813-11D6-A77B-00B0D0150090} -> J2SE Runtime Environment 5.0 Update 9
{3248F0A8-6813-11D6-A77B-00B0D0150100} -> J2SE Runtime Environment 5.0 Update 10
{3248F0A8-6813-11D6-A77B-00B0D0150110} -> J2SE Runtime Environment 5.0 Update 11
{3248F0A8-6813-11D6-A77B-00B0D0160010} -> Java(TM) SE Runtime Environment 6 Update 1
{3248F0A8-6813-11D6-A77B-00B0D0160020} -> Java(TM) 6 Update 2
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{3FA365DF-2D68-45ED-8F83-8C8A33E65143} -> Apple Application Support
{416D80BA-6F6D-4672-B7CF-F54DA2F80B44} -> Microsoft Works
{5ED9E38C-9A96-49D8-89B3-92E278003FCF} -> TRS2006
{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} -> Windows Genuine Advantage v1.3.0254.0
{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD
{6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
{6DE13770-01B7-4366-8DA6-48237793F445} -> VoiceOver Kit
{76EFFC7C-17A6-479D-9E47-8E658C1695AE} -> Windows Backup Utility
{770657D0-A123-3C07-8E44-1C83EC895118} -> Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
{7B63B2922B174135AFC0E1377DD81EC2} -> DivX Codec
{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90} -> WebEx Support Manager for Internet Explorer
{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1} -> Digital Media Reader
{837b34e3-7c30-493c-8f6a-2b0f04e2912c} -> Microsoft Visual C++ 2005 Redistributable
{8ADFC4160D694100B5B8A22DE9DCABD9} -> DivX Player
{90110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003
{91120409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Standard Edition 2003
{94FB906A-CF42-4128-A509-D353026A607E} -> REALTEK Gigabit and Fast Ethernet NIC Driver
{A06275F4-324B-4E85-95E6-87B2CD729401} -> Windows Defender
{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} -> Microsoft .NET Framework 3.0 Service Pack 2
{A3514A5F-40C5-4189-9C49-D7DAEB09FDCF} -> Chabner Short
{A654A805-41D9-40C7-AA46-4AF04F044D61} -> Adobe® Photoshop® Album Starter Edition 3.2
{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5} -> iTunes
{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116} -> SimCity 4 Deluxe
{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} -> Google Update Helper
{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} -> Apple Mobile Device Support
{AC76BA86-7AD7-1033-7B44-A81300000003} -> Adobe Reader 8.1.4
{B13A7C41581B411290FBC0395694E2A9} -> DivX Converter
{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy
{B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Web Player
{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} -> Microsoft .NET Framework 2.0 Service Pack 2
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} -> Microsoft .NET Framework 3.5 SP1
{E9688BE6-D55F-4B62-9422-99AC56572C0F} -> Pearl Harbor : Zero Hour
{FB08F381-6533-4108-B7DD-039E11FBC27E} -> Realtek AC'97 Audio
8461-7759-5462-8226 -> Vuze
Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
Adobe Shockwave Player -> Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2 -> Adobe® Photoshop® Album Starter Edition 3.2
AIM_6 -> AIM 6
AOL Uninstaller -> AOL Uninstaller (Choose which Products to Remove)
Ask Toolbar_is1 -> Vuze Toolbar
AVG9Uninstall -> AVG Free 9.0
BigFix -> BigFix
Canon iP1800 series User Registration -> Canon iP1800 series User Registration
CanonMyPrinter -> Canon My Printer
CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1 -> Soft Data Fax Modem with SmartCP
CompanionWizard -> Companion wizard
Coupon Printer for Windows5.0.0.0 -> Coupon Printer for Windows
Disney's Active Play LKII, Simba's Pride Demo -> Disney's Active Play LKII, Simba's Pride Demo
Disney's Active Play, A Bug's Life -> Disney's Active Play, A Bug's Life
Easy-LayoutPrint -> Canon Utilities Easy-LayoutPrint
Easy-PhotoPrint -> Canon Utilities Easy-PhotoPrint
EAX(tm) Unified (SHELL) -> EAX(tm) Unified (SHELL)
ElmosArtWorkshop -> Sesame Street Elmo's Art Workshop
ERUNT_is1 -> ERUNT 1.1j
Hunting Unlimited 2008 -> Hunting Unlimited 2008 1.0
IBM Scanner -> IBM Scanner
ie8 -> Windows Internet Explorer 8
Imation Disk Manager V a Service -> Imation Disk Manager V a Service
InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1} -> Digital Media Reader
InterActual Player -> InterActual Player
IrfanView -> IrfanView (remove only)
Lexmark Supplies Monitor -> Lexmark Supplies Monitor
Lexmark Z55 -> Lexmark Z55
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1  (1033) -> Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1 -> Microsoft .NET Framework 3.5 SP1
Money2005b -> Microsoft Money 2005
Monopoly Star Wars -> Monopoly Star Wars
MRW!UninstallKey -> InCD EasyWrite Reader
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
MySpaceIM -> MySpaceIM
Network Play System (Patching) -> Network Play System (Patching)
PackMaster Millennium -> PackMaster Millennium
PhotoStudio Suite & IBM Scanner -> PhotoStudio Suite & IBM Scanner
Prison Tycoon 2 -> Prison Tycoon 2
Pro Media Director_is1 -> Pro Media Director Version 2.0.0.1
RealPlayer 6.0 -> RealPlayer Basic
RollerCoaster Tycoon Setup -> Roll
SimCity 3000 -> SimCity 3000
SimSafariUninstall -> SimSafari
Soulbringer -> Soulbringer
Spybot - Search & Destroy_is1 -> Spybot - Search & Destroy 1.5.2.20
Star Trek -- Starfleet Academy -> Star Trek -- Starfleet Academy
Sudden Strike -> Sudden Strike
TextBridge Classic 2.0 -> TextBridge Classic 2.0
Trend Micro HouseCall 6.6 -> HouseCall 6.6
UnityWebPlayer -> Unity Web Player
VIA/S3G UniChrome Family Win2K/XP Display -> VIA/S3G Display Driver
ViewpointMediaPlayer -> Viewpoint Media Player
Virtual Deep Sea Fishing -> Virtual Deep Sea Fishing
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows Media Player -> Windows Media Player 11
Windows XP Service Pack -> Windows XP Service Pack 3
WinRAR archiver -> WinRAR archiver
WMFDist11 -> Windows Media Format 11 runtime
wmp11 -> Windows Media Player 11
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0
Yahoo! Messenger -> Yahoo! Messenger
Yahoo! Search Defender -> Yahoo! Search Protection
Yahoo! Software Update -> Yahoo! Software Update
YInstHelper -> Yahoo! Install Manager
< Uninstall List [HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\] > -> HKEY_USERS\S-1-5-21-2437707645-3878641263-1327713641-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
Move Media Player -> Move Media Player
uTorrent -> µTorrent
Warcraft III -> Warcraft III: All Products
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 2/6/2010 10:05:12 PM Computer Name = R-W2A4L6L8 | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 2/6/2010 10:05:12 PM Computer Name = R-W2A4L6L8 | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 2/6/2010 10:05:26 PM Computer Name = R-W2A4L6L8 | Source = Application Hang | ID = 1002 -> Description = Hanging application WINWORD.EXE, version 11.0.8313.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 2/7/2010 2:47:08 AM Computer Name = R-W2A4L6L8 | Source = Google Update | ID = 20 -> Description = 
Application [ Error ] 2/7/2010 9:47:10 AM Computer Name = R-W2A4L6L8 | Source = Google Update | ID = 20 -> Description = 
Application [ Error ] 2/7/2010 10:47:16 AM Computer Name = R-W2A4L6L8 | Source = Google Update | ID = 20 -> Description = 
Application [ Error ] 2/7/2010 4:47:14 PM Computer Name = R-W2A4L6L8 | Source = Google Update | ID = 20 -> Description = 
Application [ Error ] 2/7/2010 5:09:36 PM Computer Name = R-W2A4L6L8 | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 2/7/2010 5:16:33 PM Computer Name = R-W2A4L6L8 | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 2/8/2010 1:47:09 PM Computer Name = R-W2A4L6L8 | Source = Google Update | ID = 20 -> Description = 
System [ Error ] 2/8/2010 12:48:31 PM Computer Name = R-W2A4L6L8 | Source = Service Control Manager | ID = 7001 -> Description = The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:   %%31
System [ Error ] 2/8/2010 12:48:31 PM Computer Name = R-W2A4L6L8 | Source = Service Control Manager | ID = 7001 -> Description = The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:   %%31
System [ Error ] 2/8/2010 12:48:31 PM Computer Name = R-W2A4L6L8 | Source = Service Control Manager | ID = 7001 -> Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:   %%31
System [ Error ] 2/8/2010 12:48:31 PM Computer Name = R-W2A4L6L8 | Source = Service Control Manager | ID = 7001 -> Description = The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:   %%31
System [ Error ] 2/8/2010 12:48:31 PM Computer Name = R-W2A4L6L8 | Source = Service Control Manager | ID = 7001 -> Description = The Fax service depends on the Print Spooler service which failed to start because of the following error:   %%1068
System [ Error ] 2/8/2010 12:48:31 PM Computer Name = R-W2A4L6L8 | Source = Service Control Manager | ID = 7001 -> Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:   %%31
System [ Error ] 2/8/2010 12:48:31 PM Computer Name = R-W2A4L6L8 | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   AFD  AvgLdx86  AvgMfx86  AvgTdiX  Fips  IPSec  MRxSmb  NetBIOS  NetBT  Processor  RasAcd  Rdbss  Tcpip
System [ Error ] 2/8/2010 1:11:45 PM Computer Name = R-W2A4L6L8 | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service netman with arguments ""  in order to run the server:  {BA126AE5-2166-11D1-B1D0-00805FC1270E}
System [ Error ] 2/8/2010 1:13:07 PM Computer Name = R-W2A4L6L8 | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service netman with arguments ""  in order to run the server:  {BA126AE5-2166-11D1-B1D0-00805FC1270E}
System [ Error ] 2/8/2010 1:29:35 PM Computer Name = R-W2A4L6L8 | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
[Files/Folders - Created Within 90 Days]
 OTS.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2010/02/08 12:45:25 | 000,632,320 | ---- | C] (OldTimer Tools)
 ERDNT -> C:\WINDOWS\ERDNT -> [2010/02/08 12:14:20 | 000,000,000 | ---D | C]
 ERUNT -> C:\Program Files\ERUNT -> [2010/02/08 12:13:55 | 000,000,000 | ---D | C]
 Updater5 -> C:\Documents and Settings\Owner\My Documents\Updater5 -> [2010/02/06 21:11:32 | 000,000,000 | ---D | C]
 hhtpeo -> C:\Documents and Settings\Owner\Local Settings\Application Data\hhtpeo -> [2010/02/06 21:02:01 | 000,000,000 | ---D | C]
 Google -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google -> [2010/02/03 17:50:00 | 000,000,000 | ---D | M]
 Google -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Google -> [2010/02/03 17:43:03 | 000,000,000 | ---D | M]
 Monopoly Star Wars -> C:\Program Files\Monopoly Star Wars -> [2010/01/29 22:21:04 | 000,000,000 | ---D | C]
 AVG8 -> C:\Documents and Settings\Owner\Application Data\AVG8 -> [2010/01/19 19:44:28 | 000,000,000 | ---D | C]
 Coupons -> C:\Program Files\Coupons -> [2010/01/18 10:22:16 | 000,000,000 | ---D | C]
 iTunes -> C:\Program Files\iTunes -> [2010/01/13 18:41:14 | 000,000,000 | ---D | C]
 {755AC846-7372-4AC8-8550-C52491DAA8BD} -> C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} -> [2010/01/13 18:41:14 | 000,000,000 | ---D | C]
 QuickTime -> C:\Program Files\QuickTime -> [2010/01/13 18:36:30 | 000,000,000 | ---D | C]
 aclayers.dll -> C:\WINDOWS\System32\dllcache\aclayers.dll -> [2010/01/13 16:26:24 | 000,471,552 | ---- | C] (Microsoft Corporation)
 Hunting Unlimited 2008 -> C:\Program Files\Hunting Unlimited 2008 -> [2010/01/09 12:33:55 | 000,000,000 | ---D | C]
 Azureus Downloads -> C:\Documents and Settings\Owner\My Documents\Azureus Downloads -> [2009/12/28 13:24:46 | 000,000,000 | ---D | C]
 Azureus -> C:\Documents and Settings\All Users\Application Data\Azureus -> [2009/12/28 13:11:42 | 000,000,000 | ---D | C]
 Azureus -> C:\Documents and Settings\Owner\Application Data\Azureus -> [2009/12/28 13:11:26 | 000,000,000 | ---D | C]
 Mozilla -> C:\Documents and Settings\Owner\Application Data\Mozilla -> [2009/12/28 13:10:02 | 000,000,000 | ---D | C]
 AskBarDis -> C:\Program Files\AskBarDis -> [2009/12/28 13:10:01 | 000,000,000 | ---D | C]
 Vuze -> C:\Program Files\Vuze -> [2009/12/28 13:10:00 | 000,000,000 | ---D | C]
 Vuze_Installer.exe -> C:\Vuze_Installer.exe -> [2009/12/28 13:04:39 | 008,755,648 | ---- | C] (Vuze Inc.)
 New Folder (2) -> C:\Documents and Settings\Owner\Desktop\New Folder (2) -> [2009/12/05 11:23:31 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\Documents and Settings\Owner\Application Data\Malwarebytes -> [2009/12/04 14:50:10 | 000,000,000 | ---D | C]
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/12/04 14:49:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/12/04 14:49:56 | 000,000,000 | ---D | C]
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/12/04 14:49:55 | 000,019,160 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/12/04 14:49:55 | 000,000,000 | ---D | C]
 mbam-setup.exe -> C:\mbam-setup.exe -> [2009/12/04 14:47:25 | 004,844,296 | ---- | C] (Malwarebytes Corporation									)
 $AVG -> C:\$AVG -> [2009/11/30 22:36:16 | 000,000,000 | -H-D | C]
 avg9 -> C:\Documents and Settings\All Users\Application Data\avg9 -> [2009/11/30 22:34:19 | 000,000,000 | ---D | C]
 SxsCaPendDel -> C:\WINDOWS\SxsCaPendDel -> [2009/11/30 22:33:27 | 000,000,000 | ---D | C]
 Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2009/11/30 22:00:07 | 000,000,000 | --SD | M]
 Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2009/11/30 22:00:07 | 000,000,000 | --SD | M]
 Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2009/11/30 22:00:07 | 000,000,000 | ---D | M]
 Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/11/30 22:00:07 | 000,000,000 | ---D | M]
 avg_free_stb_en_9_40_free.exe -> C:\Documents and Settings\Owner\Desktop\avg_free_stb_en_9_40_free.exe -> [2009/11/30 18:26:40 | 000,891,208 | ---- | C] (AVG Technologies)
 Thraex Software -> C:\Program Files\Common Files\Thraex Software -> [2009/11/26 20:25:33 | 000,000,000 | ---D | C]
 Prison Tycoon 2 -> C:\Program Files\Prison Tycoon 2 -> [2009/11/26 20:25:24 | 000,000,000 | ---D | C]
 New Folder -> C:\Documents and Settings\Owner\Desktop\New Folder -> [2009/11/14 11:01:25 | 000,000,000 | ---D | C]
 PCHealth -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth -> [2008/08/11 05:49:17 | 000,000,000 | ---D | M]
 Apple -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple -> [2008/02/20 20:20:11 | 000,000,000 | ---D | M]
 Apple -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple -> [2007/09/19 19:20:01 | 000,000,000 | ---D | M]
 Google -> C:\Documents and Settings\LocalService\Application Data\Google -> [2007/06/25 17:26:43 | 000,000,000 | ---D | M]
 Macromedia -> C:\Documents and Settings\LocalService\Application Data\Macromedia -> [2007/02/20 22:04:31 | 000,000,000 | ---D | M]
 Symantec -> C:\Documents and Settings\LocalService\Application Data\Symantec -> [2006/04/04 14:31:54 | 000,000,000 | ---D | M]
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 
[Files/Folders - Modified Within 90 Days]
 Symantec NetDetect.job -> C:\WINDOWS\tasks\Symantec NetDetect.job -> [2010/02/08 12:50:00 | 000,000,366 | ---- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/02/08 12:47:09 | 000,000,886 | ---- | M] ()
 ERUNT AutoBackup.lnk -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2010/02/08 12:43:35 | 000,000,767 | ---- | M] ()
 NTREGOPT.lnk -> C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk -> [2010/02/08 12:43:31 | 000,000,611 | ---- | M] ()
 ERUNT.lnk -> C:\Documents and Settings\Owner\Desktop\ERUNT.lnk -> [2010/02/08 12:43:30 | 000,000,592 | ---- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/02/08 12:33:23 | 000,001,170 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/02/08 12:30:46 | 000,000,882 | ---- | M] ()
 SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/02/08 12:30:42 | 000,000,006 | -H-- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/02/08 12:30:34 | 000,002,048 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/02/08 12:30:33 | 468,242,432 | -HS- | M] ()
 OTS.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2010/02/08 12:08:38 | 000,632,320 | ---- | M] (OldTimer Tools)
 The_Comedian.exe -> C:\Documents and Settings\Owner\Desktop\The_Comedian.exe -> [2010/02/08 12:05:00 | 000,794,112 | ---- | M] ()
 ntuser.dat -> C:\Documents and Settings\Owner\ntuser.dat -> [2010/02/08 11:45:37 | 011,534,336 | ---- | M] ()
 ntuser.ini -> C:\Documents and Settings\Owner\ntuser.ini -> [2010/02/08 11:45:37 | 000,000,278 | -HS- | M] ()
 incavi.avm -> C:\WINDOWS\System32\drivers\Avg\incavi.avm -> [2010/02/08 11:32:14 | 055,262,078 | ---- | M] ()
 IconCache.db -> C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db -> [2010/02/07 16:36:18 | 002,108,418 | -H-- | M] ()
 prvlcl.dat -> C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat -> [2010/02/06 22:23:40 | 000,000,000 | ---- | M] ()
 ~$rians comic book store -> C:\Documents and Settings\Owner\Desktop\~$rians comic book store -> [2010/02/06 21:04:40 | 000,000,162 | -H-- | M] ()
 AdvancementReport 2-3-2010.pdf -> C:\Documents and Settings\Owner\My Documents\AdvancementReport 2-3-2010.pdf -> [2010/02/03 22:09:25 | 000,021,234 | ---- | M] ()
 SIERRA.INI -> C:\WINDOWS\SIERRA.INI -> [2010/02/01 21:45:21 | 000,000,240 | ---- | M] ()
 DeIsL1.isu -> C:\WINDOWS\DeIsL1.isu -> [2010/01/29 22:38:01 | 000,008,786 | ---- | M] ()
 smsafari.ini -> C:\WINDOWS\smsafari.ini -> [2010/01/29 22:37:52 | 000,000,309 | ---- | M] ()
 Copy of 2009UMR 1.xls -> C:\Documents and Settings\Owner\My Documents\Copy of 2009UMR 1.xls -> [2010/01/22 17:01:06 | 002,123,264 | ---- | M] ()
 Copy of 2009UMR 1.rar -> C:\Documents and Settings\Owner\My Documents\Copy of 2009UMR 1.rar -> [2010/01/22 16:51:57 | 000,129,436 | ---- | M] ()
 microavi.avg -> C:\WINDOWS\System32\drivers\Avg\microavi.avg -> [2010/01/19 19:45:19 | 000,142,495 | ---- | M] ()
 drmHeader.bin -> C:\drmHeader.bin -> [2010/01/17 15:19:00 | 000,003,532 | ---- | M] ()
 iTunes.lnk -> C:\Documents and Settings\All Users\Desktop\iTunes.lnk -> [2010/01/17 15:11:47 | 000,002,137 | ---- | M] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/01/14 11:37:37 | 000,001,374 | ---- | M] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/01/12 22:58:04 | 000,203,776 | ---- | M] ()
 Hunting Unlimited 2008.lnk -> C:\Documents and Settings\Owner\Desktop\Hunting Unlimited 2008.lnk -> [2010/01/09 12:36:16 | 000,000,822 | ---- | M] ()
 AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/01/08 11:46:15 | 000,000,284 | ---- | M] ()
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation)
 trek safely.TIF -> C:\Documents and Settings\Owner\My Documents\trek safely.TIF -> [2010/01/03 15:02:59 | 000,029,678 | ---- | M] ()
 WebEx Document Loader Port -> C:\WINDOWS\System32\WebEx Document Loader Port -> [2010/01/03 14:51:07 | 000,000,000 | ---- | M] ()
 my documents -> C:\Documents and Settings\Owner\Desktop\my documents -> [2010/01/03 14:13:25 | 000,000,000 | ---- | M] ()
 Roster+2009.xls -> C:\Documents and Settings\Owner\Desktop\Roster+2009.xls -> [2009/12/29 21:29:07 | 000,036,352 | ---- | M] ()
 Vuze.lnk -> C:\Documents and Settings\All Users\Desktop\Vuze.lnk -> [2009/12/28 13:11:05 | 000,001,505 | ---- | M] ()
 Vuze_Installer.exe -> C:\Vuze_Installer.exe -> [2009/12/28 13:04:41 | 008,755,648 | ---- | M] (Vuze Inc.)
 urlmon.dll -> C:\WINDOWS\System32\dllcache\urlmon.dll -> [2009/12/21 14:14:05 | 001,208,832 | ---- | M] (Microsoft Corporation)
 wininet.dll -> C:\WINDOWS\System32\dllcache\wininet.dll -> [2009/12/21 14:14:05 | 000,916,480 | ---- | M] (Microsoft Corporation)
 mshtml.dll -> C:\WINDOWS\System32\dllcache\mshtml.dll -> [2009/12/21 14:14:04 | 005,942,784 | ---- | M] (Microsoft Corporation)
 occache.dll -> C:\WINDOWS\System32\dllcache\occache.dll -> [2009/12/21 14:14:04 | 000,206,848 | ---- | M] (Microsoft Corporation)
 iertutil.dll -> C:\WINDOWS\System32\dllcache\iertutil.dll -> [2009/12/21 14:14:03 | 001,985,536 | ---- | M] (Microsoft Corporation)
 inetcpl.cpl -> C:\WINDOWS\System32\inetcpl.cpl -> [2009/12/21 14:14:03 | 001,469,440 | ---- | M] (Microsoft Corporation)
 inetcpl.cpl -> C:\WINDOWS\System32\dllcache\inetcpl.cpl -> [2009/12/21 14:14:03 | 001,469,440 | ---- | M] (Microsoft Corporation)
 msfeeds.dll -> C:\WINDOWS\System32\msfeeds.dll -> [2009/12/21 14:14:03 | 000,594,432 | ---- | M] (Microsoft Corporation)
 msfeeds.dll -> C:\WINDOWS\System32\dllcache\msfeeds.dll -> [2009/12/21 14:14:03 | 000,594,432 | ---- | M] (Microsoft Corporation)
 iepeers.dll -> C:\WINDOWS\System32\iepeers.dll -> [2009/12/21 14:14:03 | 000,184,320 | ---- | M] (Microsoft Corporation)
 iepeers.dll -> C:\WINDOWS\System32\dllcache\iepeers.dll -> [2009/12/21 14:14:03 | 000,184,320 | ---- | M] (Microsoft Corporation)
 msfeedsbs.dll -> C:\WINDOWS\System32\msfeedsbs.dll -> [2009/12/21 14:14:03 | 000,055,296 | ---- | M] (Microsoft Corporation)
 msfeedsbs.dll -> C:\WINDOWS\System32\dllcache\msfeedsbs.dll -> [2009/12/21 14:14:03 | 000,055,296 | ---- | M] (Microsoft Corporation)
 jsproxy.dll -> C:\WINDOWS\System32\jsproxy.dll -> [2009/12/21 14:14:03 | 000,025,600 | ---- | M] (Microsoft Corporation)
 jsproxy.dll -> C:\WINDOWS\System32\dllcache\jsproxy.dll -> [2009/12/21 14:14:03 | 000,025,600 | ---- | M] (Microsoft Corporation)
 ieframe.dll -> C:\WINDOWS\System32\dllcache\ieframe.dll -> [2009/12/21 14:14:02 | 011,070,464 | ---- | M] (Microsoft Corporation)
 iedkcs32.dll -> C:\WINDOWS\System32\iedkcs32.dll -> [2009/12/21 14:14:01 | 000,387,584 | ---- | M] (Microsoft Corporation)
 iedkcs32.dll -> C:\WINDOWS\System32\dllcache\iedkcs32.dll -> [2009/12/21 14:14:01 | 000,387,584 | ---- | M] (Microsoft Corporation)
 ie4uinit.exe -> C:\WINDOWS\System32\ie4uinit.exe -> [2009/12/21 08:19:18 | 000,173,056 | ---- | M] (Microsoft Corporation)
 ie4uinit.exe -> C:\WINDOWS\System32\dllcache\ie4uinit.exe -> [2009/12/21 08:19:18 | 000,173,056 | ---- | M] (Microsoft Corporation)
 PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2009/12/11 17:41:49 | 000,562,200 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2009/12/11 17:41:49 | 000,468,268 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2009/12/11 17:41:49 | 000,083,054 | ---- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/12/04 14:50:02 | 000,000,696 | ---- | M] ()
 mbam-setup.exe -> C:\mbam-setup.exe -> [2009/12/04 14:47:28 | 004,844,296 | ---- | M] (Malwarebytes Corporation									)
 Troop+68+Handbook.pdf -> C:\Documents and Settings\Owner\My Documents\Troop+68+Handbook.pdf -> [2009/12/02 18:26:17 | 000,096,515 | ---- | M] ()
 Popcorn.xls -> C:\Documents and Settings\Owner\Desktop\Popcorn.xls -> [2009/12/01 17:53:44 | 000,048,640 | ---- | M] ()
 avgtdix.sys -> C:\WINDOWS\System32\drivers\avgtdix.sys -> [2009/11/30 22:35:58 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.)
 avgldx86.sys -> C:\WINDOWS\System32\drivers\avgldx86.sys -> [2009/11/30 22:35:55 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.)
 avgmfx86.sys -> C:\WINDOWS\System32\drivers\avgmfx86.sys -> [2009/11/30 22:35:55 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.)
 AVG Free 9.0.lnk -> C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk -> [2009/11/30 22:35:30 | 000,001,507 | ---- | M] ()
 iavichjw.avm -> C:\WINDOWS\System32\drivers\Avg\iavichjw.avm -> [2009/11/30 22:35:26 | 000,113,461 | ---- | M] ()
 avgrsstx.dll -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/11/30 22:35:26 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.)
 avg_free_stb_en_9_40_free.exe -> C:\Documents and Settings\Owner\Desktop\avg_free_stb_en_9_40_free.exe -> [2009/11/30 18:27:04 | 000,891,208 | ---- | M] (AVG Technologies)
 disney.ini -> C:\WINDOWS\disney.ini -> [2009/11/28 23:14:37 | 000,001,905 | ---- | M] ()
 Slingdot.com.url -> C:\Documents and Settings\Owner\Desktop\Slingdot.com.url -> [2009/11/26 20:29:31 | 000,000,118 | ---- | M] ()
 Prison Tycoon 2 Uninstaller.exe -> C:\WINDOWS\Prison Tycoon 2 Uninstaller.exe -> [2009/11/26 20:28:00 | 000,911,250 | ---- | M] ()
 Sdicon32.ico -> C:\Sdicon32.ico -> [2009/11/26 20:24:39 | 000,005,694 | ---- | M] ()
 sysmain.sdb -> C:\WINDOWS\System32\dllcache\sysmain.sdb -> [2009/11/21 10:51:42 | 001,206,508 | ---- | M] ()
 aclayers.dll -> C:\WINDOWS\System32\dllcache\aclayers.dll -> [2009/11/21 10:51:04 | 000,471,552 | ---- | M] (Microsoft Corporation)
 CouponPrinter.ocx -> C:\WINDOWS\CouponPrinter.ocx -> [2009/11/19 17:16:27 | 000,068,824 | ---- | M] ()
 Copy of 2009UMR.xls -> C:\Documents and Settings\Owner\My Documents\Copy of 2009UMR.xls -> [2009/11/14 21:58:10 | 002,121,216 | ---- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2009/11/11 18:06:31 | 000,270,984 | ---- | M] ()
 win.ini -> C:\WINDOWS\win.ini -> [2009/11/11 18:02:58 | 000,000,189 | ---- | M] ()
 Roster+2009.xls -> C:\Documents and Settings\Owner\My Documents\Roster+2009.xls -> [2009/11/11 17:58:54 | 000,036,352 | ---- | M] ()
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2009/11/10 18:53:38 | 000,351,267 | R--- | M] ()
 wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/11/10 18:52:03 | 000,000,444 | ---- | M] ()
 97 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> 
 97 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> 
 823 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
 823 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
 823 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 1 C:\Documents and Settings\Owner\Local Settings\Temp\HouseCall\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\HouseCall\*.tmp -> 
 1 C:\Documents and Settings\Owner\Local Settings\Temp\HouseCall\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\HouseCall\*.tmp -> 
 1 C:\Documents and Settings\Owner\Local Settings\Temp\HCBackup\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\HCBackup\*.tmp -> 
 
[Files - No Company Name]
 ERUNT AutoBackup.lnk -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2010/02/08 12:43:35 | 000,000,767 | ---- | C] ()
 NTREGOPT.lnk -> C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk -> [2010/02/08 12:43:31 | 000,000,611 | ---- | C] ()
 ERUNT.lnk -> C:\Documents and Settings\Owner\Desktop\ERUNT.lnk -> [2010/02/08 12:43:30 | 000,000,592 | ---- | C] ()
 The_Comedian.exe -> C:\Documents and Settings\Owner\Desktop\The_Comedian.exe -> [2010/02/08 12:41:53 | 000,794,112 | ---- | C] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/02/08 12:30:33 | 468,242,432 | -HS- | C] ()
 ~$rians comic book store -> C:\Documents and Settings\Owner\Desktop\~$rians comic book store -> [2010/02/06 21:04:40 | 000,000,162 | -H-- | C] ()
 AdvancementReport 2-3-2010.pdf -> C:\Documents and Settings\Owner\My Documents\AdvancementReport 2-3-2010.pdf -> [2010/02/03 22:09:24 | 000,021,234 | ---- | C] ()
 GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/02/03 17:42:59 | 000,000,886 | ---- | C] ()
 GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/02/03 17:42:58 | 000,000,882 | ---- | C] ()
 smsafari.ini -> C:\WINDOWS\smsafari.ini -> [2010/01/29 22:28:12 | 000,000,309 | ---- | C] ()
 DeIsL1.isu -> C:\WINDOWS\DeIsL1.isu -> [2010/01/29 22:28:02 | 000,008,786 | ---- | C] ()
 Copy of 2009UMR 1.rar -> C:\Documents and Settings\Owner\My Documents\Copy of 2009UMR 1.rar -> [2010/01/22 16:51:57 | 000,129,436 | ---- | C] ()
 iTunes.lnk -> C:\Documents and Settings\All Users\Desktop\iTunes.lnk -> [2010/01/13 18:43:11 | 000,002,137 | ---- | C] ()
 Hunting Unlimited 2008.lnk -> C:\Documents and Settings\Owner\Desktop\Hunting Unlimited 2008.lnk -> [2010/01/09 12:36:16 | 000,000,822 | ---- | C] ()
 drmHeader.bin -> C:\drmHeader.bin -> [2010/01/05 13:02:03 | 000,003,532 | ---- | C] ()
 trek safely.TIF -> C:\Documents and Settings\Owner\My Documents\trek safely.TIF -> [2010/01/03 15:02:59 | 000,029,678 | ---- | C] ()
 WebEx Document Loader Port -> C:\WINDOWS\System32\WebEx Document Loader Port -> [2010/01/03 14:51:07 | 000,000,000 | ---- | C] ()
 my documents -> C:\Documents and Settings\Owner\Desktop\my documents -> [2009/12/31 00:04:44 | 000,000,000 | ---- | C] ()
 Vuze.lnk -> C:\Documents and Settings\All Users\Desktop\Vuze.lnk -> [2009/12/28 13:11:05 | 000,001,505 | ---- | C] ()
 prvlcl.dat -> C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat -> [2009/12/15 17:23:51 | 000,000,000 | ---- | C] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/12/04 14:50:02 | 000,000,696 | ---- | C] ()
 Troop+68+Handbook.pdf -> C:\Documents and Settings\Owner\My Documents\Troop+68+Handbook.pdf -> [2009/12/02 18:26:17 | 000,096,515 | ---- | C] ()
 AVG Free 9.0.lnk -> C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk -> [2009/11/30 22:35:30 | 000,001,507 | ---- | C] ()
 Slingdot.com.url -> C:\Documents and Settings\Owner\Desktop\Slingdot.com.url -> [2009/11/26 20:29:31 | 000,000,118 | ---- | C] ()
 Prison Tycoon 2 Uninstaller.exe -> C:\WINDOWS\Prison Tycoon 2 Uninstaller.exe -> [2009/11/26 20:27:33 | 000,911,250 | ---- | C] ()
 Copy of 2009UMR 1.xls -> C:\Documents and Settings\Owner\My Documents\Copy of 2009UMR 1.xls -> [2009/11/14 21:59:11 | 002,123,264 | ---- | C] ()
 Copy of 2009UMR.xls -> C:\Documents and Settings\Owner\My Documents\Copy of 2009UMR.xls -> [2009/11/14 12:32:34 | 002,121,216 | ---- | C] ()
 Popcorn.xls -> C:\Documents and Settings\Owner\Desktop\Popcorn.xls -> [2009/11/13 17:56:48 | 000,048,640 | ---- | C] ()
 qt-dx331.dll -> C:\WINDOWS\System32\qt-dx331.dll -> [2008/11/21 16:47:52 | 003,596,288 | ---- | C] ()
 dtu100.dll.manifest -> C:\WINDOWS\System32\dtu100.dll.manifest -> [2008/11/21 16:45:16 | 000,000,416 | ---- | C] ()
 dpl100.dll.manifest -> C:\WINDOWS\System32\dpl100.dll.manifest -> [2008/11/21 16:45:16 | 000,000,416 | ---- | C] ()
 DivXWMPExtType.dll -> C:\WINDOWS\System32\DivXWMPExtType.dll -> [2008/11/21 16:44:16 | 000,012,288 | ---- | C] ()
 VERMONT1.DLL -> C:\WINDOWS\System32\VERMONT1.DLL -> [2007/12/16 15:22:58 | 000,027,136 | ---- | C] ()
 VRX1.DLL -> C:\WINDOWS\System32\VRX1.DLL -> [2007/12/16 15:22:58 | 000,019,040 | ---- | C] ()
 SIMEARTH.DLL -> C:\WINDOWS\System32\SIMEARTH.DLL -> [2007/12/16 15:22:57 | 000,107,520 | ---- | C] ()
 wininit.ini -> C:\WINDOWS\wininit.ini -> [2007/12/08 00:46:59 | 000,000,444 | ---- | C] ()
 WAVEMIX.INI -> C:\WINDOWS\WAVEMIX.INI -> [2007/11/21 21:24:06 | 000,002,554 | ---- | C] ()
 SimTower.ini -> C:\WINDOWS\SimTower.ini -> [2007/11/21 21:24:02 | 000,000,165 | ---- | C] ()
 ka.ini -> C:\WINDOWS\ka.ini -> [2007/09/29 14:46:55 | 000,000,000 | ---- | C] ()
 OPDSL.DLL -> C:\WINDOWS\System32\OPDSL.DLL -> [2007/04/10 07:53:39 | 000,139,264 | ---- | C] ()
 iPlayer.INI -> C:\WINDOWS\iPlayer.INI -> [2007/01/26 09:21:08 | 000,000,092 | ---- | C] ()
 lxaklcnp.dll -> C:\WINDOWS\System32\lxaklcnp.dll -> [2006/11/14 21:16:40 | 000,077,824 | ---- | C] ()
 TLCAPPS.INI -> C:\WINDOWS\TLCAPPS.INI -> [2006/08/08 19:04:15 | 000,000,066 | ---- | C] ()
 vidx16.dll -> C:\WINDOWS\System32\vidx16.dll -> [2006/07/18 15:42:02 | 000,010,240 | ---- | C] ()
 regobj.dll -> C:\WINDOWS\System32\regobj.dll -> [2006/07/11 09:23:17 | 000,040,448 | ---- | C] ()
 WAR2R.INI -> C:\WINDOWS\WAR2R.INI -> [2006/07/02 17:59:47 | 000,000,026 | ---- | C] ()
 GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 13:58:52 | 000,030,808 | ---- | C] ()
 GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 13:53:56 | 000,026,489 | ---- | C] ()
 SIntfNT.dll -> C:\WINDOWS\System32\SIntfNT.dll -> [2006/06/18 13:55:04 | 000,021,840 | ---- | C] ()
 SIntf32.dll -> C:\WINDOWS\System32\SIntf32.dll -> [2006/06/18 13:55:04 | 000,017,212 | ---- | C] ()
 SIntf16.dll -> C:\WINDOWS\System32\SIntf16.dll -> [2006/06/18 13:55:04 | 000,012,067 | ---- | C] ()
 SSAW.INI -> C:\WINDOWS\SSAW.INI -> [2006/06/12 20:19:12 | 000,000,075 | ---- | C] ()
 QTW.INI -> C:\WINDOWS\QTW.INI -> [2006/05/29 18:43:20 | 000,000,206 | ---- | C] ()
 hegames.ini -> C:\WINDOWS\hegames.ini -> [2006/04/22 13:50:36 | 000,000,761 | ---- | C] ()
 GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 14:39:28 | 000,029,779 | ---- | C] ()
 GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 14:39:28 | 000,026,040 | ---- | C] ()
 tb96.ini -> C:\WINDOWS\tb96.ini -> [2006/03/27 17:32:40 | 000,000,095 | ---- | C] ()
 fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2006/03/27 17:27:27 | 000,001,793 | ---- | C] ()
 SETUP32.INI -> C:\WINDOWS\SETUP32.INI -> [2006/03/27 16:51:29 | 000,000,000 | ---- | C] ()
 disney.ini -> C:\WINDOWS\disney.ini -> [2006/03/27 16:45:42 | 000,001,905 | ---- | C] ()
 atid.ini -> C:\WINDOWS\atid.ini -> [2006/01/11 12:09:33 | 000,000,028 | ---- | C] ()
 SIERRA.INI -> C:\WINDOWS\SIERRA.INI -> [2006/01/04 14:59:00 | 000,000,240 | ---- | C] ()
 msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2006/01/01 23:14:58 | 000,000,002 | ---- | C] ()
 Tb98.ini -> C:\WINDOWS\Tb98.ini -> [2006/01/01 22:13:09 | 000,000,100 | ---- | C] ()
 EPSN.DLL -> C:\WINDOWS\System32\EPSN.DLL -> [2006/01/01 22:13:02 | 000,046,512 | ---- | C] ()
 INETWH16.DLL -> C:\WINDOWS\System32\INETWH16.DLL -> [2006/01/01 22:13:02 | 000,009,136 | ---- | C] ()
 PIXPCZ.DLL -> C:\WINDOWS\System32\PIXPCZ.DLL -> [2006/01/01 22:13:01 | 000,012,126 | ---- | C] ()
 PIXPNR.DLL -> C:\WINDOWS\System32\PIXPNR.DLL -> [2006/01/01 22:13:01 | 000,011,934 | ---- | C] ()
 pstudio.ini -> C:\WINDOWS\pstudio.ini -> [2006/01/01 22:12:20 | 000,000,465 | ---- | C] ()
 pfantasy.ini -> C:\WINDOWS\pfantasy.ini -> [2006/01/01 22:12:16 | 000,025,441 | ---- | C] ()
 PS_Suite.ini -> C:\WINDOWS\PS_Suite.ini -> [2006/01/01 22:12:16 | 000,000,018 | ---- | C] ()
 avrack.ini -> C:\WINDOWS\avrack.ini -> [2005/07/29 07:28:58 | 000,000,164 | ---- | C] ()
 RTLCPAPI.dll -> C:\WINDOWS\System32\RTLCPAPI.dll -> [2005/07/29 07:28:55 | 000,155,648 | ---- | C] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2005/07/29 07:22:06 | 000,000,376 | ---- | C] ()
 smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2004/08/27 05:50:59 | 000,000,061 | ---- | C] ()
 oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2004/08/26 11:12:43 | 000,001,420 | ---- | C] ()
 emver.ini -> C:\WINDOWS\System32\emver.ini -> [2004/08/26 11:12:43 | 000,000,485 | ---- | C] ()
 OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/07 17:05:08 | 000,002,695 | ---- | C] ()
 
[File - Lop Check]
 SampleView -> C:\Documents and Settings\Administrator\Application Data\SampleView -> [2005/07/29 07:25:58 | 000,000,000 | ---D | M]
 AntiVir PersonalEdition Classic -> C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic -> [2008/01/05 15:48:53 | 000,000,000 | ---D | M]
 AVG Security Toolbar -> C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar -> [2009/08/03 16:07:34 | 000,000,000 | ---D | M]
 avg9 -> C:\Documents and Settings\All Users\Application Data\avg9 -> [2009/11/30 22:34:21 | 000,000,000 | ---D | M]
 Azureus -> C:\Documents and Settings\All Users\Application Data\Azureus -> [2009/12/28 13:11:42 | 000,000,000 | ---D | M]
 CanonBJ -> C:\Documents and Settings\All Users\Application Data\CanonBJ -> [2007/05/01 15:35:56 | 000,000,000 | -H-D | M]
 Disney Interactive -> C:\Documents and Settings\All Users\Application Data\Disney Interactive -> [2006/07/06 16:48:00 | 000,000,000 | ---D | M]
 Grisoft -> C:\Documents and Settings\All Users\Application Data\Grisoft -> [2009/01/02 14:51:34 | 000,000,000 | ---D | M]
 Napster -> C:\Documents and Settings\All Users\Application Data\Napster -> [2006/11/17 22:22:44 | 000,000,000 | ---D | M]
 Sandlot Games -> C:\Documents and Settings\All Users\Application Data\Sandlot Games -> [2009/02/21 16:19:51 | 000,000,000 | ---D | M]
 TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2008/10/08 20:16:34 | 000,000,000 | ---D | M]
 Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2008/01/25 15:41:53 | 000,000,000 | ---D | M]
 {755AC846-7372-4AC8-8550-C52491DAA8BD} -> C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} -> [2010/01/13 18:42:35 | 000,000,000 | ---D | M]
 {8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> [2009/05/29 10:24:51 | 000,000,000 | ---D | M]
 SampleView -> C:\Documents and Settings\Default User\Application Data\SampleView -> [2005/07/29 07:25:58 | 000,000,000 | ---D | M]
 acccore -> C:\Documents and Settings\Owner\Application Data\acccore -> [2006/03/13 11:38:13 | 000,000,000 | ---D | M]
 Azureus -> C:\Documents and Settings\Owner\Application Data\Azureus -> [2010/02/06 20:58:13 | 000,000,000 | ---D | M]
 Disney Interactive -> C:\Documents and Settings\Owner\Application Data\Disney Interactive -> [2006/07/06 16:48:41 | 000,000,000 | ---D | M]
 HouseCall 6.6 -> C:\Documents and Settings\Owner\Application Data\HouseCall 6.6 -> [2009/03/25 20:17:47 | 000,000,000 | ---D | M]
 Leadertech -> C:\Documents and Settings\Owner\Application Data\Leadertech -> [2006/09/01 14:11:48 | 000,000,000 | ---D | M]
 LimeWire -> C:\Documents and Settings\Owner\Application Data\LimeWire -> [2009/12/19 18:35:15 | 000,000,000 | ---D | M]
 SampleView -> C:\Documents and Settings\Owner\Application Data\SampleView -> [2005/07/29 07:25:58 | 000,000,000 | ---D | M]
 Template -> C:\Documents and Settings\Owner\Application Data\Template -> [2006/01/19 19:07:37 | 000,000,000 | ---D | M]
 The Hobbit -> C:\Documents and Settings\Owner\Application Data\The Hobbit -> [2006/06/02 20:25:48 | 000,000,000 | ---D | M]
 Unity -> C:\Documents and Settings\Owner\Application Data\Unity -> [2009/03/15 20:08:35 | 000,000,000 | ---D | M]
 uTorrent -> C:\Documents and Settings\Owner\Application Data\uTorrent -> [2008/11/30 14:32:31 | 000,000,000 | ---D | M]
 Viewpoint -> C:\Documents and Settings\Owner\Application Data\Viewpoint -> [2007/05/29 17:04:44 | 000,000,000 | ---D | M]
 
[File - Purity Scan]
 
 
[Alternate Data Streams]
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80ED6380
< End of report >



gamer:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-08 14:25:31
Windows 5.1.2600 Service Pack 3
Running: GAMER.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\ugtoipob.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xF7984300]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3412] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 60: copy of MBR

---- EOF - GMER 1.0.15 ----



mbam:


Malwarebytes' Anti-Malware 1.44
Database version: 3667
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/8/2010 4:27:20 PM
mbam-log-2010-02-08 (16-27-20).txt

Scan type: Full Scan (C:\|)
Objects scanned: 261748
Time elapsed: 1 hour(s), 46 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,723 posts
  • MVP
What usually happens is the malware sets up a proxy on your computer. Then it forces IE or Firefox to send all traffic going to the internet to the proxy. Since it's a malware proxy it picks and chooses what goes to the internet and keeps you from going to certain anti-malware sites and perhaps sends copies of interesting traffic like passwords and credit cards to another address for harvesting. MBAM knows the proxy software is malware so removes it but doesn't realize that it's also a proxy so doesn't change the proxy settings on IE and FF. So now IE or Firefox still sends traffic to the proxy but there is no proxy so it doesn't go anywhere and you have lost connectivity to the internet.

To fix it:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, Tools, Options, Advanced, Settings, chek No Proxy then OK. Close Firefox and restart Firefox.

Any better? If so run OTL per Step 5 of the guidelines in the top post of the Malware Removal forum.
http://www.geekstogo...uide-t2852.html
If not let me know and we will try a few other things.

Ron

PS I can see this malware entry:
"yrbufvpr" -> C:\Documents and Settings\Owner\Local Settings\Application Data\hhtpeo\kxnasftav.exe [C:\Documents and Settings\Owner\Local Settings\Application Data\hhtpeo\kxnasftav.exe] -> [2010/02/06 20:57:38 | 000,279,808 | ---- | M] ()

but I'm not really up on how to get rid of it with OTS. Easy with OTL.
  • 0

#3
stallion74

stallion74

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ok seems to be running better. not getting any warnings and avg is not detecting anything as of this time

here is the OTL and Extras log


OTL:
OTL logfile created on: 2/9/2010 9:42:37 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 158.00 Mb Available Physical Memory | 35.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.06 Gb Total Space | 23.44 Gb Free Space | 16.16% Space Free | Partition Type: NTFS
Drive D: | 3.98 Gb Total Space | 2.72 Gb Free Space | 68.31% Space Free | Partition Type: FAT32
Drive E: | 382.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: R-W2A4L6L8
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/09 09:40:43 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/12/31 11:39:07 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/11 17:52:00 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/11 17:51:59 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/30 22:34:58 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/30 22:34:55 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/30 22:34:34 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/11/10 23:08:18 | 000,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/26 20:06:32 | 000,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2009/04/02 12:47:04 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2009/04/02 12:47:02 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/23 08:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/26 20:58:28 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/02/17 06:19:55 | 000,139,264 | ---- | M] (OTi) -- C:\WINDOWS\system32\UStorSrv.exe
PRC - [2002/02/11 13:29:44 | 000,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2002/02/09 14:48:42 | 000,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/09 09:40:43 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/02/03 17:42:34 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/11/30 22:34:34 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/19 16:14:30 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/04/02 12:47:04 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 12:47:02 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/02/17 06:19:55 | 000,139,264 | ---- | M] (OTi) [Auto | Running] -- C:\WINDOWS\System32\UStorSrv.exe -- (UStorage Server Service)
SRV - [2005/07/29 07:08:53 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 14:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/02/11 13:29:44 | 000,303,104 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)


========== Driver Services (SafeList) ==========

DRV - [2009/11/30 22:35:58 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/11/30 22:35:55 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/30 22:35:55 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/07/25 21:53:30 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/08/10 06:32:14 | 000,204,672 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2005/10/05 15:57:08 | 000,012,544 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/07/29 07:26:48 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/07/22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:10 | 000,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/04/06 20:31:36 | 000,173,696 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx)
DRV - [2004/11/15 19:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/08/13 12:49:00 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2004/08/04 14:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/17 17:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/04/19 11:17:41 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Owner\Local Settings\Temp\ldiskl.sys -- (ldiskl)
DRV - [2003/12/30 06:38:52 | 000,028,080 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\incdrm.sys -- (incdrm)
DRV - [2003/12/09 13:16:00 | 000,626,977 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/12/09 13:16:00 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/07/02 07:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 22:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 15:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
DRV - [1999/04/13 11:00:58 | 000,037,696 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fastpara.sys -- (FastPara)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ewebforce.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: *{C94E154B-1459-4A47-966B-4B843BEFC7DB} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555


[2009/12/28 13:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions
[2009/12/28 13:10:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2009/11/10 18:53:38 | 000,351,267 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 171203.com
O1 - Hosts: 127.0.0.1 17-plus.com
O1 - Hosts: 127.0.0.1 1800searchonline.com
O1 - Hosts: 127.0.0.1 www.1800searchonline.com
O1 - Hosts: 127.0.0.1 180searchassistant.com
O1 - Hosts: 12041 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [yrbufvpr] C:\Documents and Settings\Owner\Local Settings\Application Data\hhtpeo\kxnasftav.exe File not found
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [yrbufvpr] C:\Documents and Settings\Owner\Local Settings\Application Data\hhtpeo\kxnasftav.exe File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found
O4 - HKLM..\RunServices: [RegisterDropHandler] C:\Program Files\TextBridge Classic 2.0\Bin\RegisterDropHandler.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.ma...are/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} http://www.trendsecu...vex/TmHcmsX.CAB (TmHcmsX Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com...OnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1155994418250 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} http://www.trendmicr...scan/as4web.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 13:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O32 - AutoRun File - [1999/01/08 22:53:24 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{36db705f-3c72-11d8-a150-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{36db705f-3c72-11d8-a150-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4021e6df-0a2a-11da-b762-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4021e6df-0a2a-11da-b762-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dcd886df-1ef9-11da-9a49-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{dcd886df-1ef9-11da-9a49-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{deff3a65-0821-11da-8b7d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{deff3a65-0821-11da-8b7d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (stera) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/26 13:03:54 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/09 09:40:42 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/08 12:45:25 | 000,632,320 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTS.exe
[2010/02/08 12:14:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/08 12:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/06 21:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Updater5
[2010/02/06 21:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\hhtpeo
[2010/02/03 17:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/03 17:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/29 22:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Monopoly Star Wars
[2010/01/19 19:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG8
[2010/01/18 10:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/01/13 18:41:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/01/13 18:41:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/13 18:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/01/13 16:26:24 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/11/30 22:00:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/30 22:00:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/30 22:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/30 22:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/08/11 05:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2008/02/20 20:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2007/09/19 19:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/06/25 17:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2007/02/20 22:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/04/04 14:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/09 09:47:13 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/09 09:45:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/02/09 09:40:43 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/09 09:32:32 | 055,322,153 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/09 09:29:36 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/09 09:26:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/09 09:26:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/09 09:26:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/09 09:26:22 | 468,242,432 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/09 09:25:06 | 011,534,336 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/02/09 09:25:06 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/02/08 16:23:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[2010/02/08 12:43:35 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/02/08 12:43:31 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2010/02/08 12:43:30 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/02/08 12:09:30 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GAMER.exe
[2010/02/08 12:08:38 | 000,632,320 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTS.exe
[2010/02/08 12:05:00 | 000,794,112 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The_Comedian.exe
[2010/02/07 16:36:18 | 002,108,418 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/02/06 21:04:40 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\~$rians comic book store
[2010/02/03 22:09:25 | 000,021,234 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\AdvancementReport 2-3-2010.pdf
[2010/02/01 21:45:21 | 000,000,240 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2010/01/29 22:38:01 | 000,008,786 | ---- | M] () -- C:\WINDOWS\DeIsL1.isu
[2010/01/29 22:37:52 | 000,000,309 | ---- | M] () -- C:\WINDOWS\smsafari.ini
[2010/01/22 17:01:06 | 002,123,264 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Copy of 2009UMR 1.xls
[2010/01/22 16:51:57 | 000,129,436 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Copy of 2009UMR 1.rar
[2010/01/19 19:45:19 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/17 15:19:00 | 000,003,532 | ---- | M] () -- C:\drmHeader.bin
[2010/01/17 15:11:47 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/14 11:37:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/12 22:58:04 | 000,203,776 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/08 12:56:31 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\GAMER.exe
[2010/02/08 12:43:35 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/02/08 12:43:31 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2010/02/08 12:43:30 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/02/08 12:41:53 | 000,794,112 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The_Comedian.exe
[2010/02/08 12:30:33 | 468,242,432 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/06 21:04:40 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\~$rians comic book store
[2010/02/03 22:09:24 | 000,021,234 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\AdvancementReport 2-3-2010.pdf
[2010/02/03 17:42:59 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/03 17:42:58 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/29 22:28:12 | 000,000,309 | ---- | C] () -- C:\WINDOWS\smsafari.ini
[2010/01/29 22:28:02 | 000,008,786 | ---- | C] () -- C:\WINDOWS\DeIsL1.isu
[2010/01/22 16:51:57 | 000,129,436 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Copy of 2009UMR 1.rar
[2010/01/13 18:43:11 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/12/15 17:23:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[2009/07/27 15:55:13 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/07/01 09:59:59 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2008/11/21 16:47:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/21 16:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/21 16:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/21 16:44:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/12/16 15:22:58 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\VERMONT1.DLL
[2007/12/16 15:22:58 | 000,019,040 | ---- | C] () -- C:\WINDOWS\System32\VRX1.DLL
[2007/12/16 15:22:57 | 000,107,520 | ---- | C] () -- C:\WINDOWS\System32\SIMEARTH.DLL
[2007/12/08 00:46:59 | 000,000,444 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/11/21 21:24:06 | 000,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2007/11/21 21:24:02 | 000,000,165 | ---- | C] () -- C:\WINDOWS\SimTower.ini
[2007/09/29 14:46:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2007/06/18 14:43:18 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/10 07:53:39 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\OPDSL.DLL
[2007/03/03 15:44:45 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/01/26 09:21:08 | 000,000,092 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/01/02 10:35:46 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\update.log
[2006/11/14 21:16:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\lxaklcnp.dll
[2006/08/08 19:04:15 | 000,000,066 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2006/07/18 15:42:02 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/07/11 09:23:17 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2006/07/02 17:59:47 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WAR2R.INI
[2006/06/18 13:55:04 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/06/18 13:55:04 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/06/18 13:55:04 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/06/12 20:19:12 | 000,000,075 | ---- | C] () -- C:\WINDOWS\SSAW.INI
[2006/05/29 18:43:20 | 000,000,206 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/04/22 13:50:36 | 000,000,761 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/03/27 17:32:40 | 000,000,095 | ---- | C] () -- C:\WINDOWS\tb96.ini
[2006/03/27 17:27:27 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/27 16:51:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/03/27 16:45:42 | 000,001,905 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/01/16 17:08:05 | 000,203,776 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/11 12:09:33 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/01/04 14:59:00 | 000,000,240 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/01/03 22:20:40 | 000,002,164 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2006/01/01 23:14:58 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/01/01 22:13:09 | 000,000,100 | ---- | C] () -- C:\WINDOWS\Tb98.ini
[2006/01/01 22:13:02 | 000,046,512 | ---- | C] () -- C:\WINDOWS\System32\EPSN.DLL
[2006/01/01 22:13:02 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2006/01/01 22:13:01 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\PIXPCZ.DLL
[2006/01/01 22:13:01 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\PIXPNR.DLL
[2006/01/01 22:12:20 | 000,000,465 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2006/01/01 22:12:16 | 000,025,441 | ---- | C] () -- C:\WINDOWS\pfantasy.ini
[2006/01/01 22:12:16 | 000,000,018 | ---- | C] () -- C:\WINDOWS\PS_Suite.ini
[2005/07/29 07:28:58 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/07/29 07:28:55 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/07/29 07:22:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/27 05:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 11:12:43 | 000,001,420 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 11:12:43 | 000,000,485 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/12/04 14:47:28 | 004,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2009/12/28 13:04:41 | 008,755,648 | ---- | M] (Vuze Inc.) -- C:\Vuze_Installer.exe


< MD5 for: AGP440.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/09 13:37:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/11/09 13:37:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 08:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/09 13:37:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/11/09 13:37:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/26 05:53:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/26 05:53:18 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/26 05:53:18 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80ED6380
< End of report >


Extra:
OTL Extras logfile created on: 2/9/2010 9:42:37 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 158.00 Mb Available Physical Memory | 35.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.06 Gb Total Space | 23.44 Gb Free Space | 16.16% Space Free | Partition Type: NTFS
Drive D: | 3.98 Gb Total Space | 2.72 Gb Free Space | 68.31% Space Free | Partition Type: FAT32
Drive E: | 382.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: R-W2A4L6L8
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Pearl Harbor - Zero Hour\PHarbor.exe" = C:\Program Files\Pearl Harbor - Zero Hour\PHarbor.exe:*:Disabled:PHarbor -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player -- ()
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A053D60-9267-11D5-8A2B-0050DA8B7D89}" = Planescape - Torment
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series" = Canon iP1800 series
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C7575B0-CCE2-4B96-83A8-F6DB45C0B945}" = Atlantis - Trial by Fire
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2B43252C-A1E3-4C47-927C-9F2C276D3515}" = S3GSetup
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{5ED9E38C-9A96-49D8-89B3-92E278003FCF}" = TRS2006
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3514A5F-40C5-4189-9C49-D7DAEB09FDCF}" = Chabner Short
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E9688BE6-D55F-4B62-9422-99AC56572C0F}" = Pearl Harbor : Zero Hour
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AIM_6" = AIM 6
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Ask Toolbar_is1" = Vuze Toolbar
"AVG9Uninstall" = AVG Free 9.0
"BigFix" = BigFix
"Canon iP1800 series User Registration" = Canon iP1800 series User Registration
"CanonMyPrinter" = Canon My Printer
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"CompanionWizard" = Companion wizard
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Disney's Active Play LKII, Simba's Pride Demo" = Disney's Active Play LKII, Simba's Pride Demo
"Disney's Active Play, A Bug's Life" = Disney's Active Play, A Bug's Life
"Easy-LayoutPrint" = Canon Utilities Easy-LayoutPrint
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"EAX™ Unified (SHELL)" = EAX™ Unified (SHELL)
"ElmosArtWorkshop" = Sesame Street Elmo's Art Workshop
"ERUNT_is1" = ERUNT 1.1j
"Hunting Unlimited 2008" = Hunting Unlimited 2008 1.0
"IBM Scanner" = IBM Scanner
"ie8" = Windows Internet Explorer 8
"Imation Disk Manager V a Service" = Imation Disk Manager V a Service
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"Lexmark Supplies Monitor" = Lexmark Supplies Monitor
"Lexmark Z55" = Lexmark Z55
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"Monopoly Star Wars" = Monopoly Star Wars
"MRW!UninstallKey" = InCD EasyWrite Reader
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MySpaceIM" = MySpaceIM
"Network Play System (Patching)" = Network Play System (Patching)
"PackMaster Millennium" = PackMaster Millennium
"PhotoStudio Suite & IBM Scanner" = PhotoStudio Suite & IBM Scanner
"Prison Tycoon 2" = Prison Tycoon 2
"Pro Media Director_is1" = Pro Media Director Version 2.0.0.1
"RealPlayer 6.0" = RealPlayer Basic
"RollerCoaster Tycoon Setup" = Roll
"SimCity 3000" = SimCity 3000
"SimSafariUninstall" = SimSafari
"Soulbringer" = Soulbringer
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Star Trek -- Starfleet Academy" = Star Trek -- Starfleet Academy
"Sudden Strike" = Sudden Strike
"TextBridge Classic 2.0" = TextBridge Classic 2.0
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"UnityWebPlayer" = Unity Web Player
"VIA/S3G UniChrome Family Win2K/XP Display" = VIA/S3G Display Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual Deep Sea Fishing" = Virtual Deep Sea Fishing
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/7/2010 5:09:36 PM | Computer Name = R-W2A4L6L8 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/7/2010 5:16:33 PM | Computer Name = R-W2A4L6L8 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/8/2010 1:47:09 PM | Computer Name = R-W2A4L6L8 | Source = Google Update | ID = 20
Description =

Error - 2/8/2010 2:47:19 PM | Computer Name = R-W2A4L6L8 | Source = Google Update | ID = 20
Description =

Error - 2/8/2010 3:47:35 PM | Computer Name = R-W2A4L6L8 | Source = Google Update | ID = 20
Description =

Error - 2/8/2010 6:25:42 PM | Computer Name = R-W2A4L6L8 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/8/2010 9:47:08 PM | Computer Name = R-W2A4L6L8 | Source = Google Update | ID = 20
Description =

Error - 2/8/2010 10:47:07 PM | Computer Name = R-W2A4L6L8 | Source = Google Update | ID = 20
Description =

Error - 2/8/2010 11:47:07 PM | Computer Name = R-W2A4L6L8 | Source = Google Update | ID = 20
Description =

Error - 2/9/2010 12:47:07 AM | Computer Name = R-W2A4L6L8 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 2/8/2010 12:48:31 PM | Computer Name = R-W2A4L6L8 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 2/8/2010 12:48:31 PM | Computer Name = R-W2A4L6L8 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AvgLdx86 AvgMfx86 AvgTdiX Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip

Error - 2/8/2010 1:11:45 PM | Computer Name = R-W2A4L6L8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/8/2010 1:13:07 PM | Computer Name = R-W2A4L6L8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/8/2010 1:29:35 PM | Computer Name = R-W2A4L6L8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/8/2010 6:07:34 PM | Computer Name = R-W2A4L6L8 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 2/8/2010 6:07:34 PM | Computer Name = R-W2A4L6L8 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 2/9/2010 10:23:54 AM | Computer Name = R-W2A4L6L8 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0040CAAA78A1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 2/9/2010 10:28:13 AM | Computer Name = R-W2A4L6L8 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 2/9/2010 10:28:13 AM | Computer Name = R-W2A4L6L8 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053


< End of report >



all of that stuff in Hosts how do i get rid of it?

thanks for your help
Greg
  • 0

#4
stallion74

stallion74

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ok seems to be running better. not getting any warnings and avg is not detecting anything as of this time

here is the OTL and Extras log


OTL:
OTL logfile created on: 2/9/2010 9:42:37 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 158.00 Mb Available Physical Memory | 35.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.06 Gb Total Space | 23.44 Gb Free Space | 16.16% Space Free | Partition Type: NTFS
Drive D: | 3.98 Gb Total Space | 2.72 Gb Free Space | 68.31% Space Free | Partition Type: FAT32
Drive E: | 382.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: R-W2A4L6L8
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/09 09:40:43 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/12/31 11:39:07 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/11 17:52:00 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/11 17:51:59 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/30 22:34:58 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/30 22:34:55 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/30 22:34:34 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/11/10 23:08:18 | 000,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/26 20:06:32 | 000,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2009/04/02 12:47:04 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2009/04/02 12:47:02 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/23 08:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/26 20:58:28 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/02/17 06:19:55 | 000,139,264 | ---- | M] (OTi) -- C:\WINDOWS\system32\UStorSrv.exe
PRC - [2002/02/11 13:29:44 | 000,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2002/02/09 14:48:42 | 000,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/09 09:40:43 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/02/03 17:42:34 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/11/30 22:34:34 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/19 16:14:30 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/04/02 12:47:04 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 12:47:02 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/02/17 06:19:55 | 000,139,264 | ---- | M] (OTi) [Auto | Running] -- C:\WINDOWS\System32\UStorSrv.exe -- (UStorage Server Service)
SRV - [2005/07/29 07:08:53 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 14:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/02/11 13:29:44 | 000,303,104 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)


========== Driver Services (SafeList) ==========

DRV - [2009/11/30 22:35:58 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/11/30 22:35:55 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/30 22:35:55 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/07/25 21:53:30 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/08/10 06:32:14 | 000,204,672 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2005/10/05 15:57:08 | 000,012,544 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/07/29 07:26:48 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/07/22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:10 | 000,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/04/06 20:31:36 | 000,173,696 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx)
DRV - [2004/11/15 19:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/08/13 12:49:00 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2004/08/04 14:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/17 17:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/04/19 11:17:41 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Owner\Local Settings\Temp\ldiskl.sys -- (ldiskl)
DRV - [2003/12/30 06:38:52 | 000,028,080 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\incdrm.sys -- (incdrm)
DRV - [2003/12/09 13:16:00 | 000,626,977 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/12/09 13:16:00 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/07/02 07:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 22:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 15:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
DRV - [1999/04/13 11:00:58 | 000,037,696 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fastpara.sys -- (FastPara)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ewebforce.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: *{C94E154B-1459-4A47-966B-4B843BEFC7DB} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555


[2009/12/28 13:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions
[2009/12/28 13:10:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2009/11/10 18:53:38 | 000,351,267 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 171203.com
O1 - Hosts: 127.0.0.1 17-plus.com
O1 - Hosts: 127.0.0.1 1800searchonline.com
O1 - Hosts: 127.0.0.1 www.1800searchonline.com
O1 - Hosts: 127.0.0.1 180searchassistant.com
O1 - Hosts: 12041 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [yrbufvpr] C:\Documents and Settings\Owner\Local Settings\Application Data\hhtpeo\kxnasftav.exe File not found
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [yrbufvpr] C:\Documents and Settings\Owner\Local Settings\Application Data\hhtpeo\kxnasftav.exe File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found
O4 - HKLM..\RunServices: [RegisterDropHandler] C:\Program Files\TextBridge Classic 2.0\Bin\RegisterDropHandler.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.ma...are/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} http://www.trendsecu...vex/TmHcmsX.CAB (TmHcmsX Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com...OnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1155994418250 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} http://www.trendmicr...scan/as4web.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 13:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O32 - AutoRun File - [1999/01/08 22:53:24 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{36db705f-3c72-11d8-a150-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{36db705f-3c72-11d8-a150-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4021e6df-0a2a-11da-b762-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4021e6df-0a2a-11da-b762-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dcd886df-1ef9-11da-9a49-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{dcd886df-1ef9-11da-9a49-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{deff3a65-0821-11da-8b7d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{deff3a65-0821-11da-8b7d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (stera) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/26 13:03:54 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/09 09:40:42 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/08 12:45:25 | 000,632,320 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTS.exe
[2010/02/08 12:14:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/08 12:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/06 21:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Updater5
[2010/02/06 21:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\hhtpeo
[2010/02/03 17:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/03 17:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/29 22:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Monopoly Star Wars
[2010/01/19 19:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG8
[2010/01/18 10:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/01/13 18:41:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/01/13 18:41:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/13 18:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/01/13 16:26:24 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/11/30 22:00:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/30 22:00:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/30 22:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/30 22:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/08/11 05:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2008/02/20 20:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2007/09/19 19:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/06/25 17:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2007/02/20 22:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/04/04 14:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/09 09:47:13 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/09 09:45:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/02/09 09:40:43 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/09 09:32:32 | 055,322,153 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/09 09:29:36 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/09 09:26:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/09 09:26:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/09 09:26:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/09 09:26:22 | 468,242,432 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/09 09:25:06 | 011,534,336 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/02/09 09:25:06 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/02/08 16:23:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[2010/02/08 12:43:35 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/02/08 12:43:31 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2010/02/08 12:43:30 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/02/08 12:09:30 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GAMER.exe
[2010/02/08 12:08:38 | 000,632,320 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTS.exe
[2010/02/08 12:05:00 | 000,794,112 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The_Comedian.exe
[2010/02/07 16:36:18 | 002,108,418 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/02/06 21:04:40 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\~$rians comic book store
[2010/02/03 22:09:25 | 000,021,234 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\AdvancementReport 2-3-2010.pdf
[2010/02/01 21:45:21 | 000,000,240 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2010/01/29 22:38:01 | 000,008,786 | ---- | M] () -- C:\WINDOWS\DeIsL1.isu
[2010/01/29 22:37:52 | 000,000,309 | ---- | M] () -- C:\WINDOWS\smsafari.ini
[2010/01/22 17:01:06 | 002,123,264 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Copy of 2009UMR 1.xls
[2010/01/22 16:51:57 | 000,129,436 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Copy of 2009UMR 1.rar
[2010/01/19 19:45:19 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/17 15:19:00 | 000,003,532 | ---- | M] () -- C:\drmHeader.bin
[2010/01/17 15:11:47 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/14 11:37:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/12 22:58:04 | 000,203,776 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/08 12:56:31 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\GAMER.exe
[2010/02/08 12:43:35 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/02/08 12:43:31 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2010/02/08 12:43:30 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/02/08 12:41:53 | 000,794,112 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The_Comedian.exe
[2010/02/08 12:30:33 | 468,242,432 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/06 21:04:40 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\~$rians comic book store
[2010/02/03 22:09:24 | 000,021,234 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\AdvancementReport 2-3-2010.pdf
[2010/02/03 17:42:59 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/03 17:42:58 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/29 22:28:12 | 000,000,309 | ---- | C] () -- C:\WINDOWS\smsafari.ini
[2010/01/29 22:28:02 | 000,008,786 | ---- | C] () -- C:\WINDOWS\DeIsL1.isu
[2010/01/22 16:51:57 | 000,129,436 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Copy of 2009UMR 1.rar
[2010/01/13 18:43:11 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/12/15 17:23:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[2009/07/27 15:55:13 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/07/01 09:59:59 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2008/11/21 16:47:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/21 16:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/21 16:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/21 16:44:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/12/16 15:22:58 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\VERMONT1.DLL
[2007/12/16 15:22:58 | 000,019,040 | ---- | C] () -- C:\WINDOWS\System32\VRX1.DLL
[2007/12/16 15:22:57 | 000,107,520 | ---- | C] () -- C:\WINDOWS\System32\SIMEARTH.DLL
[2007/12/08 00:46:59 | 000,000,444 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/11/21 21:24:06 | 000,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2007/11/21 21:24:02 | 000,000,165 | ---- | C] () -- C:\WINDOWS\SimTower.ini
[2007/09/29 14:46:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2007/06/18 14:43:18 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/10 07:53:39 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\OPDSL.DLL
[2007/03/03 15:44:45 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/01/26 09:21:08 | 000,000,092 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/01/02 10:35:46 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\update.log
[2006/11/14 21:16:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\lxaklcnp.dll
[2006/08/08 19:04:15 | 000,000,066 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2006/07/18 15:42:02 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/07/11 09:23:17 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2006/07/02 17:59:47 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WAR2R.INI
[2006/06/18 13:55:04 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/06/18 13:55:04 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/06/18 13:55:04 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/06/12 20:19:12 | 000,000,075 | ---- | C] () -- C:\WINDOWS\SSAW.INI
[2006/05/29 18:43:20 | 000,000,206 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/04/22 13:50:36 | 000,000,761 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/03/27 17:32:40 | 000,000,095 | ---- | C] () -- C:\WINDOWS\tb96.ini
[2006/03/27 17:27:27 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/27 16:51:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/03/27 16:45:42 | 000,001,905 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/01/16 17:08:05 | 000,203,776 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/11 12:09:33 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/01/04 14:59:00 | 000,000,240 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/01/03 22:20:40 | 000,002,164 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2006/01/01 23:14:58 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/01/01 22:13:09 | 000,000,100 | ---- | C] () -- C:\WINDOWS\Tb98.ini
[2006/01/01 22:13:02 | 000,046,512 | ---- | C] () -- C:\WINDOWS\System32\EPSN.DLL
[2006/01/01 22:13:02 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2006/01/01 22:13:01 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\PIXPCZ.DLL
[2006/01/01 22:13:01 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\PIXPNR.DLL
[2006/01/01 22:12:20 | 000,000,465 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2006/01/01 22:12:16 | 000,025,441 | ---- | C] () -- C:\WINDOWS\pfantasy.ini
[2006/01/01 22:12:16 | 000,000,018 | ---- | C] () -- C:\WINDOWS\PS_Suite.ini
[2005/07/29 07:28:58 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/07/29 07:28:55 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/07/29 07:22:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/27 05:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 11:12:43 | 000,001,420 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 11:12:43 | 000,000,485 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/12/04 14:47:28 | 004,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2009/12/28 13:04:41 | 008,755,648 | ---- | M] (Vuze Inc.) -- C:\Vuze_Installer.exe


< MD5 for: AGP440.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/09 13:37:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/11/09 13:37:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 08:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/09 13:37:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/11/09 13:37:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/26 05:53:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/26 05:53:18 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/26 05:53:18 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80ED6380
< End of report >


Extra:
OTL Extras logfile created on: 2/9/2010 9:42:37 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 158.00 Mb Available Physical Memory | 35.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.06 Gb Total Space | 23.44 Gb Free Space | 16.16% Space Free | Partition Type: NTFS
Drive D: | 3.98 Gb Total Space | 2.72 Gb Free Space | 68.31% Space Free | Partition Type: FAT32
Drive E: | 382.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: R-W2A4L6L8
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Pearl Harbor - Zero Hour\PHarbor.exe" = C:\Program Files\Pearl Harbor - Zero Hour\PHarbor.exe:*:Disabled:PHarbor -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player -- ()
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A053D60-9267-11D5-8A2B-0050DA8B7D89}" = Planescape - Torment
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series" = Canon iP1800 series
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C7575B0-CCE2-4B96-83A8-F6DB45C0B945}" = Atlantis - Trial by Fire
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2B43252C-A1E3-4C47-927C-9F2C276D3515}" = S3GSetup
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{5ED9E38C-9A96-49D8-89B3-92E278003FCF}" = TRS2006
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3514A5F-40C5-4189-9C49-D7DAEB09FDCF}" = Chabner Short
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E9688BE6-D55F-4B62-9422-99AC56572C0F}" = Pearl Harbor : Zero Hour
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AIM_6" = AIM 6
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Ask Toolbar_is1" = Vuze Toolbar
"AVG9Uninstall" = AVG Free 9.0
"BigFix" = BigFix
"Canon iP1800 series User Registration" = Canon iP1800 series User Registration
"CanonMyPrinter" = Canon My Printer
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"CompanionWizard" = Companion wizard
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Disney's Active Play LKII, Simba's Pride Demo" = Disney's Active Play LKII, Simba's Pride Demo
"Disney's Active Play, A Bug's Life" = Disney's Active Play, A Bug's Life
"Easy-LayoutPrint" = Canon Utilities Easy-LayoutPrint
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"EAX™ Unified (SHELL)" = EAX™ Unified (SHELL)
"ElmosArtWorkshop" = Sesame Street Elmo's Art Workshop
"ERUNT_is1" = ERUNT 1.1j
"Hunting Unlimited 2008" = Hunting Unlimited 2008 1.0
"IBM Scanner" = IBM Scanner
"ie8" = Windows Internet Explorer 8
"Imation Disk Manager V a Service" = Imation Disk Manager V a Service
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"Lexmark Supplies Monitor" = Lexmark Supplies Monitor
"Lexmark Z55" = Lexmark Z55
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"Monopoly Star Wars" = Monopoly Star Wars
"MRW!UninstallKey" = InCD EasyWrite Reader
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MySpaceIM" = MySpaceIM
"Network Play System (Patching)" = Network Play System (Patching)
"PackMaster Millennium" = PackMaster Millennium
"PhotoStudio Suite & IBM Scanner" = PhotoStudio Suite & IBM Scanner
"Prison Tycoon 2" = Prison Tycoon 2
"Pro Media Director_is1" = Pro Media Director Version 2.0.0.1
"RealPlayer 6.0" = RealPlayer Basic
"RollerCoaster Tycoon Setup" = Roll
"SimCity 3000" = SimCity 3000
"SimSafariUninstall" = SimSafari
"Soulbringer" = Soulbringer
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Star Trek -- Starfleet Academy" = Star Trek -- Starfleet Academy
"Sudden Strike" = Sudden Strike
"TextBridge Classic 2.0" = TextBridge Classic 2.0
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"UnityWebPlayer" = Unity Web Player
"VIA/S3G UniChrome Family Win2K/XP Display" = VIA/S3G Display Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual Deep Sea Fishing" = Virtual Deep Sea Fishing
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/7/2010 5:09:36 PM | Computer Name = R-W2A4L6L8 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/7/2010 5:16:33 PM | Computer Name = R-W2A4L6L8 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/8/2010 1:47:09 PM | Computer Name = R-W2A4L6L8 | Source = Google Update | ID = 20
Description =

Error - 2/8/2010 2:47:19 PM | Computer Name = R-W2A4L6L8 | Source = Google Update | ID = 20
Description =

Error - 2/8/2010 3:47:35 PM | Computer Name = R-W2A4L6L8 | Source = Google Update | ID = 20
Description =

Error - 2/8/2010 6:25:42 PM | Computer Name = R-W2A4L6L8 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/8/2010 9:47:08 PM | Computer Name = R-W2A4L6L8 | Source = Google Update | ID = 20
Description =

Error - 2/8/2010 10:47:07 PM | Computer Name = R-W2A4L6L8 | Source = Google Update | ID = 20
Description =

Error - 2/8/2010 11:47:07 PM | Computer Name = R-W2A4L6L8 | Source = Google Update | ID = 20
Description =

Error - 2/9/2010 12:47:07 AM | Computer Name = R-W2A4L6L8 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 2/8/2010 12:48:31 PM | Computer Name = R-W2A4L6L8 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 2/8/2010 12:48:31 PM | Computer Name = R-W2A4L6L8 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AvgLdx86 AvgMfx86 AvgTdiX Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip

Error - 2/8/2010 1:11:45 PM | Computer Name = R-W2A4L6L8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/8/2010 1:13:07 PM | Computer Name = R-W2A4L6L8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/8/2010 1:29:35 PM | Computer Name = R-W2A4L6L8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/8/2010 6:07:34 PM | Computer Name = R-W2A4L6L8 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 2/8/2010 6:07:34 PM | Computer Name = R-W2A4L6L8 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 2/9/2010 10:23:54 AM | Computer Name = R-W2A4L6L8 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0040CAAA78A1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 2/9/2010 10:28:13 AM | Computer Name = R-W2A4L6L8 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 2/9/2010 10:28:13 AM | Computer Name = R-W2A4L6L8 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053


< End of report >



all of that stuff in Hosts how do i get rid of it?

thanks for your help
Greg
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,723 posts
  • MVP
We can clean out the hosts file but all the entries I see are just keeping you from going to bad sites. I think Spybot does that if you tell them immunize. Speaking of which we need to turn it off for now.

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

We don't want it to undo any changes we make. You can turn it back on when we are done.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. (You will get a new window on boot where you can choose to run the Recovery Console but it lasts only 2 seconds so it's not going to slow you down much.) When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Reboot now, please :!:
  • 0

#6
stallion74

stallion74

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ok we don't need to mess with the host. i thought maybe it wasn't a good thing

here is the combofix

ComboFix 10-02-08.09 - Owner 02/09/2010 13:42:15.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.134 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\George.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\err.log
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\Common Files\companion wizard
c:\program files\Common Files\Companion Wizard\log.txt
c:\recycler\S-1-5-21-4014016795-435180186-1088327440-1003
C:\WA6P
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\EventSystem.log
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN


((((((((((((((((((((((((( Files Created from 2010-01-09 to 2010-02-09 )))))))))))))))))))))))))))))))
.

2010-02-08 17:13 . 2010-02-08 17:43 -------- d-----w- c:\program files\ERUNT
2010-02-08 16:54 . 2010-02-08 16:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-08 16:48 . 2010-02-08 16:48 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-07 02:02 . 2010-02-08 17:48 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\hhtpeo
2010-02-03 22:49 . 2010-02-03 22:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-01-30 03:21 . 2010-01-30 03:26 -------- d-----w- c:\program files\Monopoly Star Wars
2010-01-20 00:44 . 2010-01-20 00:44 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2010-01-18 15:22 . 2010-01-18 15:26 -------- d-----w- c:\program files\Coupons
2010-01-13 23:41 . 2010-01-13 23:52 -------- d-----w- c:\program files\iTunes
2010-01-13 23:41 . 2010-01-13 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-13 23:36 . 2010-01-13 23:38 -------- d-----w- c:\program files\QuickTime
2010-01-13 21:26 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 15:23 . 2009-12-15 22:23 0 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat
2010-02-07 01:58 . 2009-12-28 18:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Azureus
2010-02-03 22:42 . 2005-07-29 12:15 -------- d-----w- c:\program files\Google
2010-01-30 03:28 . 2006-09-10 18:58 -------- d-----w- c:\program files\Maxis
2010-01-17 20:19 . 2010-01-05 18:02 3532 ----a-w- C:\drmHeader.bin
2010-01-13 23:53 . 2007-06-18 13:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-01-13 23:41 . 2007-06-18 13:44 -------- d-----w- c:\program files\iPod
2010-01-13 23:41 . 2007-07-18 13:16 -------- d-----w- c:\program files\Common Files\Apple
2010-01-10 07:44 . 2009-12-04 19:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-09 17:36 . 2010-01-09 17:33 -------- d-----w- c:\program files\Hunting Unlimited 2008
2010-01-07 21:07 . 2009-12-04 19:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-12-04 19:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-28 18:11 . 2009-12-28 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-12-28 18:10 . 2009-12-28 18:10 -------- d-----w- c:\program files\Vuze
2009-12-28 18:10 . 2009-12-28 18:10 -------- d-----w- c:\program files\AskBarDis
2009-12-28 18:04 . 2009-12-28 18:04 8755648 ----a-w- C:\Vuze_Installer.exe
2009-12-28 17:52 . 2007-09-30 00:13 -------- d-----w- c:\program files\Ahead
2009-12-28 17:52 . 2007-09-30 00:13 -------- d-----w- c:\program files\Common Files\Ahead
2009-12-28 17:42 . 2006-10-29 02:33 -------- d-----w- c:\program files\Call of Duty Game of the Year Edition
2009-12-28 17:40 . 2005-07-29 12:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-28 17:34 . 2009-02-20 23:52 -------- d-----w- c:\program files\eGames
2009-12-21 19:14 . 2004-08-26 16:12 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 23:35 . 2008-11-20 01:32 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2009-12-04 19:47 . 2009-12-04 19:47 4844296 ----a-w- C:\mbam-setup.exe
2009-12-01 03:35 . 2009-04-17 02:24 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-01 03:35 . 2009-01-02 19:51 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-01 03:35 . 2008-01-07 20:52 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-01 03:35 . 2009-02-06 05:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-27 01:28 . 2009-11-27 01:27 911250 ----a-w- c:\windows\Prison Tycoon 2 Uninstaller.exe
2009-11-21 15:51 . 2004-08-26 16:11 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-03-19 801904]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-08-14 5562368]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
PowerReg Scheduler.exe [2009-10-13 189952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-01 03:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EZ Station.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EZ Station.lnk
backup=c:\windows\pss\EZ Station.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\reminder-ScanSoft Product Registration.lnk
backup=c:\windows\pss\reminder-ScanSoft Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2006-10-17 01:40 1197648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-10 00:24 50760 ----a-w- c:\program files\Common Files\AOL\1142267845\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
2006-02-17 16:59 124520 ----a-w- c:\program files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2007-08-14 00:04 5562368 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 06:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-03-15 17:04 966656 ----a-w- c:\windows\creator\remind_xp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 03:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2003-12-09 18:17 67584 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 08:00 132496 ----a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
2004-11-15 22:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-27 01:58 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2005-03-08 10:33 53248 ----a-w- c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 23:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGEMS"=2 (0x2)
"PrismXL"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"AresChatServer"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pearl Harbor - Zero Hour\\PHarbor.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/2/2009 2:51 PM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/16/2009 9:24 PM 360584]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [12/28/2009 1:10 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [12/28/2009 1:10 PM 234888]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/30/2009 10:34 PM 285392]
R2 FastPara;FastPara;c:\windows\system32\drivers\fastpara.sys [1/1/2006 10:12 PM 37696]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/25/2008 3:41 PM 24652]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 5:42 PM 135664]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 ldiskl;ldiskl;\??\c:\docume~1\Owner\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\Owner\LOCALS~1\Temp\ldiskl.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 22:42]

2010-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 22:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ewebforce.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-*{C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
HKCU-Run-yrbufvpr - c:\documents and settings\Owner\Local Settings\Application Data\hhtpeo\kxnasftav.exe
HKLM-Run-yrbufvpr - c:\documents and settings\Owner\Local Settings\Application Data\hhtpeo\kxnasftav.exe
MSConfigStartUp-dqdnsxdxuq - c:\documents and settings\owner\local settings\application data\dqdnsxdxuq.exe
MSConfigStartUp-DSS - c:\windows\BBSTORE\DSS\DSSAGENT.EXE
MSConfigStartUp-InCD - c:\program files\Ahead\InCD\InCD.exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-Random scan - c:\windows\system32\lytcxkfu.exe
MSConfigStartUp-wpmpormd - c:\windows\system32\wpmpormd.exe
AddRemove-CompanionWizard - c:\program files\Common Files\Companion Wizard\compwiz.exe
AddRemove-Imation Disk Manager V a Service - c:\docume~1\Owner\LOCALS~1\Temp\Imation Disk Manager V a.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-09 13:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3752)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\UStorSrv.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-02-09 14:05:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-09 19:05

Pre-Run: 29,818,671,104 bytes free
Post-Run: 29,673,840,640 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - E02E9B3A7C39091E74D7E383B0914558
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,723 posts
  • MVP
I think we got everything. Any signs of a problem left?

We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f


I usually recommend a free BitDefender online scan as a final check to see if we missed anything. http://www.bitdefend...nline/free.html
It takes a while (hours) and you have to turn off your antivirus while you are running it but it is pretty thorough.

If windows blocks the active x then try putting Bitdefender in your trusted sites: In IE, Tool, Internet Options, Security, Trusted Sites, Sites. Then uncheck the HTTPS box and put in *.bitdefender.com then ADD. OK.

If BitDefender comes back clean then you can uninstall or delete any tools we had you download and their logs. You can manually remove C:\george, C:\qoobox then put your system back the way it was (tho i would leave the hide extensions option unchecked.)


You do not have the latest Java. Get the latest at:

http://www.java.com/...nload/index.jsp


Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

Ron
  • 0

#8
stallion74

stallion74

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
no problems now, i am going to update and do the suggested scan you mentioned. i am sure it is good if you want to close this. if BD finds anything then i will ask this to be opened back up. if you want to keep open for now, i think i will do the virus scan later tonight when no one is using the computer (they are going through withdrawl since i wouldn't let them on the computer as i was fixing it) LOL
  • 0

#9
stallion74

stallion74

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
scan came back clean
thank you so much for your help
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP