GMER LOGGMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-02-09 09:20:52
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\******~1\LOCALS~1\Temp\fgldrpob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEE3126B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEE312574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEE312A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEE31214C]
SSDT spwo.sys ZwEnumerateKey [0xF7522CA2]
SSDT spwo.sys ZwEnumerateValueKey [0xF7523030]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEE31264E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEE31208C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEE3120F0]
SSDT spwo.sys ZwQueryKey [0xF7523108]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEE31276E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEE31272E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEE3128AE]
INT 0x63 ? 857DEBF8
INT 0x82 ? 85770BF8
INT 0x83 ? 85770BF8
INT 0x83 ? 85770BF8
INT 0x83 ? 85770BF8
INT 0xA4 ? 855D3DD8
INT 0xA4 ? 855D3DD8
INT 0xA4 ? 855D3DD8
INT 0xA4 ? 855D3DD8
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 857DA1F8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Udfs \UdfsCdRom 84E6E1F8
Device \FileSystem\Udfs \UdfsDisk 84E6E1F8
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\usbohci \Device\USBPDO-0 855C11F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 857DC1F8
Device \Driver\dmio \Device\DmControl\DmConfig 857DC1F8
Device \Driver\dmio \Device\DmControl\DmPnP 857DC1F8
Device \Driver\dmio \Device\DmControl\DmInfo 857DC1F8
Device \Driver\usbohci \Device\USBPDO-1 855C11F8
Device \Driver\usbehci \Device\USBPDO-2 855AA1F8
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Ftdisk \Device\HarddiskVolume1 857711F8
Device \Driver\Cdrom \Device\CdRom0 8559D1F8
Device \Driver\Cdrom \Device\CdRom1 8559D1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F743AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F743AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F743AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F743AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F743AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 [F743AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 852DE500
Device \Driver\NetBT \Device\NetBT_Tcpip_{9A5FE4A5-8534-4FFE-9797-7CE3FDE52D98} 852DE500
Device \Driver\NetBT \Device\NetbiosSmb 852DE500
Device \Driver\PCI_PNP5148 \Device\0000004c spwo.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbohci \Device\USBFDO-0 855C11F8
Device \Driver\usbohci \Device\USBFDO-1 855C11F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 854261F8
Device \Driver\usbehci \Device\USBFDO-2 855AA1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 854261F8
Device \Driver\Ftdisk \Device\FtControl 857711F8
Device \Driver\sptd \Device\1641825148 spwo.sys
Device \Driver\as18x597 \Device\Scsi\as18x5971Port4Path0Target0Lun0 855341F8
Device \Driver\as18x597 \Device\Scsi\as18x5971 855341F8
Device \FileSystem\Cdfs \Cdfs 8529C500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0xB7 0x35 0x88 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x44 0x35 0x74 0x88 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC4 0x33 0xDF 0x26 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0xB7 0x35 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x44 0x35 0x74 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC4 0x33 0xDF 0x26 ...
---- EOF - GMER 1.0.15 ----
--------------------------------------------------------------------------------------------------------
OTL LOGOTL logfile created on: 2/9/2010 9:24:07 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\*********\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
894.00 Mb Total Physical Memory | 518.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 28.12 Gb Free Space | 30.19% Space Free | Partition Type: NTFS
Drive D: | 330.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: *********
Current User Name: *********
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2010/02/09 09:21:18 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\[bleep] [bleep]er\My Documents\Downloads\OTL(2).exe
PRC - [2009/11/25 04:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/25 04:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 04:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/25 04:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/25 04:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/09 01:35:13 | 000,153,848 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQLite\icq.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/04/14 05:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/29 18:37:06 | 003,858,432 | ---- | M] (Provide Support, LLC) -- C:\Program Files\Provide Support\Live Support Chat for Web Site\ProvideSupportConsole.exe
PRC - [2006/08/01 22:57:06 | 001,773,568 | ---- | M] (TOSHIBA Inc.) -- C:\Program Files\TOSHIBA\Windows Utilities\Hotkey.exe
PRC - [2006/05/26 06:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/03/17 01:58:50 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2005/12/12 11:33:46 | 000,393,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/12/11 21:05:00 | 000,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/09/27 00:22:28 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2005/06/01 09:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/06/01 08:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/03/18 05:37:26 | 000,151,552 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2005/01/18 04:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
========== Modules (SafeList) ========== MOD - [2010/02/09 09:21:18 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\*********\My Documents\Downloads\OTL(2).exe
MOD - [2009/11/25 04:50:32 | 000,139,264 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll
========== Win32 Services (SafeList) ========== SRV - [2009/11/25 04:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 04:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 04:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 04:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/11/21 02:20:44 | 000,536,872 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/08/29 23:18:44 | 000,238,888 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2006/05/26 06:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/12/12 11:33:46 | 000,393,216 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/09/27 00:22:28 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2005/07/13 05:14:42 | 000,040,960 | ---- | M] () [Disabled | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/04/04 12:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/01/18 04:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 12:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2003/07/29 00:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.toshibadirect.com/dpdstartIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://start.icq.com/IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "
http://www.google.com"FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems:
[email protected]:3.1.0
FF - prefs.js..extensions.enabledItems:
[email protected]:1.0
FF - prefs.js..extensions.enabledItems:
[email protected]:0.6.20100112
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.68
FF - prefs.js..extensions.enabledItems: {a02c0c70-605c-11da-8cd6-0800200c9a66}:4.19
FF - prefs.js..network.proxy.backup.ftp: "64.18.143.219"
FF - prefs.js..network.proxy.backup.ftp_port: 2407
FF - prefs.js..network.proxy.backup.gopher: "64.18.143.219"
FF - prefs.js..network.proxy.backup.gopher_port: 2407
FF - prefs.js..network.proxy.backup.socks: "64.18.143.219"
FF - prefs.js..network.proxy.backup.socks_port: 2407
FF - prefs.js..network.proxy.backup.ssl: "64.18.143.219"
FF - prefs.js..network.proxy.backup.ssl_port: 2407
FF - prefs.js..network.proxy.ftp: "64.18.143.219"
FF - prefs.js..network.proxy.ftp_port: 2407
FF - prefs.js..network.proxy.gopher: "64.18.143.219"
FF - prefs.js..network.proxy.gopher_port: 2407
FF - prefs.js..network.proxy.http: "64.18.143.219"
FF - prefs.js..network.proxy.http_port: 2407
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "64.18.143.219"
FF - prefs.js..network.proxy.socks_port: 2407
FF - prefs.js..network.proxy.ssl: "64.18.143.219"
FF - prefs.js..network.proxy.ssl_port: 2407
FF - prefs.js..network.proxy.type: 1
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/01/19 15:12:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\Common Files\Target Marketing Agency\TMAgent\extension
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/17 23:58:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/07 08:31:13 | 000,000,000 | ---D | M]
[2009/01/18 14:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*********\Application Data\Mozilla\Extensions
[2010/02/09 09:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*********\Application Data\Mozilla\Firefox\Profiles\4g6m9h2i.default\extensions
[2010/01/19 19:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\*********\Application Data\Mozilla\Firefox\Profiles\4g6m9h2i.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/09/10 21:17:02 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\*********\Application Data\Mozilla\Firefox\Profiles\4g6m9h2i.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/01/19 19:26:03 | 000,000,000 | ---D | M] (PimpZilla) -- C:\Documents and Settings\*********\Application Data\Mozilla\Firefox\Profiles\4g6m9h2i.default\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}
[2010/01/17 23:59:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\*********\Application Data\Mozilla\Firefox\Profiles\4g6m9h2i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/19 00:15:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\*********\Application Data\Mozilla\Firefox\Profiles\4g6m9h2i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/17 23:59:24 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\*********\Application Data\Mozilla\Firefox\Profiles\4g6m9h2i.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/01/17 23:59:01 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\*********\Application Data\Mozilla\Firefox\Profiles\4g6m9h2i.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/01/19 19:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*********\Application Data\Mozilla\Firefox\Profiles\4g6m9h2i.default\extensions\
[email protected][2010/01/17 23:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*********\Application Data\Mozilla\Firefox\Profiles\4g6m9h2i.default\extensions\
[email protected][2010/02/02 09:28:19 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\*********\Application Data\Mozilla\Firefox\Profiles\4g6m9h2i.default\searchplugins\icqplugin-1.xml
[2009/01/18 19:06:06 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\*********\Application Data\Mozilla\Firefox\Profiles\4g6m9h2i.default\searchplugins\icqplugin-2.xml
[2009/02/07 15:46:23 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\*********\Application Data\Mozilla\Firefox\Profiles\4g6m9h2i.default\searchplugins\icqplugin-3.xml
[2008/11/23 18:11:36 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\*********\Application Data\Mozilla\Firefox\Profiles\4g6m9h2i.default\searchplugins\icqplugin.xml
[2008/12/12 23:23:54 | 000,002,158 | ---- | M] () -- C:\Documents and Settings\*********\Application Data\Mozilla\Firefox\Profiles\4g6m9h2i.default\searchplugins\MySpace.xml
[2010/02/09 09:15:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/01/18 15:08:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
O1 HOSTS File: ([2010/02/09 08:20:59 | 000,249,147 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.139mm.com
O1 - Hosts: 8709 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Toshiba Hotkey Utility] c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKCU..\Run: [ProvideSupportOperatorConsole[default]] C:\Program Files\Provide Support\Live Support Chat for Web Site\ProvideSupportConsole.exe (Provide Support, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\*********\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\*********\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ Lite - {E59EB121-F339-4851-A3BA-FE49C35617C2} - File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {E59EB121-F339-4851-A3BA-FE49C35617C2} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 40 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://update.micros...b?1232359627345 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}
http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\*********\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\*********\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/19 10:24:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1997/08/14 22:37:26 | 000,450,560 | R--- | M] () - D:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [1996/06/05 02:07:26 | 000,000,051 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{b2d76773-33c7-11db-bd96-806d6172696f}\Shell\play\command - "" = C:\Program Files\InterVideo\WinDVD\WinDVD.exe -- [2006/07/29 06:07:26 | 000,106,496 | ---- | M] (InterVideo Inc.)
O33 - MountPoints2\{c98bcb77-1093-11de-9adb-00163680bf1d}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe -- File not found
O33 - MountPoints2\{c98bcb77-1093-11de-9adb-00163680bf1d}\Shell\open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/10/19 10:23:06 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17454841580224512)
========== Files/Folders - Created Within 14 Days ========== [2010/02/09 09:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/09 08:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/09 08:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/09 08:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/02/09 08:11:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\*********\Recent
[2010/02/08 11:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/02/08 11:34:51 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/08 08:18:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\*********\Application Data\Malwarebytes
[2010/02/08 08:17:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/08 08:17:52 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/08 08:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/08 08:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/07 17:39:00 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\*********\Desktop\spybotsd162.exe
[2010/02/05 22:41:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\*********\Local Settings\Application Data\vuwjws
[2010/02/02 13:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\*********\Desktop\chika
[2009/08/20 22:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2009/08/20 22:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/08/12 23:03:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2009/08/12 23:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2009/01/29 16:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2009/01/29 09:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/01/19 16:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/01/18 21:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2006/10/19 10:27:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/10/19 10:27:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/10/19 10:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
========== Files - Modified Within 14 Days ========== [2010/02/09 09:20:52 | 010,747,904 | -H-- | M] () -- C:\Documents and Settings\*********\NTUSER.DAT
[2010/02/09 09:01:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/09 09:01:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/09 09:01:12 | 937,603,072 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/09 08:59:34 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\*********\ntuser.ini
[2010/02/09 08:57:15 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\*********\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/02/09 08:57:08 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\*********\Desktop\NTREGOPT.lnk
[2010/02/09 08:57:08 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\*********\Desktop\ERUNT.lnk
[2010/02/09 08:20:59 | 000,249,147 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/09 08:15:52 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\*********\Desktop\Spybot - Search & Destroy.lnk
[2010/02/08 18:30:13 | 000,027,204 | ---- | M] () -- C:\Documents and Settings\*********\Desktop\worksheet.rtf
[2010/02/08 14:54:32 | 000,109,568 | ---- | M] () -- C:\Documents and Settings\*********\Desktop\2010_02_shipping_0201.xls
[2010/02/08 14:52:34 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\*********\Desktop\2010_01_shipping_0131.xls
[2010/02/08 11:47:18 | 000,366,344 | ---- | M] () -- C:\Documents and Settings\*********\My Documents\cc_20100208_114703.reg
[2010/02/08 11:35:31 | 000,001,559 | ---- | M] () -- C:\Documents and Settings\*********\Desktop\CCleaner.lnk
[2010/02/08 11:34:51 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\*********\Desktop\HijackThis.lnk
[2010/02/08 10:05:51 | 001,098,498 | ---- | M] () -- C:\Documents and Settings\*********\Desktop\thinkifoundit.bmp
[2010/02/08 10:03:03 | 000,156,915 | ---- | M] () -- C:\Documents and Settings\*********\Desktop\scan-2.JPG
[2010/02/08 08:17:58 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/07 18:00:03 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\*********\Desktop\spybotsd162.exe
[2010/02/07 16:49:04 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/07 16:29:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/04 09:27:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/04 07:49:38 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/04 07:46:25 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/02/04 07:40:31 | 001,577,344 | -H-- | M] () -- C:\Documents and Settings\*********\Local Settings\Application Data\IconCache.db
[2010/02/01 00:58:46 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\*********\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/29 05:50:44 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010/01/28 22:27:16 | 000,293,423 | ---- | M] () -- C:\Documents and Settings\*********\1 019.jpg
========== Files Created - No Company Name ========== [2010/02/09 08:57:15 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\*********\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/02/09 08:57:08 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\*********\Desktop\NTREGOPT.lnk
[2010/02/09 08:57:08 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\*********\Desktop\ERUNT.lnk
[2010/02/09 08:56:50 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\*********\Desktop\gmer.exe
[2010/02/09 08:15:52 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\*********\Desktop\Spybot - Search & Destroy.lnk
[2010/02/08 14:54:20 | 000,109,568 | ---- | C] () -- C:\Documents and Settings\*********\Desktop\2010_02_shipping_0201.xls
[2010/02/08 14:52:26 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\*********\Desktop\2010_01_shipping_0131.xls
[2010/02/08 11:47:06 | 000,366,344 | ---- | C] () -- C:\Documents and Settings\*********\My Documents\cc_20100208_114703.reg
[2010/02/08 11:35:31 | 000,001,559 | ---- | C] () -- C:\Documents and Settings\*********\Desktop\CCleaner.lnk
[2010/02/08 11:34:51 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\*********\Desktop\HijackThis.lnk
[2010/02/08 09:59:31 | 001,098,498 | ---- | C] () -- C:\Documents and Settings\*********\Desktop\thinkifoundit.bmp
[2010/02/08 09:48:04 | 000,156,915 | ---- | C] () -- C:\Documents and Settings\*********\Desktop\scan-2.JPG
[2010/02/08 08:17:58 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/08 07:57:35 | 937,603,072 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/06 09:04:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/29 02:34:18 | 000,293,423 | ---- | C] () -- C:\Documents and Settings\*********\Desktop\1 019.jpg
[2009/11/08 17:42:20 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/02/20 02:06:17 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/02/01 01:34:27 | 000,001,043 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/02/01 01:05:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI
[2009/01/23 22:20:36 | 000,206,336 | ---- | C] () -- C:\Documents and Settings\*********\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/21 21:34:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2009/01/21 21:34:31 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/01/21 19:35:47 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2009/01/19 15:15:27 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/18 21:40:42 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\*********\Local Settings\Application Data\fusioncache.dat
[2009/01/18 18:57:56 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/01/18 14:50:37 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\zdmDll.dll
[2009/01/18 14:50:37 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\AsNotify.dll
[2009/01/18 14:50:37 | 000,001,185 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2009/01/18 14:47:16 | 000,002,229 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/01/18 14:47:14 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/10/19 13:13:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/10/19 13:13:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/10/19 13:13:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/10/19 13:13:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/10/19 13:13:16 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/10/19 13:13:16 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/10/19 11:53:50 | 000,011,122 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2006/10/19 11:53:50 | 000,002,036 | ---- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2006/10/19 11:36:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/10/19 11:21:53 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/10/19 10:30:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/19 10:17:50 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/10/19 09:57:16 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/08/22 20:01:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/01 22:56:40 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/12/08 23:56:50 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2005/08/25 03:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/06 02:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/08 03:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ========== [2009/01/19 16:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/01/18 15:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2010/01/19 00:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Speedbit
[2009/02/19 20:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/08 23:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/01/18 19:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/01/19 16:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/11/08 17:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*********\Application Data\DAEMON Tools
[2010/01/29 02:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*********\Application Data\ICQ
[2006/08/25 04:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*********\Application Data\InterVideo
[2006/10/19 11:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*********\Application Data\toshiba
[2010/02/01 12:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*********\Application Data\uTorrent
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS >[2004/08/10 02:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/01/19 15:52:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 02:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/01/19 15:52:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 23:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 23:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >[2004/08/10 02:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/19 15:52:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 02:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/01/19 15:52:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 23:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 23:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/10 02:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >[2008/04/14 05:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 02:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: KR10N.SYS >[2005/01/11 22:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) MD5=00C1EA8DECF810B8ECCB5C5A8186A96E -- C:\WINDOWS\OemDir\KR10N.sys
[2005/01/11 22:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) MD5=00C1EA8DECF810B8ECCB5C5A8186A96E -- C:\WINDOWS\system32\drivers\KR10N.sys
< MD5 for: NETLOGON.DLL >[2008/04/14 05:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 02:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >[2004/08/10 02:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles >[2008/04/14 05:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation)
Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
< %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles >[2009/11/08 17:42:21 | 000,717,296 | ---- | M] ()
Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >[2006/10/19 03:12:23 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/10/19 03:12:23 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/10/19 03:12:23 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
========== Alternate Data Streams ========== @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
--------------------------------------------------------------------------------------------------------
OTL EXTRASOTL Extras logfile created on: 2/9/2010 9:24:07 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\***********\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
894.00 Mb Total Physical Memory | 518.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 28.12 Gb Free Space | 30.19% Space Free | Partition Type: NTFS
Drive D: | 330.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ***********
Current User Name: ***********
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- File not found
"C:\Program Files\Common Files\AOL\1161249244\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1161249244\EE\AOLServiceHost.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\ICQLite\ICQ.exe" = C:\Program Files\ICQLite\ICQ.exe:*:Enabled:ICQ Lite -- (ICQ, LLC.)
"C:\Program Files\Asus\AiGuru S2 Utility\AiGuruS2Utility.exe" = C:\Program Files\Asus\AiGuru S2 Utility\AiGuruS2Utility.exe:*:Enabled:AiGuru S2 Utility -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Valve\hl.exe" = C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Program Files\Counter-Strike 1.6\hl.exe" = C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- File not found
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- File not found
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger -- ()
"C:\WINDOWS\system32\drivers\svchost.exe" = C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI/PCIe card Driver
"{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 17
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{529DDE6B-4F31-438B-B218-F36266ABD8C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C13128C-1782-456F-84A4-017CECE259CA}" = ICQ Lite
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05EB3-1A5E-45EF-B2AB-E3ABD2B86130}" = Toshiba Hotkey Utility
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21B28BF-8A4D-4F1A-A61B-69DD5B4A9BBA}" = Toshiba Media Center Game Console
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA}" = Toshiba Touchpad Utility
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASIO4ALL" = ASIO4ALL
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"CCleaner" = CCleaner
"Counter-Strike 1.6" = Counter-Strike 1.6
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"InstallShield_{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"InstallShield_{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA}" = Toshiba Touchpad Utility
"IrfanView" = IrfanView (remove only)
"Live Support Chat for Web Site_is1" = Live Support Chat for Web Site 4.3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MySpaceIM" = MySpaceIM
"Power Saver" = TOSHIBA Power Saver
"RealPlayer 6.0" = RealPlayer
"Red Alert" = Red Alert Windows 95
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VLC media player 1.0.3
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ========== [ Antivirus Events ]
Error - 12/8/2009 1:32:06 AM | Computer Name = *********** | Source = avast! | ID = ***********
Description = AAVM - scanning error: OpenEventsAndMapping: OpenEvent failed!, 00000002.
Error - 12/8/2009 1:32:06 AM | Computer Name = *********** | Source = avast! | ID = ***********
Description = AAVM - scanning error: ClientRqDispatchThread: OpenEventsAndMapping
failed - client probably died, 00008D75.
Error - 12/9/2009 10:11:59 AM | Computer Name = *********** | Source = avast! | ID = ***********
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\803a199c9684b0bc2060630def40d202\BIT6F7.tmp
failed, 00000026.
Error - 1/6/2010 11:35:17 PM | Computer Name = *********** | Source = avast! | ID = ***********
Description = AAVM - scanning error: Aavm: CreateEventsAndMapping mutex timeout
- server DOWN???, (null).
Error - 1/6/2010 11:35:21 PM | Computer Name = *********** | Source = avast! | ID = ***********
Description = AAVM - scanning error: Aavm: CreateEventsAndMapping mutex timeout
- server DOWN???, (null).
Error - 2/5/2010 11:17:06 PM | Computer Name = *********** | Source = avast! | ID = ***********
Description = Internal error has occurred in module aswar scan function failed!,
function 00000002.
Error - 2/7/2010 11:34:19 AM | Computer Name = *********** | Source = avast! | ID = ***********
Description = Error in aswChestC: chestOpenList Error 1753.
Error - 2/7/2010 11:34:19 AM | Computer Name = *********** | Source = avast! | ID = ***********
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.
Error - 2/7/2010 11:34:31 AM | Computer Name = *********** | Source = avast! | ID = ***********
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().
Error - 2/7/2010 11:38:16 AM | Computer Name = *********** | Source = avast! | ID = ***********
Description = Internal error has occurred in module aswar scan function failed!,
function 00000002.
[ Application Events ]
Error - 9/6/2009 1:14:21 PM | Computer Name = *********** | Source = Application Error | ID = ***********
Description = Faulting application itunes.exe, version 8.0.2.20, faulting module
quicktime.qts, version 7.55.90.70, fault address 0x001945fa.
Error - 9/11/2009 7:47:42 AM | Computer Name = *********** | Source = Application Hang | ID = ***********
Description = Hanging application OUTLOOK.EXE, version 11.0.8217.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/12/2009 12:01:15 PM | Computer Name = *********** | Source = Application Error | ID = ***********
Description = Faulting application itunes.exe, version 8.0.2.20, faulting module
quicktime.qts, version 7.55.90.70, fault address 0x001945fa.
Error - 9/28/2009 10:58:46 PM | Computer Name = *********** | Source = Application Error | ID = ***********
Description = Faulting application itunes.exe, version 8.0.2.20, faulting module
quicktime.qts, version 7.55.90.70, fault address 0x001945fa.
Error - 10/1/2009 5:33:06 PM | Computer Name = *********** | Source = MsiInstaller | ID = ***********
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,
Error - 10/1/2009 5:33:06 PM | Computer Name = *********** | Source = MsiInstaller | ID = ***********
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,
Error - 10/12/2009 9:34:04 AM | Computer Name = *********** | Source = Application Error | ID = ***********
Description = Faulting application 006300730031003600660075006C006C005F0076003300200441043D043004470430043B04300020044D0442044300200441044204300432044C002E
006500780065,
version 9.0.0.333, faulting module 006300730031003600660075006C006C005F0076003300200441043D043004470430043B04300020044D0442044300200441044204300432044C002E
006500780065,
version 9.0.0.333, fault address 0x0000a8b4.
Error - 10/12/2009 9:34:04 AM | Computer Name = *********** | Source = Application Error | ID = ***********
Description = Faulting application 006300730031003600660075006C006C005F0076003300200441043D043004470430043B04300020044D0442044300200441044204300432044C002E
006500780065,
version 9.0.0.333, faulting module 006300730031003600660075006C006C005F0076003300200441043D043004470430043B04300020044D0442044300200441044204300432044C002E
006500780065,
version 9.0.0.333, fault address 0x0000a8b4.
Error - 10/12/2009 9:34:06 AM | Computer Name = *********** | Source = Application Error | ID = ***********
Description = Faulting application 006300730031003600660075006C006C005F0076003300200441043D043004470430043B04300020044D0442044300200441044204300432044C002E
006500780065,
version 9.0.0.333, faulting module 006300730031003600660075006C006C005F0076003300200441043D043004470430043B04300020044D0442044300200441044204300432044C002E
006500780065,
version 9.0.0.333, fault address 0x0000a8b4.
Error - 10/15/2009 8:55:37 PM | Computer Name = *********** | Source = Microsoft Office 11 | ID = ***********
Description = Rejected Safe Mode action : Microsoft Office Outlook.
[ System Events ]
Error - 2/8/2010 10:58:08 PM | Computer Name = *********** | Source = Service Control Manager | ID = ***********
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).
Error - 2/8/2010 10:58:23 PM | Computer Name = *********** | Source = Service Control Manager | ID = ***********
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 2/8/2010 11:58:26 PM | Computer Name = *********** | Source = Service Control Manager | ID = ***********
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).
Error - 2/8/2010 11:58:27 PM | Computer Name = *********** | Source = Service Control Manager | ID = ***********
Description = The Atheros Configuration Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 2/8/2010 11:58:27 PM | Computer Name = *********** | Source = Service Control Manager | ID = ***********
Description = The ConfigFree Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 2/8/2010 11:58:28 PM | Computer Name = *********** | Source = Service Control Manager | ID = ***********
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 2/8/2010 11:58:28 PM | Computer Name = *********** | Source = Service Control Manager | ID = ***********
Description = The TOSHIBA Optical Disc Drive Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 2/9/2010 12:03:26 AM | Computer Name = *********** | Source = Service Control Manager | ID = ***********
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).
Error - 2/9/2010 12:03:36 AM | Computer Name = *********** | Source = Service Control Manager | ID = ***********
Description = The DVD-RAM_Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 2/9/2010 12:03:42 AM | Computer Name = *********** | Source = Service Control Manager | ID = ***********
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).
< End of report >
--------------------------------------------------------------------------------------------------------
Also, here's another thing:
When I turned on the computer yesterday and turned on Task Manager, I saw vymosftav.exe for a split second, and then it dissappeared from the processes list.