Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Slow browsers and CPU usage often at 100% [Solved]

Started by smplynik , Feb 10 2010 05:12 AM

  • This topic is locked This topic is locked

#1
smplynik
Posted 10 February 2010 - 05:12 AM

smplynik

    Member

  • Member
  • PipPip
  • 15 posts
Hi,
For about 2 weeks now my computer has been performing poorly. The main problem is with the browsers they take a long time to get started and load pages and sometimes just will not load any pages. I usually use firefox and I tried opening IE and Chrome but they both had the same problems. I also noticed that CPU usage was at 100% or very close to it alot of the time sometimes without opening any browser. The computer is old but this seemed so sudden. If anyone can provide any insight it would be appreciated.

I've followed all of the instructions in the guide and I'll post the logs below.

Malwarebytes' Anti-Malware 1.44
Database version: 3712
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

2/9/2010 2:32:53 AM

Scan type: Quick Scan
Objects scanned: 177299
Time elapsed: 25 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
------------------------------------------------------------------------------------
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-10 05:09:29
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwtiypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xAEC19FC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xAEC16C80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xAEC31170]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xAEC1A580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xAEC2E900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xAEC2EB10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xAEC32B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xAEC1A670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xAEC17210]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xAEC319F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xAEC317A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xAEC2E280]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xAEC31F10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xAEC31F90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xAEC17070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xAEC30180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xAEC2FF40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xAEC326F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xAEC32150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xAEC19BE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xAEC32540]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xAEC1A190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xAEC17440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xAEC314E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xAEC2F200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xAEC2F080]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- EOF - GMER 1.0.15 ----
------------------------------------------------------------------------------------

OTL logfile created on: 2/10/2010 5:17:23 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\Desktop\Geeks2Go
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 14.41 Gb Free Space | 38.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 596.02 Gb Total Space | 210.92 Gb Free Space | 35.39% Space Free | Partition Type: FAT32
Drive G: | 74.50 Gb Total Space | 64.72 Gb Free Space | 86.86% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FIREBALL
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/09 00:19:26 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Geeks2Go\OTL.exe
PRC - [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/12/23 09:54:56 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/11 10:15:04 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/11 10:15:04 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/11 10:14:57 | 000,745,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgscanx.exe
PRC - [2009/12/11 01:01:13 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/12/11 01:01:10 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/12/11 01:01:06 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/12/11 01:01:02 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/02/15 23:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINNT\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/15 23:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/01/04 13:27:08 | 000,587,096 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2002/07/16 12:16:00 | 000,061,440 | R--- | M] (NVIDIA Corporation) -- C:\WINNT\system32\nvsvc32.exe
PRC - [2002/05/06 19:12:44 | 000,065,536 | ---- | M] (GTW) -- C:\WINNT\GWMDMMSG.exe
PRC - [2002/05/03 12:36:24 | 001,118,208 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\NMSSvc.Exe


========== Modules (SafeList) ==========

MOD - [2010/02/09 00:19:26 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Geeks2Go\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (PictureTaker)
SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/12/11 01:01:06 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/12/11 01:01:02 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/02/15 23:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINNT\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/01/04 13:27:08 | 000,587,096 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/08/24 06:59:20 | 000,068,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/08/24 03:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/05/13 20:25:38 | 000,193,760 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2002/07/16 12:16:00 | 000,061,440 | R--- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINNT\system32\nvsvc32.exe -- (NVSvc)
SRV - [2002/05/03 12:36:24 | 001,118,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINNT\system32\NMSSvc.Exe -- (NMSSvc) Intel®
SRV - [1998/06/06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\..\URLSearchHook: *{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/11 10:17:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/12/14 02:02:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/04 12:59:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/04 12:59:39 | 000,000,000 | ---D | M]

[2008/08/18 06:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/02/10 01:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8slveo54.default\extensions
[2009/11/07 11:21:02 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8slveo54.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/01/03 16:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8slveo54.default\extensions\[email protected]
[2010/01/22 03:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8slveo54.default\extensions\[email protected]
[2007/10/14 15:47:31 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8slveo54.default\searchplugins\siteadvisor.xml
[2010/02/10 01:01:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/02/04 23:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2009/10/17 20:08:17 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2006/07/14 22:33:49 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

O1 HOSTS File: ([2009/12/11 01:59:55 | 000,615,370 | ---- | M]) - C:\WINNT\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 a9rhiwa.cn #[Google.Warning]
O1 - Hosts: 127.0.0.1 www.a9rhiwa.cn
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 z.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtb19.acecounter.com
O1 - Hosts: 16278 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GWMDMMSG] C:\WINNT\GWMDMMSG.exe (GTW)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINNT\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Registration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: internet ([]about in Internet)
O15 - HKCU\..Trusted Domains: 51 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {00000075-0000-0010-8000-00AA00389B71} http://codecs.micros...86/voxmsdec.CAB (Reg Error: Key error.)
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.micros...386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} http://codecs.micros...386/i263_32.cab (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} http://zone.msn.com/...pcaploader1.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {64697663-0000-0010-8000-00AA00389B71} http://codecs.micros...386/cinepak.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7919.4460185185 (Reg Error: Key error.)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.c...utocomplete.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} http://us.dl1.yimg.c...ebio5_0_2_1.cab (Yahoo! Toolbar)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: ppctlcab http://www.pestscan....er/ppctlcab.cab (Reg Error: Key error.)
O16 - DPF: Toki Toki Boom http://download.game...nts/y/vtm_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Chess http://download.game...nts/y/ct0_x.cab (Reg Error: Key error.)
O16 - DPF: YExplorer1_8US.CAB http://photos.groups...plorer1_8us.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINNT\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/10 23:46:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/28 20:23:17 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | RH-D | M] - F:\AUTORUN -- [ FAT32 ]
O32 - AutoRun File - [2003/01/31 14:25:04 | 000,000,000 | RH-D | M] - G:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2008/12/28 20:23:22 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{1af9ee1a-abc5-11de-8202-0007e99f3bf0}\Shell\AutoRun\command - "" = H:\rg9g9bgq.exe -- File not found
O33 - MountPoints2\{1af9ee1a-abc5-11de-8202-0007e99f3bf0}\Shell\open\Command - "" = H:\rg9g9bgq.exe -- File not found
O33 - MountPoints2\{cbdd0269-0a24-11de-81c3-0007e99f3bf0}\Shell - "" = AutoRun
O33 - MountPoints2\{cbdd0269-0a24-11de-81c3-0007e99f3bf0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cbdd0269-0a24-11de-81c3-0007e99f3bf0}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINNT\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINNT\system32\ias [2007/08/24 18:37:50 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16610416650092544)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/09 23:03:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/02/09 01:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/08 23:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Geeks2Go
[2010/02/08 22:37:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/08 22:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/02/08 22:36:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/03 01:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
[2009/12/28 23:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/28 23:06:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/11 00:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/11 00:58:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/09/22 16:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/06/04 19:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2007/08/24 18:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\MathWorks
[2007/08/19 18:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2004/09/23 21:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2004/09/19 05:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2002/08/23 15:48:28 | 000,065,536 | ---- | C] ( ) -- C:\WINNT\System32\a3d.dll

========== Files - Modified Within 14 Days ==========

[2010/02/10 01:46:25 | 000,000,412 | ---- | M] () -- C:\WINNT\tasks\Symantec NetDetect.job
[2010/02/09 17:34:28 | 000,000,882 | ---- | M] () -- C:\WINNT\win.ini
[2010/02/09 17:34:28 | 000,000,277 | RHS- | M] () -- C:\boot.ini
[2010/02/09 17:34:28 | 000,000,227 | ---- | M] () -- C:\WINNT\system.ini
[2010/02/09 17:33:27 | 055,361,540 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\incavi.avm
[2010/02/09 17:29:55 | 000,350,191 | ---- | M] () -- C:\WINNT\System32\vsconfig.xml
[2010/02/09 17:29:30 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/02/09 17:29:04 | 000,012,620 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2010/02/09 17:28:47 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2010/02/09 17:28:46 | 1340,985,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/09 17:27:31 | 000,023,304 | ---- | M] () -- C:\WINNT\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-00581102}.rfx
[2010/02/09 17:27:31 | 000,023,304 | ---- | M] () -- C:\WINNT\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-00581102}.rfx
[2010/02/09 17:27:31 | 000,018,648 | ---- | M] () -- C:\WINNT\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-00581102}.rfx
[2010/02/09 17:27:30 | 000,018,648 | ---- | M] () -- C:\WINNT\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-00581102}.rfx
[2010/02/09 17:27:30 | 000,001,080 | ---- | M] () -- C:\WINNT\System32\settingsbkup.sfm
[2010/02/09 17:27:30 | 000,001,080 | ---- | M] () -- C:\WINNT\System32\settings.sfm
[2010/02/09 17:27:30 | 000,000,024 | ---- | M] () -- C:\WINNT\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-00581102}.dat
[2010/02/09 17:27:30 | 000,000,024 | ---- | M] () -- C:\WINNT\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-00581102}.dat
[2010/02/09 17:26:59 | 020,447,232 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/02/09 17:26:59 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/02/09 01:54:29 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2010/02/09 01:54:27 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/02/09 01:52:22 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\~$eks to Go Malware Preparation.docx
[2010/02/09 00:24:57 | 000,048,625 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Geeks to Go Malware Preparation.docx
[2010/02/08 22:36:54 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/08 22:36:03 | 007,520,288 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2010/02/06 19:47:07 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2010/01/31 20:48:14 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\_TEACHING_TECHNICHS_FOR_MATH_106_JAN.20,2010.doc
[2010/01/31 15:51:12 | 000,060,651 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GLBT Novels.docx

========== Files Created - No Company Name ==========

[2010/02/09 01:54:29 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2010/02/09 01:54:27 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/02/09 01:52:22 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\~$eks to Go Malware Preparation.docx
[2010/02/09 00:24:56 | 000,048,625 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Geeks to Go Malware Preparation.docx
[2010/02/08 22:36:53 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/08 22:35:55 | 007,520,288 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2010/01/31 20:48:14 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\_TEACHING_TECHNICHS_FOR_MATH_106_JAN.20,2010.doc
[2010/01/31 14:36:07 | 000,060,651 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\GLBT Novels.docx
[2010/01/23 12:30:18 | 000,000,035 | ---- | C] () -- C:\WINNT\System32\winitn.dll
[2010/01/23 12:30:05 | 000,051,712 | ---- | C] () -- C:\WINNT\System32\coodest.dll
[2009/12/29 11:58:15 | 000,290,816 | ---- | C] () -- C:\WINNT\System32\decdll.dll
[2009/09/07 16:25:05 | 000,000,074 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\evplay.prf
[2009/04/25 13:42:34 | 000,020,480 | ---- | C] () -- C:\WINNT\System32\maplecompat.dll
[2008/11/20 12:36:11 | 000,114,688 | ---- | C] () -- C:\WINNT\System32\Install7x.dll
[2008/09/07 20:56:04 | 000,001,069 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\evmanage.prf
[2008/09/07 20:54:07 | 000,003,668 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\evpro32.prf
[2008/08/12 18:31:30 | 000,000,126 | ---- | C] () -- C:\WINNT\mdm.ini
[2007/09/12 22:05:58 | 000,013,600 | ---- | C] () -- C:\WINNT\System32\sasperf.dll
[2007/05/06 15:53:55 | 000,000,035 | ---- | C] () -- C:\WINNT\A5W.INI
[2007/02/14 00:15:38 | 000,000,029 | ---- | C] () -- C:\WINNT\atid.ini
[2006/10/06 17:54:10 | 000,000,241 | ---- | C] () -- C:\WINNT\QSync.INI
[2006/10/06 17:52:06 | 000,005,187 | ---- | C] () -- C:\WINNT\System32\lvcoinst.ini
[2006/02/18 01:11:37 | 000,002,151 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/09/28 15:59:08 | 000,000,156 | ---- | C] () -- C:\WINNT\matlab.ini
[2005/09/24 22:28:28 | 000,000,002 | ---- | C] () -- C:\WINNT\msoffice.ini
[2005/01/04 00:06:29 | 000,000,000 | ---- | C] () -- C:\WINNT\iPlayer.INI
[2004/10/26 17:39:05 | 003,375,104 | ---- | C] () -- C:\WINNT\System32\qt-mt331.dll
[2004/10/23 14:47:53 | 000,126,976 | ---- | C] () -- C:\WINNT\System32\unzdll.dll
[2004/08/08 16:08:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dm.ini
[2004/08/03 19:56:46 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2004/06/12 13:18:41 | 000,000,152 | ---- | C] () -- C:\WINNT\sb_affiliate.ini
[2004/06/06 00:49:25 | 000,000,075 | ---- | C] () -- C:\WINNT\lbbho.ini
[2004/02/18 16:40:00 | 000,012,288 | ---- | C] () -- C:\WINNT\System32\e100bmsg.dll
[2003/10/26 23:11:10 | 000,000,011 | ---- | C] () -- C:\WINNT\OSA.INI
[2003/10/06 13:16:00 | 000,027,136 | ---- | C] () -- C:\WINNT\System32\nvcod.dll
[2003/09/23 12:17:28 | 000,000,044 | ---- | C] () -- C:\WINNT\liveup.ini
[2003/09/23 07:14:42 | 001,099,264 | ---- | C] () -- C:\WINNT\System32\cygxml2-2.dll
[2003/08/24 17:40:07 | 000,000,789 | ---- | C] () -- C:\WINNT\LEXSTAT.INI
[2003/08/10 09:59:20 | 000,980,992 | ---- | C] () -- C:\WINNT\System32\cygiconv-2.dll
[2003/08/08 19:28:16 | 000,061,440 | ---- | C] () -- C:\WINNT\System32\cygz.dll
[2003/05/06 15:54:53 | 001,679,360 | ---- | C] () -- C:\WINNT\System32\nag.dll
[2003/05/06 15:54:53 | 000,040,960 | ---- | C] () -- C:\WINNT\System32\maplec.dll
[2003/05/06 15:54:52 | 000,212,992 | ---- | C] () -- C:\WINNT\System32\WMIMPLEX.dll
[2003/05/03 10:50:00 | 000,565,248 | ---- | C] () -- C:\WINNT\System32\xvid.dll
[2003/04/16 16:40:12 | 000,389,120 | ---- | C] () -- C:\WINNT\System32\OpenQuicktimeLib.dll
[2003/04/16 16:39:44 | 000,081,920 | ---- | C] () -- C:\WINNT\System32\libfaad.dll
[2003/04/11 18:56:06 | 000,000,463 | ---- | C] () -- C:\WINNT\bobdown.ini
[2003/04/06 18:52:53 | 000,000,097 | ---- | C] () -- C:\WINNT\lotus.ini
[2003/03/25 20:56:11 | 000,057,344 | ---- | C] () -- C:\WINNT\System32\mupkernps11.dll
[2002/12/05 18:07:14 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
[2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\WINNT\System32\unrar.dll
[2002/10/06 13:42:58 | 000,237,568 | ---- | C] () -- C:\WINNT\System32\OggDS.dll
[2002/10/04 18:04:26 | 000,921,600 | ---- | C] () -- C:\WINNT\System32\vorbisenc.dll
[2002/10/04 18:04:26 | 000,188,416 | ---- | C] () -- C:\WINNT\System32\vorbis.dll
[2002/10/04 18:04:18 | 000,045,056 | ---- | C] () -- C:\WINNT\System32\ogg.dll
[2002/09/29 18:40:30 | 000,000,000 | ---- | C] () -- C:\WINNT\MSDraw.ini
[2002/09/01 14:27:48 | 000,018,019 | ---- | C] () -- C:\WINNT\cdPlayer.ini
[2002/09/01 13:13:06 | 000,001,065 | ---- | C] () -- C:\WINNT\Winamp.ini
[2002/09/01 13:12:50 | 000,000,041 | ---- | C] () -- C:\WINNT\winampa.ini
[2002/08/31 13:35:23 | 000,182,272 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/08/30 18:28:48 | 000,000,020 | ---- | C] () -- C:\WINNT\InfModM.ini
[2002/08/23 16:09:05 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2002/08/23 15:52:30 | 000,000,843 | ---- | C] () -- C:\WINNT\QUICKEN.INI
[2002/08/23 15:52:30 | 000,000,185 | ---- | C] () -- C:\WINNT\intuprof.ini
[2002/08/23 15:51:50 | 000,000,626 | ---- | C] () -- C:\WINNT\ODBC.INI
[2002/08/23 15:48:44 | 000,000,000 | ---- | C] () -- C:\WINNT\SBWIN.INI
[2002/08/23 15:48:43 | 000,000,231 | ---- | C] () -- C:\WINNT\AC3API.INI
[2002/08/23 15:48:30 | 000,053,024 | ---- | C] () -- C:\WINNT\System32\UPDDRV9X.DLL
[2002/08/23 15:48:30 | 000,037,727 | ---- | C] () -- C:\WINNT\System32\Emu10kx.ini
[2002/08/23 15:48:30 | 000,000,180 | ---- | C] () -- C:\WINNT\System32\kill.ini
[2002/08/23 15:48:30 | 000,000,092 | ---- | C] () -- C:\WINNT\System32\editinf.ini
[2002/08/23 15:48:30 | 000,000,029 | ---- | C] () -- C:\WINNT\System32\ctzapxx.ini
[2002/08/23 15:48:01 | 000,069,632 | ---- | C] () -- C:\WINNT\System32\PROInst.dll
[2002/08/23 15:48:01 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\NMSInst.dll
[2002/08/23 15:47:02 | 000,000,256 | ---- | C] () -- C:\WINNT\System32\UPDATE.INI
[2002/08/23 15:47:00 | 000,000,657 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2002/05/15 19:38:40 | 000,091,136 | ---- | C] () -- C:\WINNT\System32\mp4fil32.dll
[2002/05/04 09:19:00 | 000,049,152 | ---- | C] () -- C:\WINNT\System32\avisynthEx.dll
[2002/04/19 10:23:26 | 000,106,137 | ---- | C] () -- C:\WINNT\System32\libpostproc.dll
[2002/04/19 09:51:04 | 000,211,760 | ---- | C] () -- C:\WINNT\System32\libavcodec.dll
[2001/10/09 13:08:15 | 000,000,770 | ---- | C] () -- C:\WINNT\orun32.ini
[2001/09/17 12:20:02 | 000,009,216 | ---- | C] () -- C:\WINNT\System32\cpuinf32.dll
[2001/06/22 07:06:02 | 000,167,936 | ---- | C] () -- C:\WINNT\System32\MPEG2DEC.dll
[1999/01/27 12:39:06 | 000,065,024 | ---- | C] () -- C:\WINNT\System32\indounin.dll
[1999/01/22 06:46:56 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\MSRTEDIT.DLL
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\WINNT\System32\sysres.dll
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINNT\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 000,014,017 | ---- | C] () -- C:\WINNT\JAUTOEXP.INI
[1998/04/24 00:00:00 | 000,000,218 | ---- | C] () -- C:\WINNT\FRONTPG.INI
[1997/08/23 10:33:24 | 000,022,056 | ---- | C] () -- C:\WINNT\System32\tntlvr.dll
[1997/06/13 06:56:08 | 000,056,832 | ---- | C] () -- C:\WINNT\System32\Iyvu9_32.dll
[1997/05/13 20:23:00 | 000,001,313 | ---- | C] () -- C:\WINNT\acroread.ini

========== LOP Check ==========

[2009/12/15 16:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/12/11 01:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/02/17 16:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/06/22 22:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/09/12 22:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SAS
[2006/05/20 21:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/01/21 20:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/09/06 01:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/12/08 14:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
[2009/03/28 21:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/09/26 13:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/03 23:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/09/23 19:15:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CB6B90CC-78D8-477B-AB80-1CAC3517ED19}
[2007/02/14 00:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2004/10/05 22:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2008/01/22 16:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Design Science
[2007/03/15 02:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EuroTalk
[2009/09/15 09:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit Software
[2009/12/29 11:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FreeVideoConverter
[2002/08/23 15:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2002/08/30 16:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2004/11/08 02:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2009/04/25 14:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Maple
[2009/06/22 22:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2007/09/12 22:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SAS
[2010/02/08 22:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2007/09/06 01:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2009/01/28 19:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\webex
[2010/01/23 09:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Xilisoft Corporation

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\system32\dllcache\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2001/08/23 07:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[1999/10/02 10:24:46 | 000,017,408 | ---- | M] () MD5=1363337A5301619F00F8033835EF30E9 -- C:\MATLAB7\sys\perl\win32\site\lib\auto\Win32\EventLog\EventLog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINNT\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINNT\system32\dllcache\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINNT\system32\eventlog.dll
[2001/08/23 07:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=A510B91253544D56B5712D66BE8371E9 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2001/08/23 07:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=A510B91253544D56B5712D66BE8371E9 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINNT\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINNT\system32\dllcache\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINNT\system32\netlogon.dll
[2001/08/23 07:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2001/08/23 07:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINNT\system32\dllcache\scecli.dll
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINNT\system32\scecli.dll
[2001/08/23 07:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2001/08/23 07:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINNT\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/08/24 13:19:38 | 000,786,432 | ---- | M] () -- C:\WINNT\system32\config\default.sav
[2007/08/24 18:08:35 | 000,126,976 | ---- | M] () -- C:\WINNT\system32\config\security.sav
[2007/08/24 13:19:38 | 029,884,416 | ---- | M] () -- C:\WINNT\system32\config\software.sav
[2007/08/24 13:19:41 | 008,388,608 | ---- | M] () -- C:\WINNT\system32\config\system.sav
< End of report >
------------------------------------------------------------------------------------

OTL Extras logfile created on: 2/10/2010 5:17:24 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\Desktop\Geeks2Go
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 14.41 Gb Free Space | 38.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 596.02 Gb Total Space | 210.92 Gb Free Space | 35.39% Space Free | Partition Type: FAT32
Drive G: | 74.50 Gb Total Space | 64.72 Gb Free Space | 86.86% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FIREBALL
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM95\aim.exe" = C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Gateway\SRCD\GWDL.EXE" = C:\Program Files\Gateway\SRCD\GWDL.EXE:*:Enabled:GWDL -- ()
"C:\Program Files\Maple 7\BIN.WNT\mserver.exe" = C:\Program Files\Maple 7\BIN.WNT\mserver.exe:*:Enabled:mserver -- ()
"C:\Program Files\AIM95\aim.exe" = C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player -- (RealNetworks, Inc.)
"C:\Program Files\PC-Doctor for Windows\Pcdrw32.exe" = C:\Program Files\PC-Doctor for Windows\Pcdrw32.exe:*:Enabled:browser -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINNT\PCHEALTH\HELPCTR\Binaries\helpctr.exe" = C:\WINNT\PCHEALTH\HELPCTR\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Documents and Settings\Owner\Desktop\allfours.exe" = C:\Documents and Settings\Owner\Desktop\allfours.exe:*:Enabled:allfours -- ()
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\utorrent\utorrent.exe" = C:\Program Files\utorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\SAS\SAS 9.1\sas.exe" = C:\Program Files\SAS\SAS 9.1\sas.exe:*:Enabled:SAS 9.1 for Windows -- ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\WINNT\system32\ZoneLabs\vsmon.exe" = C:\WINNT\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service -- (Check Point Software Technologies LTD)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01001202-823E-46CD-A70E-BEE818F97169}" = Microsoft Encarta Encyclopedia Standard 2002
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}" = Microsoft Streets and Trips 2002
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39DA87A1-0B26-4562-A70C-2A6147366E47}" = PC-Doctor Services
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{61008C2E-92DB-440C-94C6-0FFBDA95F440}" = Introductory Algebra
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68624FB8-2512-46B5-9664-64366DCCB3EB}" = SAS 9.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AF90EF6-F7F9-466C-99F4-1774826FBB40}" = Symantec Network Driver Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75C023EC-64A0-44F7-9D99-C6F6E21EB6F0}" = Do More 5.0
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2C1E44-7685-4D05-8342-B0DC6422FA47}" = Ulead Disc-Direct SDK
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9115E7DB-3B29-445A-802D-11E0AA945B7F}" = Sound Blaster Audigy
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F07D1F5-D292-4C9A-89E3-49044CCF2D9F}" = HP Photo and Imaging 2.0 - Photosmart Cameras
"{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}" = PC-Doctor Consumer UI
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BAD59025-5B73-4E12-B789-0028C5A573C2}" = PC-Doctor Diagnostics
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{BE4AA694-815A-4045-BD49-C94F2BED7458}" = WinFast Entertainment Center(WDM Driver)
"{C1939820-A945-11D4-86F6-0001031E5712}" = DVD Player
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
"{C882DE6B-1482-42D6-A7C2-A9F946EDBAF6}" = WinFast PVR
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money 2002 System Pack
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = PhoneTools
"{E5D4D448-01C2-11D5-96D9-0001023B4117}" = Maple 7
"{E6696A8C-C55A-405C-AFEB-F3880A8BAA45}" = iPod Update 2004-04-28
"{E7298FD5-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money 2002
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Hawking Technologies HWUG1 Wireless-G USB Adapter
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1FBF021-B965-42D3-BF63-D7A121B5490D}" = HelpSpot
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"1656e28ae7cb12a3498502c5526295f6" = SAS Private JRE (J2SE™ Java Runtime Environment 1.4.2_09)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdobeESD" = Adobe Download Manager 1.2 (Remove Only)
"AIM_6.0" = AIM 6.0
"AOL Instant Messenger" = AOL Instant Messenger
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"Creative Driver" = Creative Driver
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DSMT6" = MathType 6
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"EuroTalk Talk Now Plus!" = EuroTalk Talk Now Plus!
"ExamView Pro" = ExamView Assessment Suite
"ffdshow" = ffdshow (remove only)
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Free Video Converter_is1" = Free Video Converter V 2.3
"GTW V.92 Voicemodem" = GTW V.92 Voicemodem
"hp instant support" = hp instant support
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{E6696A8C-C55A-405C-AFEB-F3880A8BAA45}" = iPod Update 2004-04-28
"Introductory Algebra (Fall 2009 Instructor Version)" = Introductory Algebra (Fall 2009 Instructor Version)
"KLiteCodecPack_is1" = K-Lite Codec Pack
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maple 12" = Maple 12
"MatlabR14" = MATLAB Family of Products Release 14
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft Developer Network - Visual Studio 6.0a" = MSDN Library - Visual Studio 6.0a
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Network Play System (Patching)" = Network Play System (Patching)
"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Display Driver" = NVIDIA Display Driver
"PROSet" = Intel® PRO Network Adapters and Drivers
"Quicken 2002 New User Edition" = Quicken 2002 New User Edition
"RealPlayer 12.0" = RealPlayer
"Shockwave" = Shockwave
"SK_PS2MillenniumKeyboard" = PS/2 Millennium Keyboard
"SmartSuite V97.0" = Lotus SmartSuite 97
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SpywareGuard_is1" = SpywareGuard v2.2
"ST6UNST #1" = Gre Bible
"Switch" = Switch Sound File Converter
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual C++ 6.0 Professional Edition" = Microsoft Visual C++ 6.0 Professional Edition
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"VLC media player" = VLC media player 1.0.3
"Windows Media Encoder 7" = Windows Media Encoder 7.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"XviD" = XviD MPEG-4 Codec
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/15/2008 11:02:15 AM | Computer Name = FIREBALL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 12/15/2008 11:02:42 AM | Computer Name = FIREBALL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: 403 (HTTP Response Status)

Error - 12/15/2008 11:02:43 AM | Computer Name = FIREBALL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 12/15/2008 11:02:44 AM | Computer Name = FIREBALL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 12/15/2008 11:02:46 AM | Computer Name = FIREBALL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 12/15/2008 11:20:04 AM | Computer Name = FIREBALL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: 403 (HTTP Response Status)

Error - 12/15/2008 11:20:04 AM | Computer Name = FIREBALL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: 403 (HTTP Response Status)

Error - 12/15/2008 11:20:05 AM | Computer Name = FIREBALL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 12/15/2008 11:20:05 AM | Computer Name = FIREBALL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 12/19/2008 9:47:32 AM | Computer Name = FIREBALL | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3224, faulting module
ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

[ OSession Events ]
Error - 9/7/2008 11:04:41 PM | Computer Name = FIREBALL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 374
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/7/2010 7:47:39 PM | Computer Name = FIREBALL | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000043'
while processing the file 'desktop.ini' on the volume 'HarddiskVolume3'. It has
stopped monitoring the volume.

Error - 2/9/2010 2:40:50 AM | Computer Name = FIREBALL | Source = Service Control Manager | ID = 7034
Description = The Ad-Aware 2007 Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/9/2010 2:40:51 AM | Computer Name = FIREBALL | Source = Service Control Manager | ID = 7031
Description = The AVG Free WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 2/9/2010 2:40:52 AM | Computer Name = FIREBALL | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/9/2010 2:40:52 AM | Computer Name = FIREBALL | Source = Service Control Manager | ID = 7034
Description = The Intel® NMS service terminated unexpectedly. It has done this
1 time(s).

Error - 2/9/2010 2:40:52 AM | Computer Name = FIREBALL | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Driver Helper Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/9/2010 2:40:53 AM | Computer Name = FIREBALL | Source = Service Control Manager | ID = 7034
Description = The AVG Free E-mail Scanner service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/9/2010 2:40:56 AM | Computer Name = FIREBALL | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 2/9/2010 2:40:57 AM | Computer Name = FIREBALL | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/9/2010 1:32:33 PM | Computer Name = FIREBALL | Source = System Error | ID = 1003
Description = Error code 00000024, parameter1 001902fe, parameter2 ac9f1774, parameter3
ac9f1470, parameter4 f7b62bf4.


< End of report >

Edited by smplynik, 10 February 2010 - 05:17 AM.

  • 0

Advertisements

#2
mpascal
Posted 05 March 2010 - 01:45 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi smplynik,

Welcome to Geeks To Go!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.
As it has been a few days, I'm going to need some fresh logs. Please run the following:

STEP 1 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 2 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.

STEP 3 - OTL

  • Open OTL. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Change the Standard Registry and Extra Registry options to Use Safelist.
  • Check the boxes beside LOP Check and Purity Check.
  • In the Custom Scans box, copy and paste the following:
    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • OTL Log
  • GMER Log

  • 0

#3
smplynik
Posted 08 March 2010 - 12:14 PM

smplynik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi mpascal,

I'm sorry but I didn't get a notice about your response. I'll run the fresh logs tonight and post them to you as soon I get home from work and get them done.

Thanks

Nik
  • 0

#4
mpascal
Posted 08 March 2010 - 02:00 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Not a problem, you get unsubscribed from topics after 14 days so that's probably why. :)
  • 0

#5
smplynik
Posted 09 March 2010 - 05:03 AM

smplynik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi mpascal,

Here are the logs. Also a few days after my original post I removed avg toolbar and link scanner and that helped alot but from time to time the problem still comes up so I'm not sure if there is still some other problem.

Thanks

Nik

Malwarebytes' Anti-Malware 1.44
Database version: 3838
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

3/8/2010 7:40:33 PM
mbam-log-2010-03-08 (19-40-33).txt

Scan type: Quick Scan
Objects scanned: 182910
Time elapsed: 34 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
------------------------------------------------------------------------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-09 05:25:39
Windows 5.1.2600 Service Pack 2
Running: mwbb3ldw.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwtiypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xAEF43FC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xAEF40C80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xAEF5B170]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xAEF44580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xAEF58900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xAEF58B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xAEF5CB10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xAEF44670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xAEF41210]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xAEF5B9F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xAEF5B7A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xAEF58280]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xAEF5BF10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xAEF5BF90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xAEF41070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xAEF5A180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xAEF59F40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xAEF5C6F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xAEF5C150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xAEF43BE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xAEF5C540]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xAEF44190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xAEF41440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xAEF5B4E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xAEF59200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xAEF59080]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [80, 45, F4, AE, 00, 89, F5, ...] {ADD BYTE [EBP-0xc], 0xae; ADD [ECX-0x74ef510b], CL; CMC ; SCASB }
.text ntoskrnl.exe!_abnormal_termination + 1D5 804E2831 7 Bytes [BF, F5, AE, 90, BF, F5, AE] {MOV EDI, 0xbf90aef5; CMC ; SCASB }
? srescan.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1916] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [AEF48B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [AEF48930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [AEF49260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [AEF46E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [AEF48B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [AEF49260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [AEF48930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [AEF46E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AEF49260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AEF48930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AEF48B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AEF46E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AEF48B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AEF48930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AEF49260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [AEF61B30] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [AEF49260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [AEF48930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [AEF46E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [AEF48B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [AEF41980] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [AEF418D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [AEF41A80] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [AEF415E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- EOF - GMER 1.0.15 ----
------------------------------------------------------------------------------------

OTL logfile created on: 3/9/2010 5:31:11 AM - Run 2
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\Owner\Desktop\Geeks2Go
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 9.29 Gb Free Space | 24.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 596.02 Gb Total Space | 186.35 Gb Free Space | 31.27% Space Free | Partition Type: FAT32
Drive G: | 74.50 Gb Total Space | 64.71 Gb Free Space | 86.86% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FIREBALL
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\Geeks2Go\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
PRC - C:\WINNT\explorer.exe (Microsoft Corporation)
PRC - C:\WINNT\GWMDMMSG.exe (GTW)
PRC - C:\WINNT\system32\NMSSvc.Exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\Geeks2Go\OTL.exe (OldTimer Tools)
MOD - C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (PictureTaker) -- File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (vsmon) -- C:\WINNT\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (NMSSvc) Intel® -- C:\WINNT\system32\NMSSvc.Exe (Intel Corporation)
SRV - (Visual Studio Analyzer RPC bridge) -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (AvgMfx86) -- C:\WINNT\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINNT\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (vsdatant) -- C:\WINNT\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (srescan) -- C:\WINNT\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
DRV - (Cdralw2k) -- C:\WINNT\system32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINNT\system32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (Ad-Watch Connect Filter) -- C:\WINNT\system32\drivers\NSDriver.sys (Lavasoft AB)
DRV - (RT73) -- C:\WINNT\system32\drivers\Rt73.sys (Ralink Technology, Corp.)
DRV - (AFS2K) -- C:\WINNT\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ultra) -- C:\WINNT\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINNT\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (UdfReadr_xp) -- C:\WINNT\system32\drivers\udfreadr_xp.sys (Roxio)
DRV - (pwd_2k) -- C:\WINNT\system32\drivers\pwd_2K.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINNT\system32\drivers\cdudf_xp.sys (Roxio)
DRV - (mmc_2K) -- C:\WINNT\system32\drivers\Mmc_2k.sys (Roxio)
DRV - (dvd_2K) -- C:\WINNT\system32\drivers\Dvd_2k.sys (Roxio)
DRV - (SYMTDI) -- C:\WINNT\system32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINNT\system32\drivers\symredrv.sys (Symantec Corporation)
DRV - (BT848) -- C:\WINNT\system32\drivers\wf2kvcap.sys (Leadtek Research Inc.)
DRV - (tv2ktunr) -- C:\WINNT\system32\drivers\wf2ktunr.sys (Leadtek Research Inc.)
DRV - (Tv2kXbar) -- C:\WINNT\system32\drivers\wf2kXbar.sys (Leadtek Research Inc.)
DRV - (WFIOCTL) -- C:\Program Files\WinFast\WFTVFM\WFIOCTL.sys (Leadtek Research Inc.)
DRV - (CBTNDIS5) -- C:\WINNT\system32\CBTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (ha10kx2k) -- C:\WINNT\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINNT\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINNT\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINNT\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINNT\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINNT\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINNT\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (nv) -- C:\WINNT\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (PcdrNt) -- C:\WINNT\System32\drivers\PcdrNt.sys (PC-Doctor Inc.)
DRV - (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0) -- C:\WINNT\system32\drivers\CamDrL21.sys (Philips Semiconductors)
DRV - (GTWModem) -- C:\WINNT\system32\drivers\GWMDM.sys (GTW)
DRV - (NMSCFG) -- C:\WINNT\system32\drivers\NMSCFG.SYS (Intel Corporation)
DRV - (MODEMCSA) -- C:\WINNT\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (BCMModem) -- C:\WINNT\system32\drivers\BCMDM.sys (BCM)
DRV - (nv4) -- C:\WINNT\system32\drivers\nv4.sys (NVIDIA Corporation)
DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINNT\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (EL90XBC) -- C:\WINNT\system32\drivers\el90xbc5.sys (3Com Corporation)
DRV - (Sk9920nt) -- C:\WINNT\system32\drivers\Sk9920nt.sys (Silitek Corp.)
DRV - (Sk99202k) -- C:\WINNT\system32\drivers\sk99202k.sys (Silitek Corp.)
DRV - (Aspi32) -- C:\WINNT\system32\drivers\aspi32.sys (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/04 12:59:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/04 12:59:39 | 000,000,000 | ---D | M]

[2008/08/18 06:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/03/08 23:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8slveo54.default\extensions
[2009/11/07 11:21:02 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8slveo54.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/01/03 16:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8slveo54.default\extensions\[email protected]
[2010/01/22 03:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8slveo54.default\extensions\[email protected]
[2007/10/14 15:47:31 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8slveo54.default\searchplugins\siteadvisor.xml
[2010/03/08 23:29:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/02/04 23:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2009/10/17 20:08:17 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2006/07/14 22:33:49 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

O1 HOSTS File: ([2009/12/11 01:59:55 | 000,615,370 | ---- | M]) - C:\WINNT\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 a9rhiwa.cn #[Google.Warning]
O1 - Hosts: 127.0.0.1 www.a9rhiwa.cn
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 z.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtb19.acecounter.com
O1 - Hosts: 16278 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GWMDMMSG] C:\WINNT\GWMDMMSG.exe (GTW)
O4 - HKLM..\Run: [MSConfig] C:\WINNT\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Registration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - Reg Error: Key error. File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: internet ([]about in Internet)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {00000075-0000-0010-8000-00AA00389B71} http://codecs.micros...86/voxmsdec.CAB (Reg Error: Key error.)
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.micros...386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} http://codecs.micros...386/i263_32.cab (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} http://zone.msn.com/...pcaploader1.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {64697663-0000-0010-8000-00AA00389B71} http://codecs.micros...386/cinepak.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7919.4460185185 (Reg Error: Key error.)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.c...utocomplete.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} http://us.dl1.yimg.c...ebio5_0_2_1.cab (Yahoo! Toolbar)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: ppctlcab http://www.pestscan....er/ppctlcab.cab (Reg Error: Key error.)
O16 - DPF: Toki Toki Boom http://download.game...nts/y/vtm_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Chess http://download.game...nts/y/ct0_x.cab (Reg Error: Key error.)
O16 - DPF: YExplorer1_8US.CAB http://photos.groups...plorer1_8us.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINNT\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/10 23:46:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/28 20:23:17 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | RH-D | M] - F:\AUTORUN -- [ FAT32 ]
O32 - AutoRun File - [2003/01/31 14:25:04 | 000,000,000 | RH-D | M] - G:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2008/12/28 20:23:22 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{1af9ee1a-abc5-11de-8202-0007e99f3bf0}\Shell\AutoRun\command - "" = H:\rg9g9bgq.exe -- File not found
O33 - MountPoints2\{1af9ee1a-abc5-11de-8202-0007e99f3bf0}\Shell\open\Command - "" = H:\rg9g9bgq.exe -- File not found
O33 - MountPoints2\{1edf4a68-b4f2-11d8-98eb-00038a000015}\Shell\AutoRun\command - "" = filesystem/pagefile.exe
O33 - MountPoints2\{1edf4a68-b4f2-11d8-98eb-00038a000015}\Shell\eXpLorE\cOMMand - "" = filesystem/pagefile.exe
O33 - MountPoints2\{1edf4a68-b4f2-11d8-98eb-00038a000015}\Shell\oPen\CoMMAnd - "" = filesystem/pagefile.exe
O33 - MountPoints2\{cbdd0269-0a24-11de-81c3-0007e99f3bf0}\Shell - "" = AutoRun
O33 - MountPoints2\{cbdd0269-0a24-11de-81c3-0007e99f3bf0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cbdd0269-0a24-11de-81c3-0007e99f3bf0}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINNT\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINNT\system32\ias [2007/08/24 18:37:50 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16610416650092544)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/07 18:00:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/02/19 09:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG9
[2010/02/17 19:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc
[2010/02/11 03:14:12 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/02/11 03:13:58 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINNT\System32\avgrsstx.dll
[2010/02/11 03:13:48 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINNT\System32\drivers\avgldx86.sys
[2010/02/11 03:13:46 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINNT\System32\drivers\avgmfx86.sys
[2010/02/11 03:13:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\Avg
[2010/02/11 03:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/11 03:11:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/11 03:11:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/11 03:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/11 03:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/09 01:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/08 23:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Geeks2Go
[2010/02/08 22:37:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/08 22:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/02/08 22:36:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/09/22 16:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/06/04 19:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2007/08/24 18:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\MathWorks
[2007/08/19 18:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2004/09/23 21:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2004/09/19 05:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2002/08/23 15:48:28 | 000,065,536 | ---- | C] ( ) -- C:\WINNT\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010/03/09 05:35:00 | 000,000,412 | ---- | M] () -- C:\WINNT\tasks\Symantec NetDetect.job
[2010/03/07 23:09:32 | 000,000,882 | ---- | M] () -- C:\WINNT\win.ini
[2010/03/07 23:09:32 | 000,000,277 | RHS- | M] () -- C:\boot.ini
[2010/03/07 23:09:32 | 000,000,227 | ---- | M] () -- C:\WINNT\system.ini
[2010/03/07 23:04:44 | 000,012,620 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2010/03/07 23:04:05 | 000,350,191 | ---- | M] () -- C:\WINNT\System32\vsconfig.xml
[2010/03/07 23:03:40 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/03/07 23:03:01 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2010/03/07 23:03:00 | 1340,985,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/07 19:54:15 | 056,858,676 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\incavi.avm
[2010/03/07 01:57:32 | 020,447,232 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/03/07 01:57:30 | 000,023,304 | ---- | M] () -- C:\WINNT\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-00581102}.rfx
[2010/03/07 01:57:30 | 000,023,304 | ---- | M] () -- C:\WINNT\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-00581102}.rfx
[2010/03/07 01:57:30 | 000,018,648 | ---- | M] () -- C:\WINNT\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-00581102}.rfx
[2010/03/07 01:57:30 | 000,018,648 | ---- | M] () -- C:\WINNT\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-00581102}.rfx
[2010/03/07 01:57:30 | 000,001,080 | ---- | M] () -- C:\WINNT\System32\settingsbkup.sfm
[2010/03/07 01:57:30 | 000,001,080 | ---- | M] () -- C:\WINNT\System32\settings.sfm
[2010/03/07 01:57:30 | 000,000,024 | ---- | M] () -- C:\WINNT\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-00581102}.dat
[2010/03/07 01:57:30 | 000,000,024 | ---- | M] () -- C:\WINNT\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-00581102}.dat
[2010/03/07 01:57:19 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/03/06 19:47:02 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2010/03/05 09:40:06 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINNT\System32\drivers\avgmfx86.sys
[2010/03/05 09:40:06 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINNT\System32\avgrsstx.dll
[2010/03/05 09:38:47 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINNT\System32\drivers\avgldx86.sys
[2010/02/17 19:55:10 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/02/17 19:52:54 | 018,499,623 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\vlc-1.0.5-win32.exe
[2010/02/11 03:13:59 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/11 03:13:46 | 000,113,461 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\iavichjw.avm
[2010/02/11 03:13:34 | 006,061,540 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\avi7.avg
[2010/02/11 03:13:34 | 000,492,629 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\miniavi.avg
[2010/02/11 03:13:34 | 000,142,495 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\microavi.avg
[2010/02/09 01:54:29 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2010/02/09 01:54:27 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/02/09 01:52:22 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\~$eks to Go Malware Preparation.docx
[2010/02/09 00:24:57 | 000,048,625 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Geeks to Go Malware Preparation.docx
[2010/02/08 22:36:54 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

========== Files Created - No Company Name ==========

[2010/02/17 19:55:10 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/02/17 19:49:09 | 018,499,623 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\vlc-1.0.5-win32.exe
[2010/02/11 03:13:59 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/11 03:13:46 | 000,113,461 | ---- | C] () -- C:\WINNT\System32\drivers\Avg\iavichjw.avm
[2010/02/11 03:13:34 | 056,858,676 | ---- | C] () -- C:\WINNT\System32\drivers\Avg\incavi.avm
[2010/02/11 03:13:34 | 006,061,540 | ---- | C] () -- C:\WINNT\System32\drivers\Avg\avi7.avg
[2010/02/11 03:13:34 | 000,492,629 | ---- | C] () -- C:\WINNT\System32\drivers\Avg\miniavi.avg
[2010/02/11 03:13:34 | 000,142,495 | ---- | C] () -- C:\WINNT\System32\drivers\Avg\microavi.avg
[2010/02/09 01:54:29 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2010/02/09 01:54:27 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/02/09 01:52:22 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\~$eks to Go Malware Preparation.docx
[2010/02/09 00:24:56 | 000,048,625 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Geeks to Go Malware Preparation.docx
[2010/02/08 22:36:53 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/23 12:30:18 | 000,000,035 | ---- | C] () -- C:\WINNT\System32\winitn.dll
[2010/01/23 12:30:05 | 000,051,712 | ---- | C] () -- C:\WINNT\System32\coodest.dll
[2009/12/29 11:58:15 | 000,290,816 | ---- | C] () -- C:\WINNT\System32\decdll.dll
[2009/09/07 16:25:05 | 000,000,074 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\evplay.prf
[2009/04/25 13:42:34 | 000,020,480 | ---- | C] () -- C:\WINNT\System32\maplecompat.dll
[2008/11/20 12:36:11 | 000,114,688 | ---- | C] () -- C:\WINNT\System32\Install7x.dll
[2008/09/07 20:56:04 | 000,001,069 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\evmanage.prf
[2008/09/07 20:54:07 | 000,003,668 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\evpro32.prf
[2008/08/12 18:31:30 | 000,000,126 | ---- | C] () -- C:\WINNT\mdm.ini
[2007/09/12 22:05:58 | 000,013,600 | ---- | C] () -- C:\WINNT\System32\sasperf.dll
[2007/05/06 15:53:55 | 000,000,035 | ---- | C] () -- C:\WINNT\A5W.INI
[2007/02/14 00:15:38 | 000,000,029 | ---- | C] () -- C:\WINNT\atid.ini
[2006/10/06 17:54:10 | 000,000,241 | ---- | C] () -- C:\WINNT\QSync.INI
[2006/10/06 17:52:06 | 000,005,187 | ---- | C] () -- C:\WINNT\System32\lvcoinst.ini
[2006/02/18 01:11:37 | 000,002,151 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/09/28 15:59:08 | 000,000,156 | ---- | C] () -- C:\WINNT\matlab.ini
[2005/09/24 22:28:28 | 000,000,002 | ---- | C] () -- C:\WINNT\msoffice.ini
[2005/01/04 00:06:29 | 000,000,000 | ---- | C] () -- C:\WINNT\iPlayer.INI
[2004/10/26 17:39:05 | 003,375,104 | ---- | C] () -- C:\WINNT\System32\qt-mt331.dll
[2004/10/23 14:47:53 | 000,126,976 | ---- | C] () -- C:\WINNT\System32\unzdll.dll
[2004/08/08 16:08:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dm.ini
[2004/08/03 19:56:46 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2004/06/12 13:18:41 | 000,000,152 | ---- | C] () -- C:\WINNT\sb_affiliate.ini
[2004/06/06 00:49:25 | 000,000,075 | ---- | C] () -- C:\WINNT\lbbho.ini
[2004/02/18 16:40:00 | 000,012,288 | ---- | C] () -- C:\WINNT\System32\e100bmsg.dll
[2003/10/26 23:11:10 | 000,000,011 | ---- | C] () -- C:\WINNT\OSA.INI
[2003/10/06 13:16:00 | 000,027,136 | ---- | C] () -- C:\WINNT\System32\nvcod.dll
[2003/09/23 12:17:28 | 000,000,044 | ---- | C] () -- C:\WINNT\liveup.ini
[2003/09/23 07:14:42 | 001,099,264 | ---- | C] () -- C:\WINNT\System32\cygxml2-2.dll
[2003/08/24 17:40:07 | 000,000,789 | ---- | C] () -- C:\WINNT\LEXSTAT.INI
[2003/08/10 09:59:20 | 000,980,992 | ---- | C] () -- C:\WINNT\System32\cygiconv-2.dll
[2003/08/08 19:28:16 | 000,061,440 | ---- | C] () -- C:\WINNT\System32\cygz.dll
[2003/05/06 15:54:53 | 001,679,360 | ---- | C] () -- C:\WINNT\System32\nag.dll
[2003/05/06 15:54:53 | 000,040,960 | ---- | C] () -- C:\WINNT\System32\maplec.dll
[2003/05/06 15:54:52 | 000,212,992 | ---- | C] () -- C:\WINNT\System32\WMIMPLEX.dll
[2003/05/03 10:50:00 | 000,565,248 | ---- | C] () -- C:\WINNT\System32\xvid.dll
[2003/04/16 16:40:12 | 000,389,120 | ---- | C] () -- C:\WINNT\System32\OpenQuicktimeLib.dll
[2003/04/16 16:39:44 | 000,081,920 | ---- | C] () -- C:\WINNT\System32\libfaad.dll
[2003/04/11 18:56:06 | 000,000,463 | ---- | C] () -- C:\WINNT\bobdown.ini
[2003/04/06 18:52:53 | 000,000,097 | ---- | C] () -- C:\WINNT\lotus.ini
[2003/03/25 20:56:11 | 000,057,344 | ---- | C] () -- C:\WINNT\System32\mupkernps11.dll
[2002/12/05 18:07:14 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
[2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\WINNT\System32\unrar.dll
[2002/10/06 13:42:58 | 000,237,568 | ---- | C] () -- C:\WINNT\System32\OggDS.dll
[2002/10/04 18:04:26 | 000,921,600 | ---- | C] () -- C:\WINNT\System32\vorbisenc.dll
[2002/10/04 18:04:26 | 000,188,416 | ---- | C] () -- C:\WINNT\System32\vorbis.dll
[2002/10/04 18:04:18 | 000,045,056 | ---- | C] () -- C:\WINNT\System32\ogg.dll
[2002/09/29 18:40:30 | 000,000,000 | ---- | C] () -- C:\WINNT\MSDraw.ini
[2002/09/01 14:27:48 | 000,018,019 | ---- | C] () -- C:\WINNT\cdPlayer.ini
[2002/09/01 13:13:06 | 000,001,065 | ---- | C] () -- C:\WINNT\Winamp.ini
[2002/09/01 13:12:50 | 000,000,041 | ---- | C] () -- C:\WINNT\winampa.ini
[2002/08/31 13:35:23 | 000,182,272 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/08/30 18:28:48 | 000,000,020 | ---- | C] () -- C:\WINNT\InfModM.ini
[2002/08/23 16:09:05 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2002/08/23 15:52:30 | 000,000,843 | ---- | C] () -- C:\WINNT\QUICKEN.INI
[2002/08/23 15:52:30 | 000,000,185 | ---- | C] () -- C:\WINNT\intuprof.ini
[2002/08/23 15:51:50 | 000,000,626 | ---- | C] () -- C:\WINNT\ODBC.INI
[2002/08/23 15:48:44 | 000,000,000 | ---- | C] () -- C:\WINNT\SBWIN.INI
[2002/08/23 15:48:43 | 000,000,231 | ---- | C] () -- C:\WINNT\AC3API.INI
[2002/08/23 15:48:30 | 000,053,024 | ---- | C] () -- C:\WINNT\System32\UPDDRV9X.DLL
[2002/08/23 15:48:30 | 000,037,727 | ---- | C] () -- C:\WINNT\System32\Emu10kx.ini
[2002/08/23 15:48:30 | 000,000,180 | ---- | C] () -- C:\WINNT\System32\kill.ini
[2002/08/23 15:48:30 | 000,000,092 | ---- | C] () -- C:\WINNT\System32\editinf.ini
[2002/08/23 15:48:30 | 000,000,029 | ---- | C] () -- C:\WINNT\System32\ctzapxx.ini
[2002/08/23 15:48:01 | 000,069,632 | ---- | C] () -- C:\WINNT\System32\PROInst.dll
[2002/08/23 15:48:01 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\NMSInst.dll
[2002/08/23 15:47:02 | 000,000,256 | ---- | C] () -- C:\WINNT\System32\UPDATE.INI
[2002/08/23 15:47:00 | 000,000,657 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2002/05/15 19:38:40 | 000,091,136 | ---- | C] () -- C:\WINNT\System32\mp4fil32.dll
[2002/05/04 09:19:00 | 000,049,152 | ---- | C] () -- C:\WINNT\System32\avisynthEx.dll
[2002/04/19 10:23:26 | 000,106,137 | ---- | C] () -- C:\WINNT\System32\libpostproc.dll
[2002/04/19 09:51:04 | 000,211,760 | ---- | C] () -- C:\WINNT\System32\libavcodec.dll
[2001/10/09 13:08:15 | 000,000,770 | ---- | C] () -- C:\WINNT\orun32.ini
[2001/09/17 12:20:02 | 000,009,216 | ---- | C] () -- C:\WINNT\System32\cpuinf32.dll
[2001/06/22 07:06:02 | 000,167,936 | ---- | C] () -- C:\WINNT\System32\MPEG2DEC.dll
[1999/01/27 12:39:06 | 000,065,024 | ---- | C] () -- C:\WINNT\System32\indounin.dll
[1999/01/22 06:46:56 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\MSRTEDIT.DLL
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\WINNT\System32\sysres.dll
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINNT\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 000,014,017 | ---- | C] () -- C:\WINNT\JAUTOEXP.INI
[1998/04/24 00:00:00 | 000,000,218 | ---- | C] () -- C:\WINNT\FRONTPG.INI
[1997/08/23 10:33:24 | 000,022,056 | ---- | C] () -- C:\WINNT\System32\tntlvr.dll
[1997/06/13 06:56:08 | 000,056,832 | ---- | C] () -- C:\WINNT\System32\Iyvu9_32.dll
[1997/05/13 20:23:00 | 000,001,313 | ---- | C] () -- C:\WINNT\acroread.ini

========== LOP Check ==========

[2010/02/11 03:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/02/17 16:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/06/22 22:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/09/12 22:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SAS
[2006/05/20 21:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/01/21 20:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/09/06 01:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/12/08 14:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
[2009/03/28 21:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/09/26 13:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/03 23:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/09/23 19:15:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CB6B90CC-78D8-477B-AB80-1CAC3517ED19}
[2007/02/14 00:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2004/10/05 22:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2010/02/19 09:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG9
[2008/01/22 16:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Design Science
[2007/03/15 02:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EuroTalk
[2009/09/15 09:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit Software
[2009/12/29 11:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FreeVideoConverter
[2002/08/23 15:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2002/08/30 16:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2004/11/08 02:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2009/04/25 14:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Maple
[2009/06/22 22:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2007/09/12 22:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SAS
[2010/03/08 19:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2007/09/06 01:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2009/01/28 19:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\webex
[2010/01/23 09:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Xilisoft Corporation

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\system32\dllcache\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2001/08/23 07:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[1999/10/02 10:24:46 | 000,017,408 | ---- | M] () MD5=1363337A5301619F00F8033835EF30E9 -- C:\MATLAB7\sys\perl\win32\site\lib\auto\Win32\EventLog\EventLog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINNT\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINNT\system32\dllcache\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINNT\system32\eventlog.dll
[2001/08/23 07:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=A510B91253544D56B5712D66BE8371E9 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2001/08/23 07:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=A510B91253544D56B5712D66BE8371E9 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINNT\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINNT\system32\dllcache\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINNT\system32\netlogon.dll
[2001/08/23 07:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2001/08/23 07:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINNT\system32\dllcache\scecli.dll
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINNT\system32\scecli.dll
[2001/08/23 07:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2001/08/23 07:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINNT\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/08/24 13:19:38 | 000,786,432 | ---- | M] () -- C:\WINNT\system32\config\default.sav
[2007/08/24 18:08:35 | 000,126,976 | ---- | M] () -- C:\WINNT\system32\config\security.sav
[2007/08/24 13:19:38 | 029,884,416 | ---- | M] () -- C:\WINNT\system32\config\software.sav
[2007/08/24 13:19:41 | 008,388,608 | ---- | M] () -- C:\WINNT\system32\config\system.sav
< End of report >
------------------------------------------------------------------------------------

OTL Extras logfile created on: 3/9/2010 5:31:11 AM - Run 2
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\Owner\Desktop\Geeks2Go
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 9.29 Gb Free Space | 24.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 596.02 Gb Total Space | 186.35 Gb Free Space | 31.27% Space Free | Partition Type: FAT32
Drive G: | 74.50 Gb Total Space | 64.71 Gb Free Space | 86.86% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FIREBALL
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM95\aim.exe" = C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Gateway\SRCD\GWDL.EXE" = C:\Program Files\Gateway\SRCD\GWDL.EXE:*:Enabled:GWDL -- ()
"C:\Program Files\Maple 7\BIN.WNT\mserver.exe" = C:\Program Files\Maple 7\BIN.WNT\mserver.exe:*:Enabled:mserver -- ()
"C:\Program Files\AIM95\aim.exe" = C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player -- (RealNetworks, Inc.)
"C:\Program Files\PC-Doctor for Windows\Pcdrw32.exe" = C:\Program Files\PC-Doctor for Windows\Pcdrw32.exe:*:Enabled:browser -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINNT\PCHEALTH\HELPCTR\Binaries\helpctr.exe" = C:\WINNT\PCHEALTH\HELPCTR\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Documents and Settings\Owner\Desktop\allfours.exe" = C:\Documents and Settings\Owner\Desktop\allfours.exe:*:Enabled:allfours -- ()
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\utorrent\utorrent.exe" = C:\Program Files\utorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\SAS\SAS 9.1\sas.exe" = C:\Program Files\SAS\SAS 9.1\sas.exe:*:Enabled:SAS 9.1 for Windows -- ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\WINNT\system32\ZoneLabs\vsmon.exe" = C:\WINNT\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service -- (Check Point Software Technologies LTD)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01001202-823E-46CD-A70E-BEE818F97169}" = Microsoft Encarta Encyclopedia Standard 2002
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}" = Microsoft Streets and Trips 2002
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39DA87A1-0B26-4562-A70C-2A6147366E47}" = PC-Doctor Services
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{61008C2E-92DB-440C-94C6-0FFBDA95F440}" = Introductory Algebra
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68624FB8-2512-46B5-9664-64366DCCB3EB}" = SAS 9.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AF90EF6-F7F9-466C-99F4-1774826FBB40}" = Symantec Network Driver Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75C023EC-64A0-44F7-9D99-C6F6E21EB6F0}" = Do More 5.0
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2C1E44-7685-4D05-8342-B0DC6422FA47}" = Ulead Disc-Direct SDK
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9115E7DB-3B29-445A-802D-11E0AA945B7F}" = Sound Blaster Audigy
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F07D1F5-D292-4C9A-89E3-49044CCF2D9F}" = HP Photo and Imaging 2.0 - Photosmart Cameras
"{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}" = PC-Doctor Consumer UI
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BAD59025-5B73-4E12-B789-0028C5A573C2}" = PC-Doctor Diagnostics
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{BE4AA694-815A-4045-BD49-C94F2BED7458}" = WinFast Entertainment Center(WDM Driver)
"{C1939820-A945-11D4-86F6-0001031E5712}" = DVD Player
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
"{C882DE6B-1482-42D6-A7C2-A9F946EDBAF6}" = WinFast PVR
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money 2002 System Pack
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = PhoneTools
"{E5D4D448-01C2-11D5-96D9-0001023B4117}" = Maple 7
"{E6696A8C-C55A-405C-AFEB-F3880A8BAA45}" = iPod Update 2004-04-28
"{E7298FD5-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money 2002
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Hawking Technologies HWUG1 Wireless-G USB Adapter
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1FBF021-B965-42D3-BF63-D7A121B5490D}" = HelpSpot
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"1656e28ae7cb12a3498502c5526295f6" = SAS Private JRE (J2SE™ Java Runtime Environment 1.4.2_09)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdobeESD" = Adobe Download Manager 1.2 (Remove Only)
"AIM_6.0" = AIM 6.0
"AOL Instant Messenger" = AOL Instant Messenger
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"Creative Driver" = Creative Driver
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DSMT6" = MathType 6
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"EuroTalk Talk Now Plus!" = EuroTalk Talk Now Plus!
"ExamView Pro" = ExamView Assessment Suite
"ffdshow" = ffdshow (remove only)
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Free Video Converter_is1" = Free Video Converter V 2.3
"GTW V.92 Voicemodem" = GTW V.92 Voicemodem
"hp instant support" = hp instant support
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{E6696A8C-C55A-405C-AFEB-F3880A8BAA45}" = iPod Update 2004-04-28
"Introductory Algebra (Fall 2009 Instructor Version)" = Introductory Algebra (Fall 2009 Instructor Version)
"KLiteCodecPack_is1" = K-Lite Codec Pack
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maple 12" = Maple 12
"MatlabR14" = MATLAB Family of Products Release 14
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft Developer Network - Visual Studio 6.0a" = MSDN Library - Visual Studio 6.0a
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Network Play System (Patching)" = Network Play System (Patching)
"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Display Driver" = NVIDIA Display Driver
"PROSet" = Intel® PRO Network Adapters and Drivers
"Quicken 2002 New User Edition" = Quicken 2002 New User Edition
"RealPlayer 12.0" = RealPlayer
"Shockwave" = Shockwave
"SK_PS2MillenniumKeyboard" = PS/2 Millennium Keyboard
"SmartSuite V97.0" = Lotus SmartSuite 97
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SpywareGuard_is1" = SpywareGuard v2.2
"ST6UNST #1" = Gre Bible
"Switch" = Switch Sound File Converter
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual C++ 6.0 Professional Edition" = Microsoft Visual C++ 6.0 Professional Edition
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"VLC media player" = VLC media player 1.0.5
"Windows Media Encoder 7" = Windows Media Encoder 7.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"XviD" = XviD MPEG-4 Codec
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/27/2010 11:05:55 AM | Computer Name = FIREBALL | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

Error - 3/7/2010 6:06:50 PM | Computer Name = FIREBALL | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 winword.exe, P2 12.0.6331.5000, P3
ntdll.dll, P4 5.1.2600.2180, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

[ OSession Events ]
Error - 9/7/2008 11:04:41 PM | Computer Name = FIREBALL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 374
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/9/2010 2:40:52 AM | Computer Name = FIREBALL | Source = Service Control Manager | ID = 7034
Description = The Intel® NMS service terminated unexpectedly. It has done this
1 time(s).

Error - 2/9/2010 2:40:52 AM | Computer Name = FIREBALL | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Driver Helper Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/9/2010 2:40:53 AM | Computer Name = FIREBALL | Source = Service Control Manager | ID = 7034
Description = The AVG Free E-mail Scanner service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/9/2010 2:40:56 AM | Computer Name = FIREBALL | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 2/9/2010 2:40:57 AM | Computer Name = FIREBALL | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/9/2010 1:32:33 PM | Computer Name = FIREBALL | Source = System Error | ID = 1003
Description = Error code 00000024, parameter1 001902fe, parameter2 ac9f1774, parameter3
ac9f1470, parameter4 f7b62bf4.

Error - 2/13/2010 8:10:30 PM | Computer Name = FIREBALL | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 2/27/2010 10:57:08 AM | Computer Name = FIREBALL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor
service to connect.

Error - 2/27/2010 10:57:08 AM | Computer Name = FIREBALL | Source = Service Control Manager | ID = 7000
Description = The TrueVector Internet Monitor service failed to start due to the
following error: %%1053

Error - 3/7/2010 2:59:07 AM | Computer Name = FIREBALL | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'avgse.dll.old' on the volume 'HarddiskVolume1'. It
has stopped monitoring the volume.


< End of report >
  • 0

#6
mpascal
Posted 09 March 2010 - 12:53 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi smplynik,

STEP 1 - OTL Fix

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :OTL
O33 - MountPoints2\{1af9ee1a-abc5-11de-8202-0007e99f3bf0}\Shell\AutoRun\command - "" = H:\rg9g9bgq.exe -- File not found
O33 - MountPoints2\{1af9ee1a-abc5-11de-8202-0007e99f3bf0}\Shell\open\Command - "" = H:\rg9g9bgq.exe -- File not found
O33 - MountPoints2\{1edf4a68-b4f2-11d8-98eb-00038a000015}\Shell\AutoRun\command - "" = filesystem/pagefile.exe
O33 - MountPoints2\{1edf4a68-b4f2-11d8-98eb-00038a000015}\Shell\eXpLorE\cOMMand - "" = filesystem/pagefile.exe
O33 - MountPoints2\{1edf4a68-b4f2-11d8-98eb-00038a000015}\Shell\oPen\CoMMAnd - "" = filesystem/pagefile.exe
O33 - MountPoints2\{cbdd0269-0a24-11de-81c3-0007e99f3bf0}\Shell - "" = AutoRun
O33 - MountPoints2\{cbdd0269-0a24-11de-81c3-0007e99f3bf0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cbdd0269-0a24-11de-81c3-0007e99f3bf0}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
[2010/01/23 12:30:18 | 000,000,035 | ---- | C] () -- C:\WINNT\System32\winitn.dll
[2010/01/23 12:30:05 | 000,051,712 | ---- | C] () -- C:\WINNT\System32\coodest.dll
[2003/03/25 20:56:11 | 000,057,344 | ---- | C] () -- C:\WINNT\System32\mupkernps11.dll


:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • Kaspersky Log

  • 0

#7
smplynik
Posted 10 March 2010 - 08:03 AM

smplynik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi mpascal,

Here are the logs


Malwarebytes' Anti-Malware 1.44
Database version: 3845
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

3/9/2010 8:23:35 PM
mbam-log-2010-03-09 (20-23-35).txt

Scan type: Quick Scan
Objects scanned: 183093
Time elapsed: 11 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
------------------------------------------------------------------------------------

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, March 10, 2010
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, March 09, 2010 23:07:57
Records in database: 3751592
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 226934
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 09:03:45


File name / Threat / Threats count
C:\OEMDRVRS\GWMDMU.EXE Infected: Packed.Win32.Krap.ak 1
C:\WINNT\GWMDMU.exe Infected: Packed.Win32.Krap.ak 1

Selected area has been scanned.
  • 0

#8
mpascal
Posted 10 March 2010 - 02:20 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Do you have a Gateway PC?
  • 0

#9
smplynik
Posted 10 March 2010 - 03:12 PM

smplynik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Yes I have a Gateway PC
  • 0

#10
mpascal
Posted 11 March 2010 - 12:50 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
OK, are you having any other problems?
  • 0

Advertisements

#11
smplynik
Posted 11 March 2010 - 01:01 PM

smplynik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
No I don't have any other problems. Everything seems to be running as good as it can I think.

Thanks
  • 0

#12
mpascal
Posted 11 March 2010 - 01:04 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
OK, I'll give you some instructions to remove tools and advice to prevent future infection.

STEP 1 - Clear Restore Points

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
[CLEARALLRESTOREPOINTS]
  • Then click the Run Fix button at the top.
STEP 2 - Remove Tools

Run OTL
  • Click Clean Up in the upper right corner.
  • This will remove most if not all the tools we used while we were fixing your computer. Feel free to delete any others it leaves behind.
Now that you have a clean system, I would like to share with you some advice to help reduce the risk of future infection.

+++++++++++++++++++++++++++++++++++++++++++++++

I recommend that you install both of the following free programs if you haven''t already, as they can greatly increase the security of your system. It is not essential that you have these programs installed, but they do a very good job at preventing infection if your system is scanned regularly.+++++++++++++++++++++++++++++++++++++++++++++++

A good firewall is also useful for keeping a system infection free. You should only have ONE firewall installed on your computer - having more than one will not increase the security of your system. Here is a small list of some free firewallsAn antivirus program is also a program that should be installed on all computers. These will help reduce the risk that your computer gets infected by viruses or trojans in the future. Keep in mind that you only need ONE antivirus program installed on your computer. If you have more than one installed, they can often conflict and leave your system unprotected.Having up to date Antivirus and Firewall software is vital to keeping a healthy, infection free system

+++++++++++++++++++++++++++++++++++++++++++++++

To find out more information on how your system got infected, or how to protect yourself on the internet in the future, this article by Tony Klein provides some great information.

Good luck and safe surfing!

-mpascal
  • 0

#13
smplynik
Posted 13 March 2010 - 02:26 AM

smplynik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi,

Thanks alot for your help.

Nik
  • 0

#14
smplynik
Posted 13 March 2010 - 03:44 AM

smplynik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
mpascal,

One thing I've noticed is that some icons have disappeared from my system tray. I assumed that they would show up again after rebooting but I've done that a few times and still no go. It's the volume, spywareguard and flash drive icons. My system says spyware guard is running but no window opens when I click on it. Is this anything to be concerned about?

Nik
  • 0

#15
mpascal
Posted 13 March 2010 - 01:40 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi Nik,

This seems to be a known issue with Microsoft, I think I know how to fix it though.

Right Click on My Computer and click Manage.
  • Click Services and Applications
  • Double click Services
  • In the services list, right click SSDP Discovery Service, and click Properties
  • On the General Tab, in the Startup Type drop down list, click Disabled
  • Click OK.
Let me know if that works.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP