Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

startup error: fofufeno.dll [Solved]

Started by poke963 , Mar 14 2010 08:36 AM

This topic is locked

#1
poke963

Posted 14 March 2010 - 08:36 AM

Member

Member
10 posts

i noticed heavy amounts of popups yesterday night and so im trying to get it fixed right now.

when ever my computer starts up this appears (attatchment)
i did some googleing and to my understanding its related to malware/viruses. all i know is that its not a good thing. i also found a thread simular to the problem i have on here: http://www.geekstogo...ot-t187282.html

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

i tried and the link was broken so now im trying to do what i can do.
so now im doing full system scan with avast free home edition 4.8 and kaspersky online scanner to see if they can pull anything.

Attached Files

untitled.bmp 134.29KB 200 downloads

#2
heir

Posted 14 March 2010 - 08:42 AM

Trusted Helper

Malware Removal
5,427 posts

Hello poke963 !

Welcome to the site!

My nickname is heir and I'll be helping clean up your computer.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Virus, Spyware and Trojan Removal..
Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
Make sure you reply to this thread using the Add Reply button:

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.

Never follow directions thats laid out for another users computer, it can be dangerous.

Please read this :
Malware and Spyware Cleaning Guide, Please read before starting a new topic

Step 1.
Things I would like to see in your reply:

The content of the logs from MBAM, OTL and GMER.
Information on how your computer is running.

#3
poke963

Posted 14 March 2010 - 10:16 AM

Member

Topic Starter
Member
10 posts

hello heir.
thanks for the tips. i just thought if similar problems occur, the solutions should be similar too.
i was wondering if its safe to play games that require you to log in while i have this problem (like does it key log me?)

back on topic:
for MBAM one i get the error about it not being found and i ran the setup for like 2 times. (attatchment)

im running GMER now

can i run OTL while GMER is running? as the guide said to close all other windows

it seems that the browser i use (opera 10.10) is running slower than usual sometimes (switching between tabs) but then thats probably because i was loading a game.

oh and i noticed that the popup ads dont appear anymore (it was popping up often yesterday night, maybe once every 2 mins?)
EDIT: first pop-up appeared while refreshing this page
pop-ups starting again =[

computer crashed. itnernet explorer opened up and screen froze so i rebooted and have to re-run GMER

Attached Files

untitled2.bmp 163.8KB 183 downloads

Edited by poke963, 14 March 2010 - 11:08 AM.

#4
heir

Posted 14 March 2010 - 11:52 AM

Trusted Helper

Malware Removal
5,427 posts

can i run OTL while GMER is running? as the guide said to close all other windows

Just do the steps one at a time then post the logs.

If a step can't be performed let me know what happened and continue with the next one.

#5
poke963

Posted 14 March 2010 - 03:28 PM

Member

Topic Starter
Member
10 posts

the MBAM wont run. the pic attatched on previous post is what happens when i install it.
when i try to run it, the error saids can not find mbam.exe

sorry about that. i thought it would be easier to distinguish where each log ended and started with the code function

OTL's OTL.Txt
OTL logfile created on: 3/14/2010 4:03:59 PM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 213.00 Mb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.30 Gb Total Space | 110.30 Gb Free Space | 49.17% Space Free | Partition Type: NTFS
Drive D: | 8.56 Gb Total Space | 0.94 Gb Free Space | 10.94% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 982.72 Mb Total Space | 417.83 Mb Free Space | 42.52% Space Free | Partition Type: FAT

Computer Name: YOUR-4DACD0EA75
Current User Name: Compaq_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/14 09:52:39 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
PRC - [2009/11/24 18:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/20 20:01:18 | 000,832,296 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008/12/10 13:57:16 | 001,482,815 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe
PRC - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/06/27 16:24:34 | 000,467,028 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/10 08:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2006/09/20 21:34:27 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/08/03 01:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2004/10/08 12:52:32 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE

========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 000,097,280 | -HS- | M] () -- C:\WINDOWS\system32\tehisuvo.dll
MOD - [2099/01/01 12:00:00 | 000,060,416 | -HS- | M] () -- C:\WINDOWS\system32\duzirasa.dll
MOD - [2010/03/14 09:52:39 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (getPlus® Helper) getPlus®
SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/07/26 12:54:45 | 003,352,524 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/06/27 16:24:34 | 000,467,028 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/02/27 12:54:52 | 000,360,547 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNDA3100\jswpsapi.exe -- (jswpsapi)
SRV - [2007/11/07 09:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/02/10 08:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2007/02/10 08:29:47 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005/10/14 05:50:19 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/08/03 01:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;localhost

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "blank"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/14 12:12:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/14 12:12:33 | 000,000,000 | ---D | M]

[2009/08/22 18:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Extensions
[2009/08/22 18:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Extensions\[email protected]
[2010/03/13 16:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\wahjb589.default\extensions
[2009/08/14 09:41:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\wahjb589.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/13 16:30:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/10 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (WebDetectorBHO Class) - {43BEAFD9-E005-483D-A367-146BA6C8A32E} - C:\Program Files\Tudou\·ÉËÙTudou\tudouDetector.dll (土豆网)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll File not found
O2 - BHO: (Microsoft Web Test Recorder 9.0 Helper) - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [jswtrayutil] C:\Program Files\NETGEAR\WNDA3100\jswtrayutil.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [kokisaziz] C:\WINDOWS\System32\tehisuvo.DLL ()
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [Fraps] C:\Fraps\fraps.exe (Beepa P/L)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Startup\Æô¶¯·ÉËÙÍÁ¶¹.lnk = C:\Program Files\Tudou\·ÉËÙTudou\TudouVa.exe (土豆网)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.9.113.cab (CDownloadCtrl Object)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6796.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1249951746481 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\fofufenu.dll c:\windows\system32\tehisuvo.dll) - C:\WINDOWS\System32\fofufenu.dll File not found
O20 - AppInit_DLLs: (duzirasa.dll) - C:\WINDOWS\System32\duzirasa.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21 - SSODL: fahudofoz - {8e9374b7-049c-4cee-9709-a9713e5208a2} - C:\WINDOWS\System32\fofufenu.dll File not found
O21 - SSODL: lurifamul - {e85e3027-0765-4720-8445-1f57491e8ece} - C:\WINDOWS\system32\tehisuvo.dll ()
O22 - SharedTaskScheduler: {8e9374b7-049c-4cee-9709-a9713e5208a2} - tokatiluy - C:\WINDOWS\System32\fofufenu.dll File not found
O22 - SharedTaskScheduler: {e85e3027-0765-4720-8445-1f57491e8ece} - kupuhivus - C:\WINDOWS\system32\tehisuvo.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 23:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\Autoexec.bat -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/11/14 21:13:14 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (206158430208)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/14 09:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Malwarebytes
[2010/03/14 09:54:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/14 09:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/14 09:54:54 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/14 09:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/14 09:51:58 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
[2010/03/14 09:51:49 | 005,115,840 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\mbam-setup.exe
[2010/03/08 21:12:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/03/03 16:46:10 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2010/01/19 00:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/01/01 12:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire
[2009/08/10 23:13:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/09/20 21:00:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/09/20 21:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/09/20 21:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/02/19 12:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[46 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[41 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2099/01/01 12:00:00 | 000,097,280 | -HS- | M] () -- C:\WINDOWS\System32\tehisuvo.dll
[2099/01/01 12:00:00 | 000,071,168 | -HS- | M] () -- C:\WINDOWS\System32\yofivowi.dll
[2099/01/01 12:00:00 | 000,060,416 | -HS- | M] () -- C:\WINDOWS\System32\vavanoho.dll
[2099/01/01 12:00:00 | 000,060,416 | -HS- | M] () -- C:\WINDOWS\System32\mubodigi.dll
[2099/01/01 12:00:00 | 000,060,416 | -HS- | M] () -- C:\WINDOWS\System32\duzirasa.dll
[2099/01/01 12:00:00 | 000,060,416 | -HS- | M] () -- C:\WINDOWS\System32\dobipimo.dll
[2099/01/01 12:00:00 | 000,044,032 | -HS- | M] () -- C:\WINDOWS\System32\wepatogi.dll
[2099/01/01 12:00:00 | 000,043,008 | -HS- | M] () -- C:\WINDOWS\System32\wutakizu.dll
[2010/03/14 16:06:43 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\lapolopo
[2010/03/14 16:00:01 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\sswsbmkt.job
[2010/03/14 15:11:26 | 000,000,041 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\jagex_runescape_preferences.dat
[2010/03/14 14:42:04 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\jagex_runescape_preferences2.dat
[2010/03/14 12:06:01 | 000,000,245 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/03/14 12:04:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Startup\Æô¶¯·ÉËÙÍÁ¶¹.lnk
[2010/03/14 12:04:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/14 12:04:07 | 000,250,654 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/14 12:03:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/14 12:03:55 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/14 09:59:40 | 000,167,734 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\untitled2.bmp
[2010/03/14 09:57:34 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/14 09:55:03 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\ntuser.dat
[2010/03/14 09:54:31 | 005,115,840 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\mbam-setup.exe
[2010/03/14 09:52:42 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\gmer.zip
[2010/03/14 09:52:39 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
[2010/03/14 09:27:39 | 000,137,514 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\untitled.bmp
[2010/03/14 08:34:22 | 000,488,088 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 08:34:22 | 000,089,046 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 08:34:21 | 000,587,650 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/13 15:53:26 | 000,000,226 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\RS barb assult.mac
[2010/03/13 01:10:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\ntuser.ini
[2010/03/07 07:56:35 | 000,000,661 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/07 07:56:35 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/03/07 07:56:35 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/06 18:18:43 | 000,031,804 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\Stela Deus 1.rtf
[2010/03/04 23:47:25 | 008,528,649 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Industry2 (2).pdf
[2010/03/04 23:44:04 | 003,188,833 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Industry2 (1).pdf
[2010/03/04 23:42:13 | 006,019,807 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Industry1 (1).pdf
[2010/03/04 20:33:48 | 008,528,649 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Industry2.pdf
[2010/03/04 20:32:53 | 006,019,807 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Industry1.pdf
[2010/03/04 20:05:43 | 009,805,810 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Development2.pdf
[2010/03/04 20:05:06 | 006,565,149 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Development1.pdf
[2010/03/04 19:55:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[46 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[41 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,097,280 | -HS- | C] () -- C:\WINDOWS\System32\tehisuvo.dll
[2099/01/01 12:00:00 | 000,071,168 | -HS- | C] () -- C:\WINDOWS\System32\yofivowi.dll
[2099/01/01 12:00:00 | 000,060,416 | -HS- | C] () -- C:\WINDOWS\System32\vavanoho.dll
[2099/01/01 12:00:00 | 000,060,416 | -HS- | C] () -- C:\WINDOWS\System32\mubodigi.dll
[2099/01/01 12:00:00 | 000,060,416 | -HS- | C] () -- C:\WINDOWS\System32\duzirasa.dll
[2099/01/01 12:00:00 | 000,060,416 | -HS- | C] () -- C:\WINDOWS\System32\dobipimo.dll
[2099/01/01 12:00:00 | 000,044,032 | -HS- | C] () -- C:\WINDOWS\System32\wepatogi.dll
[2099/01/01 12:00:00 | 000,043,008 | -HS- | C] () -- C:\WINDOWS\System32\wutakizu.dll
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\lapolopo
[2010/03/14 11:23:00 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\sswsbmkt.job
[2010/03/14 09:59:40 | 000,167,734 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\untitled2.bmp
[2010/03/14 09:55:24 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\gmer.exe
[2010/03/14 09:55:01 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/14 09:51:54 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\gmer.zip
[2010/03/14 09:11:12 | 000,137,514 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\untitled.bmp
[2010/03/07 20:39:50 | 000,000,226 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\RS barb assult.mac
[2010/03/04 23:44:10 | 008,528,649 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Industry2 (2).pdf
[2010/03/04 23:42:24 | 003,188,833 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Industry2 (1).pdf
[2010/03/04 23:42:12 | 006,019,807 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Industry1 (1).pdf
[2010/03/04 20:29:26 | 008,528,649 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Industry2.pdf
[2010/03/04 20:29:24 | 006,019,807 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Industry1.pdf
[2010/03/04 20:00:43 | 009,805,810 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Development2.pdf
[2010/03/04 20:00:41 | 006,565,149 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Development1.pdf
[2010/03/01 00:21:30 | 000,031,804 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\Stela Deus 1.rtf
[2010/01/21 20:33:06 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/12/30 00:40:28 | 000,147,144 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/12/28 11:45:15 | 000,006,812 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/08/29 13:08:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2009/08/26 15:39:07 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/25 09:27:45 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/15 19:37:40 | 000,002,416 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\wklnhst.dat
[2009/08/10 19:52:27 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/08/10 19:37:26 | 000,000,159 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\fusioncache.dat
[2009/08/08 17:59:55 | 000,000,172 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/29 21:54:03 | 000,004,878 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yfffltzj.xqq
[2008/06/27 16:18:04 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2006/09/20 22:13:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/20 21:53:38 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/09/20 21:48:47 | 000,012,989 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/09/20 21:48:41 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/09/20 21:45:51 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/20 21:36:21 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/09/20 21:35:05 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/20 21:30:44 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/09/20 21:29:39 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/09/20 21:26:40 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/09/20 21:26:40 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/09/20 21:26:40 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/09/20 21:26:39 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/09/20 21:26:39 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/09/20 21:26:39 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/09/20 21:25:26 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/09/20 21:03:49 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 13:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 23:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 01:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 09:51:38 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/04/18 16:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 16:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/07/31 22:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/08/29 13:07:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2006/09/20 21:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2009/07/28 21:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2009/08/08 17:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2010/03/14 12:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/31 22:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/09/20 21:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/08/11 16:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\acccore
[2010/02/17 22:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\BitTorrent
[2009/12/22 18:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\com.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1
[2009/12/23 21:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\DragonicaTWCB
[2010/01/17 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\GetRightToGo
[2010/02/17 20:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Leadertech
[2010/02/19 21:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\LimeWire
[2009/08/12 20:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\MSNInstaller
[2009/08/24 23:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Nexon
[2009/09/10 17:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\OpenOffice.org
[2009/08/10 20:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Opera
[2010/02/26 23:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Raptr
[2009/08/15 19:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Template
[2010/03/14 16:00:01 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\sswsbmkt.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/08/02 09:45:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/09 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/08/02 09:45:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/08/02 09:45:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/09 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/08/02 09:45:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 07:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 07:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/09 23:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/09 23:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/06/17 08:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2004/08/09 23:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/09 23:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/09 23:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/09 23:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2005/07/26 06:39:44 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[46 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/30 15:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/30 15:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/30 15:51:10 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >

OTL'S Extras.Txt
OTL Extras logfile created on: 3/14/2010 4:03:59 PM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 213.00 Mb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.30 Gb Total Space | 110.30 Gb Free Space | 49.17% Space Free | Partition Type: NTFS
Drive D: | 8.56 Gb Total Space | 0.94 Gb Free Space | 10.94% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 982.72 Mb Total Space | 417.83 Mb Free Space | 42.52% Space Free | Partition Type: FAT

Computer Name: YOUR-4DACD0EA75
Current User Name: Compaq_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\Tudou\·ÉËÙTudou\TudouVa.exe" = C:\Program Files\Tudou\·ÉËÙTudou\TudouVa.exe:*:Enabled:????1.20 -- (土豆网)
"C:\Program Files\Softnyx\RakionIS\Bin\rakion.bin" = C:\Program Files\Softnyx\RakionIS\Bin\rakion.bin:*:Enabled:rakion -- ()
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- File not found
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- File not found
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- File not found
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Steam\steamapps\harlan321\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\harlan321\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Steam\steamapps\harlan321\condition zero\hl.exe" = C:\Program Files\Steam\steamapps\harlan321\condition zero\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
".sol Editor" = .sol Editor 1.1.0.1
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1700" = Canon iP1700
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{14E94112-5F6B-4049-B177-4C7E69D3C3A0}_is1" = Dragonica Online - Open Beta Test
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java™ 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{80C06CCD-7D07-3DB6-86CD-B57B3F0614D8}" = Microsoft Visual Studio Team System 2008 Team Suite - ENU
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C0100D9E-2372-45E2-BDA5-BD18F9B03298}" = WNDA3100
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EB3F5C2A-0754-38B8-8722-7B537006BF46}" = Microsoft Visual Studio 2008 Performance Collection Tools - ENU
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"·ÉËÙÍÁ¶¹" = ·ÉËÙÍÁ¶¹ 1.20
"AC Tool" = AC Tool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast!" = avast! Antivirus
"AwayMode160" = Microsoft Away Mode
"Canon iP1700 User Registration" = Canon iP1700 User Registration
"CanonMyPrinter" = Canon My Printer
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps (remove only)
"GoldWave v5.20" = GoldWave v5.20
"GunboundWC_is1" = GunboundWC
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HPOOVClient-5577497 Uninstaller" = Compaq Connections (remove only)
"Icon Restore_is1" = Icon Restore 1.0
"IE8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{C0100D9E-2372-45E2-BDA5-BD18F9B03298}" = NETGEAR RangeMax Duo Wireless-N USB Adapter WNDA3100
"LimeWire" = LimeWire 5.3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio Team System 2008 Team Suite - ENU" = Microsoft Visual Studio Team System 2008 Team Suite - ENU
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OfficeTrial" = Microsoft Office Standard Edition 2003 60 days trial
"Plants vs. Zombies" = Plants vs. Zombies
"PROR" = Microsoft Office Professional 2007
"QcDrv" = Logitech® Camera Driver
"Rakion International_is1" = Rakion International
"Raptr" = Raptr
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"Steam App 550" = Left 4 Dead 2
"Steam App 80" = Condition Zero
"SystemRequirementsLab" = System Requirements Lab
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.2
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"WildTangent compaq Master Uninstall" = My HP Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 8/10/2009 9:23:47 PM | Computer Name = YOUR-4DACD0EA75 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\2e9211650cffe001872ce589a08795a8\BIT84.tmp
failed, 00000026.

Error - 11/5/2009 11:22:55 PM | Computer Name = YOUR-4DACD0EA75 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://ui.mevio.com/...ined.js?r=34879 failed, 0000A413.

Error - 11/11/2009 4:01:03 PM | Computer Name = YOUR-4DACD0EA75 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP72\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-4266174557-1370792569-4170656527-1007
failed, 000005AA.

Error - 11/21/2009 2:22:35 PM | Computer Name = YOUR-4DACD0EA75 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://dragonica.db....LvData.php?b=32 failed, 0000A413.

Error - 11/21/2009 2:27:14 PM | Computer Name = YOUR-4DACD0EA75 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://dragonica.db....LvData.php?b=32 failed, 0000A413.

Error - 11/24/2009 9:49:18 PM | Computer Name = YOUR-4DACD0EA75 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\1ef0be90f070e450b9c79a63a59a4810\BIT1B4.tmp
failed, 00000026.

Error - 1/4/2010 12:19:20 AM | Computer Name = YOUR-4DACD0EA75 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
J:\LaunchU3.exe failed, 0000001E.

Error - 3/14/2010 12:48:08 PM | Computer Name = YOUR-4DACD0EA75 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\MEMORY.DMP failed, 00000005.

Error - 3/14/2010 12:48:08 PM | Computer Name = YOUR-4DACD0EA75 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\MEMORY.DMP failed, 00000005.

[ Application Events ]
Error - 1/28/2010 3:45:02 PM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 11722
Description = Product: Java™ 6 Update 18 -- Error 1722.There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action patchjre,
location: C:\Program Files\Java\jre6\patchjre.exe, command: -s "C:\Program Files\Java\jre6"

Error - 1/30/2010 2:22:18 AM | Computer Name = YOUR-4DACD0EA75 | Source = Application Error | ID = 1000
Description = Faulting application wordpad.exe, version 5.1.2600.5584, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 1/31/2010 8:28:38 PM | Computer Name = YOUR-4DACD0EA75 | Source = Application Hang | ID = 1002
Description = Hanging application GoldWave.exe, version 5.20.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/5/2010 9:21:09 PM | Computer Name = YOUR-4DACD0EA75 | Source = MSSQL$SQLEXPRESS | ID = 17207
Description = FCB::Open: Operating system error 32(The process cannot access the
file because it is being used by another process.) occurred while creating or opening
file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\tempdb.mdf'. Diagnose
and correct the operating system error, and retry the operation.

Error - 2/5/2010 9:21:09 PM | Computer Name = YOUR-4DACD0EA75 | Source = MSSQL$SQLEXPRESS | ID = 17204
Description = FCB::Open failed: Could not open file c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\tempdb.mdf for file number 1. OS error: 32(The process
cannot access the file because it is being used by another process.).

Error - 2/7/2010 4:38:21 PM | Computer Name = YOUR-4DACD0EA75 | Source = Application Hang | ID = 1002
Description = Hanging application hl.exe, version 1.1.1.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/22/2010 12:49:47 AM | Computer Name = YOUR-4DACD0EA75 | Source = Application Hang | ID = 1002
Description = Hanging application hl.exe, version 1.1.1.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2/12/2010 9:15:52 PM | Computer Name = YOUR-4DACD0EA75 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2/12/2010 9:26:35 PM | Computer Name = YOUR-4DACD0EA75 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2/12/2010 9:26:35 PM | Computer Name = YOUR-4DACD0EA75 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2/12/2010 9:34:34 PM | Computer Name = YOUR-4DACD0EA75 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2/12/2010 9:34:34 PM | Computer Name = YOUR-4DACD0EA75 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2/13/2010 10:57:51 AM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 2/14/2010 10:22:31 AM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 2/15/2010 11:22:07 AM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 2/16/2010 6:54:00 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 2/17/2010 5:39:38 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

< End of report >

GMER'S ark.txt
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-14 16:00:45
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1.YOU\LOCALS~1\Temp\kgxyafob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF32666B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF3266574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF3266A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF326614C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF326664E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF326608C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF32660F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF326676E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF326672E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF32668AE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.5.8)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.5.8)@Comments Mozilla Firefox
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.5.8)@DisplayIcon C:\Program Files\Mozilla Firefox\firefox.exe,0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.5.8)@DisplayName Mozilla Firefox (3.5.8)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.5.8)@DisplayVersion 3.5.8 (en-US)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.5.8)@InstallLocation C:\Program Files\Mozilla Firefox
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.5.8)@Publisher Mozilla
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.5.8)@UninstallString C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.5.8)@URLInfoAbout http://en-US.www.mozilla.com/en-US/
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.5.8)@URLUpdateInfo http://en-US.www.moz.../en-US/firefox/
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.5.8)@NoModify 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.5.8)@NoRepair 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 36
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesSuccessful 21

---- EOF - GMER 1.0.15 ----

Edited by poke963, 14 March 2010 - 04:57 PM.

#6
heir

Posted 14 March 2010 - 03:50 PM

Trusted Helper

Malware Removal
5,427 posts

Please don't enclose the logs in any tags it makes them harder to analyse, just post them.

Could you please remove the tags in your previous post.

#7
poke963

Posted 14 March 2010 - 09:17 PM

Member

Topic Starter
Member
10 posts

it is ok with only the GMER and OTL logs? i cant get MBAB to run. it keeps on not being found and instalation still has the same error attatched 2 posts ago

#8
heir

Posted 15 March 2010 - 01:43 AM

Trusted Helper

Malware Removal
5,427 posts

Thanks that's better.
Nnow lets start removing the bad stuff.

Step 1.
Uninstall unwanted programs:

Please go to Start > Control Panel > Add/Remove Programs and remove the following:

LimeWire 5.3.6
BitTorrent

Optional removals
Limewire, BitTorrent and P2P programs in general are legal themselves, but much of the content downloaded with them is downloaded illegally. They are also a great way to infect yourself with malware.
It's up to you if you want to remove the above programs, however I recommend you do.

Step 2.
OTL-fix:

Run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [kokisaziz] C:\WINDOWS\System32\tehisuvo.DLL ()
O20 - AppInit_DLLs: (c:\windows\system32\fofufenu.dll c:\windows\system32\tehisuvo.dll) - C:\WINDOWS\System32\fofufenu.dll File not found
O20 - AppInit_DLLs: (duzirasa.dll) - C:\WINDOWS\System32\duzirasa.dll ()
O21 - SSODL: fahudofoz - {8e9374b7-049c-4cee-9709-a9713e5208a2} - C:\WINDOWS\System32\fofufenu.dll File not found
O21 - SSODL: lurifamul - {e85e3027-0765-4720-8445-1f57491e8ece} - C:\WINDOWS\system32\tehisuvo.dll ()
O22 - SharedTaskScheduler: {8e9374b7-049c-4cee-9709-a9713e5208a2} - tokatiluy - C:\WINDOWS\System32\fofufenu.dll File not found
O22 - SharedTaskScheduler: {e85e3027-0765-4720-8445-1f57491e8ece} - kupuhivus - C:\WINDOWS\system32\tehisuvo.dll ()
[2099/01/01 12:00:00 | 000,097,280 | -HS- | M] () -- C:\WINDOWS\System32\tehisuvo.dll
[2099/01/01 12:00:00 | 000,071,168 | -HS- | M] () -- C:\WINDOWS\System32\yofivowi.dll
[2099/01/01 12:00:00 | 000,060,416 | -HS- | M] () -- C:\WINDOWS\System32\vavanoho.dll
[2099/01/01 12:00:00 | 000,060,416 | -HS- | M] () -- C:\WINDOWS\System32\mubodigi.dll
[2099/01/01 12:00:00 | 000,060,416 | -HS- | M] () -- C:\WINDOWS\System32\duzirasa.dll
[2099/01/01 12:00:00 | 000,060,416 | -HS- | M] () -- C:\WINDOWS\System32\dobipimo.dll
[2099/01/01 12:00:00 | 000,044,032 | -HS- | M] () -- C:\WINDOWS\System32\wepatogi.dll
[2099/01/01 12:00:00 | 000,043,008 | -HS- | M] () -- C:\WINDOWS\System32\wutakizu.dll
[2010/03/14 16:06:43 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\lapolopo
[2010/03/14 16:00:01 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\sswsbmkt.job
[2009/07/31 22:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"=-
"C:\Program Files\BitTorrent\bittorrent.exe"=-
:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the OTL fixlog

Step 3.
OTL-scan:

Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Standard Output.
Underneath the option Extra Registry change it to Use SafeList.
Underneath the option File Scans check the boxes beside Use Company Name WhiteList, Skip Microsoft Files, LOP Check, Purity Check.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Step 4.
Things I would like to see in your reply:

Which P2P programs were uninstalled in step 1.
The content of the fixlog from OTL in step 2.
The content of OTL.txt and Extras.txt from step 3.
Information on how your computer is running now.

#9
poke963

Posted 15 March 2010 - 07:18 PM

Member

Topic Starter
Member
10 posts

OTL.exe fix
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kokisaziz deleted successfully.
File C:\WINDOWS\System32\tehisuvo.DLL not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\fofufenu.dll c:\windows\system32\tehisuvo.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:duzirasa.dll deleted successfully.
C:\WINDOWS\system32\duzirasa.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\fahudofoz deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e9374b7-049c-4cee-9709-a9713e5208a2}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\lurifamul not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e85e3027-0765-4720-8445-1f57491e8ece}\ not found.
File C:\WINDOWS\system32\tehisuvo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{8e9374b7-049c-4cee-9709-a9713e5208a2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e9374b7-049c-4cee-9709-a9713e5208a2}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{e85e3027-0765-4720-8445-1f57491e8ece} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e85e3027-0765-4720-8445-1f57491e8ece}\ not found.
File C:\WINDOWS\system32\tehisuvo.dll not found.
File C:\WINDOWS\System32\tehisuvo.dll not found.
File C:\WINDOWS\System32\yofivowi.dll not found.
C:\WINDOWS\system32\vavanoho.dll moved successfully.
C:\WINDOWS\system32\mubodigi.dll moved successfully.
File C:\WINDOWS\System32\duzirasa.dll not found.
C:\WINDOWS\system32\dobipimo.dll moved successfully.
C:\WINDOWS\system32\wepatogi.dll moved successfully.
C:\WINDOWS\system32\wutakizu.dll moved successfully.
C:\WINDOWS\system32\lapolopo moved successfully.
File C:\WINDOWS\tasks\sswsbmkt.job not found.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EarthLink TotalAccess\TaskPanl.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 8242688 bytes
->Temporary Internet Files folder emptied: 414803 bytes
->Flash cache emptied: 405 bytes

User: All Users

User: Compaq_Administrator
->Temp folder emptied: 186635006 bytes
->Temporary Internet Files folder emptied: 568041024 bytes
->Java cache emptied: 13425364 bytes
->FireFox cache emptied: 75300866 bytes
->Opera cache emptied: 83358003 bytes
->Flash cache emptied: 14544 bytes

User: Compaq_Administrator.YOUR-4DACD0EA75
->Temp folder emptied: 1168265614 bytes
->Temporary Internet Files folder emptied: 67265111 bytes
->Java cache emptied: 46255275 bytes
->FireFox cache emptied: 63126437 bytes
->Opera cache emptied: 97964862 bytes
->Flash cache emptied: 159063 bytes

User: Default User
->Temp folder emptied: 8242688 bytes
->Temporary Internet Files folder emptied: 361111 bytes
->Flash cache emptied: 42025 bytes

User: LocalService
->Temp folder emptied: 82368 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 1916928 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39138 bytes
%systemroot%\System32 .tmp files removed: 24729796 bytes
%systemroot%\System32\dllcache .tmp files removed: 20839632 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3956868 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 38790538 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 379764 bytes
RecycleBin emptied: 1014199861 bytes

Total Files Cleaned = 3,330.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Compaq_Administrator
->Flash cache emptied: 0 bytes

User: Compaq_Administrator.YOUR-4DACD0EA75
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.1.37.1 log created on 03152010_192756

Files\Folders moved on Reboot...
C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\IadHide5.dll moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_91c.dat not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6fc.dat not found!

Registry entries deleted on Reboot...

OTL.exe scan
OTL logfile created on: 3/15/2010 7:48:55 PM - Run 2
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 497.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.30 Gb Total Space | 112.99 Gb Free Space | 50.37% Space Free | Partition Type: NTFS
Drive D: | 8.56 Gb Total Space | 0.94 Gb Free Space | 10.94% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 982.72 Mb Total Space | 417.83 Mb Free Space | 42.52% Space Free | Partition Type: FAT

Computer Name: YOUR-4DACD0EA75
Current User Name: Compaq_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/14 09:52:39 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
PRC - [2009/12/27 23:03:58 | 000,020,480 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
PRC - [2009/11/24 18:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/20 20:01:18 | 000,832,296 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008/12/10 13:57:16 | 001,482,815 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe
PRC - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/06/27 16:24:34 | 000,467,028 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/10 08:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2006/09/20 21:34:27 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/08/03 01:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/03 01:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2004/10/08 13:24:42 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2004/10/08 13:07:06 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2004/10/08 12:52:32 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE

========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 000,100,864 | -HS- | M] () -- C:\WINDOWS\system32\towuvela.dll
MOD - [2010/03/14 09:52:39 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
MOD - [2006/09/20 21:49:35 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\IadHide5.dll
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (getPlus® Helper) getPlus®
SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/07/26 12:54:45 | 003,352,524 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/06/27 16:24:34 | 000,467,028 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/02/27 12:54:52 | 000,360,547 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNDA3100\jswpsapi.exe -- (jswpsapi)
SRV - [2007/11/07 09:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/02/10 08:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2007/02/10 08:29:47 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005/10/14 05:50:19 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/08/03 01:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)

========== Driver Services (SafeList) ==========

DRV - [2009/11/24 18:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 18:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 18:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 18:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 18:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 18:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/08/17 00:57:00 | 007,729,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/02/11 12:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/10/01 16:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/09/30 03:24:36 | 000,453,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WNDA31.sys -- (WNDA3100)
DRV - [2008/05/19 17:36:28 | 000,023,217 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | Auto | Running] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\MapleStory\npkcrypt.sys -- (npkcrypt)
DRV - [2007/12/14 04:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/09/04 17:53:34 | 000,055,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys -- (VSPerfDrv90)
DRV - [2006/03/03 17:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 17:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/12 19:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 13:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 13:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 13:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/06/29 19:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/08 02:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2005/01/03 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/10/08 07:00:59 | 000,211,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2004/10/08 06:57:48 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/08/09 23:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/04 01:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 09:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "blank"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/15 19:33:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/14 12:12:33 | 000,000,000 | ---D | M]

[2009/08/22 18:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Extensions
[2009/08/22 18:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Extensions\[email protected]
[2010/03/14 16:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\wahjb589.default\extensions
[2009/08/14 09:41:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\wahjb589.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/14 16:47:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/14 23:49:15 | 000,253,952 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\CheckTudouVa.dll

O1 HOSTS File: ([2004/08/10 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (WebDetectorBHO Class) - {43BEAFD9-E005-483D-A367-146BA6C8A32E} - C:\Program Files\Tudou\·ÉËÙTudou\tudouDetector.dll (土豆网)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll File not found
O2 - BHO: (Microsoft Web Test Recorder 9.0 Helper) - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [jswtrayutil] C:\Program Files\NETGEAR\WNDA3100\jswtrayutil.exe File not found
O4 - HKLM..\Run: [kokisaziz] C:\WINDOWS\System32\towuvela.DLL ()
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [Fraps] C:\Fraps\fraps.exe (Beepa P/L)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Startup\Æô¶¯·ÉËÙÍÁ¶¹.lnk = C:\Program Files\Tudou\·ÉËÙTudou\TudouVa.exe (土豆网)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.9.113.cab (CDownloadCtrl Object)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6796.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1249951746481 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\fofufenu.dll) - C:\WINDOWS\System32\fofufenu.dll File not found
O20 - AppInit_DLLs: (duzirasa.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\towuvela.dll) - C:\WINDOWS\system32\towuvela.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21 - SSODL: dojunimut - {a511df05-ad4b-46c8-b5bd-10cace3917c8} - C:\WINDOWS\system32\towuvela.dll ()
O22 - SharedTaskScheduler: {a511df05-ad4b-46c8-b5bd-10cace3917c8} - jugezatag - C:\WINDOWS\system32\towuvela.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 23:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\Autoexec.bat -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/11/14 21:13:14 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: LDM - hkey= - key= - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (206158430208)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/15 19:27:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/14 09:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Malwarebytes
[2010/03/14 09:54:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/14 09:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/14 09:54:54 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/14 09:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/14 09:51:58 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
[2010/03/14 09:51:49 | 005,115,840 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\maplestory-setup.exe
[2010/03/08 21:12:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/03/03 16:46:10 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2010/02/17 21:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/02/17 20:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\New Folder
[2010/02/17 20:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Sonic
[2010/02/17 20:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Leadertech
[2010/01/19 00:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/01/01 12:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire
[2009/08/10 23:13:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/09/20 21:00:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/09/20 21:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/09/20 21:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/02/19 12:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 000,100,864 | -HS- | M] () -- C:\WINDOWS\System32\towuvela.dll
[2099/01/01 12:00:00 | 000,100,864 | -HS- | M] () -- C:\WINDOWS\System32\rizibuki.dll
[2099/01/01 12:00:00 | 000,071,168 | -HS- | M] () -- C:\WINDOWS\System32\diyobela.dll
[2099/01/01 12:00:00 | 000,048,128 | -HS- | M] () -- C:\WINDOWS\System32\tonokule.dll
[2099/01/01 12:00:00 | 000,047,104 | -HS- | M] () -- C:\WINDOWS\System32\fehamito.dll
[2010/03/15 19:33:53 | 000,000,245 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/03/15 19:32:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Startup\Æô¶¯·ÉËÙÍÁ¶¹.lnk
[2010/03/15 19:32:40 | 000,250,654 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/15 19:32:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/15 19:32:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/15 19:32:03 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/15 19:31:18 | 000,001,744 | -H-- | M] () -- C:\WINDOWS\System32\lapolopo
[2010/03/15 19:31:09 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\ntuser.dat
[2010/03/15 19:31:09 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\ntuser.ini
[2010/03/15 19:28:34 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\cllnyqiz.job
[2010/03/15 19:15:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/14 22:54:04 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\jagex_runescape_preferences2.dat
[2010/03/14 22:53:56 | 000,000,041 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\jagex_runescape_preferences.dat
[2010/03/14 16:34:11 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/14 09:59:40 | 000,167,734 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\untitled2.bmp
[2010/03/14 09:54:31 | 005,115,840 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\maplestory-setup.exe
[2010/03/14 09:52:42 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\gmer.zip
[2010/03/14 09:52:39 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
[2010/03/14 09:27:39 | 000,137,514 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\untitled.bmp
[2010/03/14 08:34:22 | 000,488,088 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 08:34:22 | 000,089,046 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 08:34:21 | 000,587,650 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/13 15:53:26 | 000,000,226 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\RS barb assult.mac
[2010/03/07 07:56:35 | 000,000,661 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/07 07:56:35 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/03/07 07:56:35 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/06 18:18:43 | 000,031,804 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\Stela Deus 1.rtf
[2010/03/04 23:47:25 | 008,528,649 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Industry2 (2).pdf
[2010/03/04 23:44:04 | 003,188,833 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Industry2 (1).pdf
[2010/03/04 23:42:13 | 006,019,807 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Industry1 (1).pdf
[2010/03/04 20:33:48 | 008,528,649 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Industry2.pdf
[2010/03/04 20:32:53 | 006,019,807 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Industry1.pdf
[2010/03/04 20:05:43 | 009,805,810 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Development2.pdf
[2010/03/04 20:05:06 | 006,565,149 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Development1.pdf
[2010/02/27 13:07:09 | 000,001,624 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\Left 4 Dead 2.lnk
[2010/02/27 10:08:41 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/02/24 00:28:06 | 002,113,954 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\IconCache.db
[2010/02/23 01:01:10 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/17 23:34:38 | 007,963,257 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Agri2.pdf
[2010/02/17 23:34:13 | 006,954,364 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\agri1.pdf
[2010/02/17 20:21:19 | 585,689,088 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\OFFICE07_ENTERPRISE.iso
[2010/02/17 17:06:34 | 002,284,504 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\backup.reg
[2010/02/16 23:38:09 | 000,002,416 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\wklnhst.dat

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,100,864 | -HS- | C] () -- C:\WINDOWS\System32\towuvela.dll
[2099/01/01 12:00:00 | 000,100,864 | -HS- | C] () -- C:\WINDOWS\System32\rizibuki.dll
[2099/01/01 12:00:00 | 000,071,168 | -HS- | C] () -- C:\WINDOWS\System32\diyobela.dll
[2099/01/01 12:00:00 | 000,048,128 | -HS- | C] () -- C:\WINDOWS\System32\tonokule.dll
[2099/01/01 12:00:00 | 000,047,104 | -HS- | C] () -- C:\WINDOWS\System32\fehamito.dll
[2010/03/15 19:28:34 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\cllnyqiz.job
[2010/03/15 19:28:25 | 000,001,744 | -H-- | C] () -- C:\WINDOWS\System32\lapolopo
[2010/03/14 09:59:40 | 000,167,734 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\untitled2.bmp
[2010/03/14 09:55:24 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\gmer.exe
[2010/03/14 09:55:01 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/14 09:51:54 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\gmer.zip
[2010/03/14 09:11:12 | 000,137,514 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\untitled.bmp
[2010/03/07 20:39:50 | 000,000,226 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\RS barb assult.mac
[2010/03/04 23:44:10 | 008,528,649 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Industry2 (2).pdf
[2010/03/04 23:42:24 | 003,188,833 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Industry2 (1).pdf
[2010/03/04 23:42:12 | 006,019,807 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Industry1 (1).pdf
[2010/03/04 20:29:26 | 008,528,649 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Industry2.pdf
[2010/03/04 20:29:24 | 006,019,807 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Industry1.pdf
[2010/03/04 20:00:43 | 009,805,810 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Development2.pdf
[2010/03/04 20:00:41 | 006,565,149 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Development1.pdf
[2010/03/01 00:21:30 | 000,031,804 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\Stela Deus 1.rtf
[2010/02/27 13:07:09 | 000,001,624 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\Left 4 Dead 2.lnk
[2010/02/17 23:31:24 | 007,963,257 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\Agri2.pdf
[2010/02/17 23:31:19 | 006,954,364 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\My Documents\agri1.pdf
[2010/02/17 17:15:35 | 585,689,088 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\OFFICE07_ENTERPRISE.iso
[2010/02/17 17:06:34 | 002,284,504 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\backup.reg
[2010/01/21 20:33:06 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/12/30 00:40:28 | 000,147,144 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/12/28 11:45:15 | 000,006,812 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/08/29 13:08:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2009/08/26 15:39:07 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/25 09:27:45 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/15 19:37:40 | 000,002,416 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\wklnhst.dat
[2009/08/10 19:52:27 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/08/10 19:37:26 | 000,000,159 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\fusioncache.dat
[2009/08/08 17:59:55 | 000,000,172 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/29 21:54:03 | 000,004,878 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yfffltzj.xqq
[2008/06/27 16:18:04 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2006/09/20 22:13:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/20 21:53:38 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/09/20 21:48:47 | 000,012,989 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/09/20 21:48:41 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/09/20 21:45:51 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/20 21:36:21 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/09/20 21:35:05 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/20 21:30:44 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/09/20 21:29:39 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/09/20 21:26:40 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/09/20 21:26:40 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/09/20 21:26:40 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/09/20 21:26:39 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/09/20 21:26:39 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/09/20 21:26:39 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/09/20 21:25:26 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/09/20 21:03:49 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 13:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 23:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 01:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 09:51:38 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/04/18 16:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 16:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/07/31 22:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/08/29 13:07:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2006/09/20 21:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2009/07/28 21:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2009/08/08 17:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2010/03/15 19:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/09/20 21:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/08/11 16:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\acccore
[2010/02/17 22:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\BitTorrent
[2009/12/22 18:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\com.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1
[2009/12/23 21:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\DragonicaTWCB
[2010/01/17 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\GetRightToGo
[2010/02/17 20:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Leadertech
[2010/02/19 21:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\LimeWire
[2009/08/12 20:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\MSNInstaller
[2009/08/24 23:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Nexon
[2009/09/10 17:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\OpenOffice.org
[2009/08/10 20:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Opera
[2010/02/26 23:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Raptr
[2009/08/15 19:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Template
[2010/03/15 19:28:34 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\cllnyqiz.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2009/07/31 22:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/12/22 18:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/07/31 22:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2009/07/31 22:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2009/07/28 22:00:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2009/08/29 13:07:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2006/09/20 21:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2006/09/20 21:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2009/07/29 00:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2006/09/20 22:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2006/09/20 21:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2006/09/20 21:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2010/03/14 09:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/17 20:17:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/02/17 22:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/07/28 21:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2009/08/14 08:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/08/24 11:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2009/08/08 17:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2010/03/08 21:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real
[2006/09/20 21:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2006/09/20 21:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/01/28 14:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2009/08/10 19:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/03/15 19:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/09/20 21:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/07/28 22:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/08/10 18:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2001/09/25 13:05:58 | 001,707,856 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard\HP Boot Optimizer\InstMsiA.Exe
[2001/09/11 16:04:42 | 001,821,008 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard\HP Boot Optimizer\InstMsiW.Exe
[2003/03/18 23:03:28 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard\HP Boot Optimizer\Setup.Exe
[2006/05/23 19:55:20 | 000,090,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WildTangent\oem-eula.exe

< %APPDATA%\*. >
[2009/08/11 16:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\acccore
[2010/02/06 12:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Adobe
[2009/08/15 18:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\AdobeUM
[2010/02/17 22:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\BitTorrent
[2009/12/22 18:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\com.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1
[2009/12/23 21:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\DragonicaTWCB
[2010/01/17 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\GetRightToGo
[2009/09/25 01:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\HPQ
[2005/11/14 20:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Identities
[2009/08/24 11:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\IGN_DLM
[2006/09/20 21:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Intuit
[2010/02/17 20:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Leadertech
[2010/02/19 21:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\LimeWire
[2009/07/31 20:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Macromedia
[2010/03/14 09:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Malwarebytes
[2010/02/19 21:16:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Microsoft
[2009/08/14 09:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla
[2009/08/12 20:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\MSNInstaller
[2009/08/24 23:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Nexon
[2009/09/10 17:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\OpenOffice.org
[2009/08/10 20:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Opera
[2010/02/26 23:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Raptr
[2009/09/16 17:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Real
[2010/02/17 20:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Sonic
[2009/08/15 20:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Sun
[2006/09/20 22:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Symantec
[2009/08/15 19:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Template
[2010/01/31 16:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\U3
[2009/08/29 19:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Ventrilo
[2010/03/11 22:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\vlc
[2010/02/25 20:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Xfire

< %APPDATA%\*.exe /s >
[2009/08/22 18:13:54 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
[2009/08/22 18:13:55 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\LimeWire\browser\xulrunner\updater.exe
[2009/08/22 18:13:55 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
[2009/08/22 18:13:55 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
[2009/08/22 18:13:55 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\LimeWire\browser\xulrunner\xpidl.exe
[2009/08/22 18:13:55 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
[2009/08/22 18:13:55 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
[2009/08/22 18:13:56 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
[2009/08/22 18:13:56 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
[2010/02/24 16:56:43 | 016,553,720 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Raptr\raptr-0.4.106-r35808-release.exe
[2010/03/08 21:12:30 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Real\Update\setup3.10\setup.exe
[2009/02/17 17:17:38 | 000,110,592 | ---- | M] (U3 LLC) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\U3\0876401913413B66\cleanup.exe
[2009/01/11 15:05:30 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\U3\0876401913413B66\Launchpad Removal.exe
[2009/02/17 17:24:42 | 004,837,376 | ---- | M] (U3 LLC) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\U3\0876401913413B66\Launchpad.exe
[2009/02/17 17:14:04 | 000,311,296 | ---- | M] (SanDisk) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\U3\0876401913413B66\QualityImprovement.exe
[2009/02/17 17:28:48 | 000,054,584 | ---- | M] (U3 LLC) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\U3\0876401913413B66\U3AccessGrant.exe
[2009/02/17 17:17:38 | 000,110,592 | ---- | M] (U3 LLC) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\U3\temp\cleanup.exe
[2009/01/11 15:05:30 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\U3\temp\Launchpad Removal.exe

< %systemroot%\*. /mp /s >

< MD5 for: AGP440.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/08/02 09:45:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/09 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/08/02 09:45:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/08/02 09:45:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/09 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/08/02 09:45:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 07:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 07:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/09 23:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/09 23:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/06/17 08:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2004/08/09 23:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/09 23:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/09 23:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/09 23:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

< %systemroot%\system32\*.dll /lockedfiles >
[2005/07/26 06:39:44 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/30 15:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/30 15:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/30 15:51:10 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >

OTL.exe extra scan
OTL Extras logfile created on: 3/15/2010 7:48:55 PM - Run 2
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 497.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.30 Gb Total Space | 112.99 Gb Free Space | 50.37% Space Free | Partition Type: NTFS
Drive D: | 8.56 Gb Total Space | 0.94 Gb Free Space | 10.94% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 982.72 Mb Total Space | 417.83 Mb Free Space | 42.52% Space Free | Partition Type: FAT

Computer Name: YOUR-4DACD0EA75
Current User Name: Compaq_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"C:\Program Files\Tudou\·ÉËÙTudou\TudouVa.exe" = C:\Program Files\Tudou\·ÉËÙTudou\TudouVa.exe:*:Enabled:????1.20 -- (土豆网)
"C:\Program Files\Softnyx\RakionIS\Bin\rakion.bin" = C:\Program Files\Softnyx\RakionIS\Bin\rakion.bin:*:Enabled:rakion -- ()
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- File not found
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- File not found
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- File not found
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Steam\steamapps\harlan321\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\harlan321\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Steam\steamapps\harlan321\condition zero\hl.exe" = C:\Program Files\Steam\steamapps\harlan321\condition zero\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
".sol Editor" = .sol Editor 1.1.0.1
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1700" = Canon iP1700
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{14E94112-5F6B-4049-B177-4C7E69D3C3A0}_is1" = Dragonica Online - Open Beta Test
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java™ 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{80C06CCD-7D07-3DB6-86CD-B57B3F0614D8}" = Microsoft Visual Studio Team System 2008 Team Suite - ENU
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C0100D9E-2372-45E2-BDA5-BD18F9B03298}" = WNDA3100
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EB3F5C2A-0754-38B8-8722-7B537006BF46}" = Microsoft Visual Studio 2008 Performance Collection Tools - ENU
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"·ÉËÙÍÁ¶¹" = ·ÉËÙÍÁ¶¹ 1.20
"AC Tool" = AC Tool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast!" = avast! Antivirus
"AwayMode160" = Microsoft Away Mode
"Canon iP1700 User Registration" = Canon iP1700 User Registration
"CanonMyPrinter" = Canon My Printer
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps (remove only)
"GoldWave v5.20" = GoldWave v5.20
"GunboundWC_is1" = GunboundWC
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HPOOVClient-5577497 Uninstaller" = Compaq Connections (remove only)
"Icon Restore_is1" = Icon Restore 1.0
"IE8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{C0100D9E-2372-45E2-BDA5-BD18F9B03298}" = NETGEAR RangeMax Duo Wireless-N USB Adapter WNDA3100
"LimeWire" = LimeWire 5.3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio Team System 2008 Team Suite - ENU" = Microsoft Visual Studio Team System 2008 Team Suite - ENU
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OfficeTrial" = Microsoft Office Standard Edition 2003 60 days trial
"Plants vs. Zombies" = Plants vs. Zombies
"PROR" = Microsoft Office Professional 2007
"QcDrv" = Logitech® Camera Driver
"Rakion International_is1" = Rakion International
"Raptr" = Raptr
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"Steam App 550" = Left 4 Dead 2
"Steam App 80" = Condition Zero
"SystemRequirementsLab" = System Requirements Lab
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.2
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"WildTangent compaq Master Uninstall" = My HP Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 8/10/2009 9:23:47 PM | Computer Name = YOUR-4DACD0EA75 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\2e9211650cffe001872ce589a08795a8\BIT84.tmp
failed, 00000026.

Error - 11/5/2009 11:22:55 PM | Computer Name = YOUR-4DACD0EA75 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://ui.mevio.com/...ined.js?r=34879 failed, 0000A413.

Error - 11/11/2009 4:01:03 PM | Computer Name = YOUR-4DACD0EA75 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP72\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-4266174557-1370792569-4170656527-1007
failed, 000005AA.

Error - 11/21/2009 2:22:35 PM | Computer Name = YOUR-4DACD0EA75 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://dragonica.db....LvData.php?b=32 failed, 0000A413.

Error - 11/21/2009 2:27:14 PM | Computer Name = YOUR-4DACD0EA75 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://dragonica.db....LvData.php?b=32 failed, 0000A413.

Error - 11/24/2009 9:49:18 PM | Computer Name = YOUR-4DACD0EA75 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\1ef0be90f070e450b9c79a63a59a4810\BIT1B4.tmp
failed, 00000026.

Error - 1/4/2010 12:19:20 AM | Computer Name = YOUR-4DACD0EA75 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
J:\LaunchU3.exe failed, 0000001E.

Error - 3/14/2010 12:48:08 PM | Computer Name = YOUR-4DACD0EA75 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\MEMORY.DMP failed, 00000005.

Error - 3/14/2010 12:48:08 PM | Computer Name = YOUR-4DACD0EA75 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\MEMORY.DMP failed, 00000005.

[ Application Events ]
Error - 1/28/2010 3:45:02 PM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 11722
Description = Product: Java™ 6 Update 18 -- Error 1722.There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action patchjre,
location: C:\Program Files\Java\jre6\patchjre.exe, command: -s "C:\Program Files\Java\jre6"

Error - 1/30/2010 2:22:18 AM | Computer Name = YOUR-4DACD0EA75 | Source = Application Error | ID = 1000
Description = Faulting application wordpad.exe, version 5.1.2600.5584, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 1/31/2010 8:28:38 PM | Computer Name = YOUR-4DACD0EA75 | Source = Application Hang | ID = 1002
Description = Hanging application GoldWave.exe, version 5.20.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/5/2010 9:21:09 PM | Computer Name = YOUR-4DACD0EA75 | Source = MSSQL$SQLEXPRESS | ID = 17207
Description = FCB::Open: Operating system error 32(The process cannot access the
file because it is being used by another process.) occurred while creating or opening
file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\tempdb.mdf'. Diagnose
and correct the operating system error, and retry the operation.

Error - 2/5/2010 9:21:09 PM | Computer Name = YOUR-4DACD0EA75 | Source = MSSQL$SQLEXPRESS | ID = 17204
Description = FCB::Open failed: Could not open file c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\tempdb.mdf for file number 1. OS error: 32(The process
cannot access the file because it is being used by another process.).

Error - 2/7/2010 4:38:21 PM | Computer Name = YOUR-4DACD0EA75 | Source = Application Hang | ID = 1002
Description = Hanging application hl.exe, version 1.1.1.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/22/2010 12:49:47 AM | Computer Name = YOUR-4DACD0EA75 | Source = Application Hang | ID = 1002
Description = Hanging application hl.exe, version 1.1.1.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2/12/2010 9:15:52 PM | Computer Name = YOUR-4DACD0EA75 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2/12/2010 9:26:35 PM | Computer Name = YOUR-4DACD0EA75 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2/12/2010 9:26:35 PM | Computer Name = YOUR-4DACD0EA75 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2/12/2010 9:34:34 PM | Computer Name = YOUR-4DACD0EA75 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2/12/2010 9:34:34 PM | Computer Name = YOUR-4DACD0EA75 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2/13/2010 10:57:51 AM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 2/14/2010 10:22:31 AM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 2/15/2010 11:22:07 AM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 2/16/2010 6:54:00 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 2/17/2010 5:39:38 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

< End of report >

i have not removed either P2P programs yet but i might seeing how i barely use them.
also, sometimes when i click on a link (from google's search engine) it redirects me to a web page that dosent exist.

im getting popups from pages i never get popups from (youtube)
i also experience slow web page loading times.

thanks in advance for all your troubles

Edited by poke963, 15 March 2010 - 09:19 PM.

#10
heir

Posted 16 March 2010 - 01:54 AM

Trusted Helper

Malware Removal
5,427 posts

i have not removed either P2P programs yet but i might seeing how i barely use them.

Too bad. Hope we are not having an endless battle here then.

Let's bring on another tool.

Step 1.
OTL-fix:

Run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
MOD - [2099/01/01 12:00:00 | 000,100,864 | -HS- | M] () -- C:\WINDOWS\system32\towuvela.dll
O4 - HKLM..\Run: [kokisaziz] C:\WINDOWS\System32\towuvela.DLL ()
O20 - AppInit_DLLs: (c:\windows\system32\fofufenu.dll) - C:\WINDOWS\System32\fofufenu.dll File not found
O20 - AppInit_DLLs: (duzirasa.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\towuvela.dll) - C:\WINDOWS\system32\towuvela.dll ()
O21 - SSODL: dojunimut - {a511df05-ad4b-46c8-b5bd-10cace3917c8} - C:\WINDOWS\system32\towuvela.dll ()
O22 - SharedTaskScheduler: {a511df05-ad4b-46c8-b5bd-10cace3917c8} - jugezatag - C:\WINDOWS\system32\towuvela.dll ()
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
[2099/01/01 12:00:00 | 000,100,864 | -HS- | C] () -- C:\WINDOWS\System32\towuvela.dll
[2099/01/01 12:00:00 | 000,100,864 | -HS- | C] () -- C:\WINDOWS\System32\rizibuki.dll
[2099/01/01 12:00:00 | 000,071,168 | -HS- | C] () -- C:\WINDOWS\System32\diyobela.dll
[2099/01/01 12:00:00 | 000,048,128 | -HS- | C] () -- C:\WINDOWS\System32\tonokule.dll
[2099/01/01 12:00:00 | 000,047,104 | -HS- | C] () -- C:\WINDOWS\System32\fehamito.dll
[2010/03/15 19:28:34 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\cllnyqiz.job
[2010/03/15 19:28:25 | 000,001,744 | -H-- | C] () -- C:\WINDOWS\System32\lapolopo
:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the OTL fixlog

Step 2.
ComboFix:

Download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. Here is a howto for some of the applications.
They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Step 3.
Things I would like to see in your reply:

The content of the fixlog from OTL in step 1.
The content of C:\ComboFix.txt from step 2.

#11
poke963

Posted 16 March 2010 - 12:06 PM

Member

Topic Starter
Member
10 posts

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kokisaziz deleted successfully.
C:\WINDOWS\system32\towuvela.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\fofufenu.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:duzirasa.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\towuvela.dll deleted successfully.
File C:\WINDOWS\system32\towuvela.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\dojunimut deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a511df05-ad4b-46c8-b5bd-10cace3917c8}\ deleted successfully.
File C:\WINDOWS\system32\towuvela.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{a511df05-ad4b-46c8-b5bd-10cace3917c8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a511df05-ad4b-46c8-b5bd-10cace3917c8}\ not found.
File C:\WINDOWS\system32\towuvela.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ not found.
File L:\LaunchU3.exe not found.
File C:\WINDOWS\System32\towuvela.dll not found.
C:\WINDOWS\system32\rizibuki.dll moved successfully.
C:\WINDOWS\system32\diyobela.dll moved successfully.
C:\WINDOWS\system32\tonokule.dll moved successfully.
C:\WINDOWS\system32\fehamito.dll moved successfully.
C:\WINDOWS\tasks\cllnyqiz.job moved successfully.
C:\WINDOWS\system32\lapolopo moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Compaq_Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Compaq_Administrator.YOUR-4DACD0EA75
->Temp folder emptied: 710610 bytes
->Temporary Internet Files folder emptied: 16020317 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1308 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24571 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 76135 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 16.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Compaq_Administrator
->Flash cache emptied: 0 bytes

User: Compaq_Administrator.YOUR-4DACD0EA75
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.1.37.1 log created on 03162010_124622

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_374.dat not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6f4.dat not found!

Registry entries deleted on Reboot...

ComboFix 10-03-15.06 - Compaq_Administrator 03/16/2010 13:07:41.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.533 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100314-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1.YOU\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\IadHide5.dll
c:\program files\Cheat Engine\dbk32.sys
c:\program files\Internet Explorer\SET2DB.tmp
c:\program files\Internet Explorer\SET2DC.tmp
c:\recycler\S-1-5-21-1455271050-919249074-3905352862-1007
c:\windows\system32\17025114.dll
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://77.74.48.111
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ILVMONEYDRIVER53
-------\Service_IlvMoneyDRIVER53

((((((((((((((((((((((((( Files Created from 2010-02-16 to 2010-03-16 )))))))))))))))))))))))))))))))
.

2010-03-16 00:27 . 2010-03-16 00:27 -------- d-----w- C:\_OTL
2010-03-14 17:00 . 2010-03-14 17:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-03-14 14:55 . 2010-03-14 14:55 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Malwarebytes
2010-03-14 14:54 . 2010-03-14 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-03 21:46 . 2010-03-03 21:46 -------- d-----w- C:\.jagex_cache_32
2010-02-18 03:28 . 2006-10-27 01:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-02-18 03:28 . 2006-10-27 01:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-02-18 02:00 . 2010-02-18 02:00 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-18 01:22 . 2010-02-18 01:22 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Sonic
2010-02-18 01:21 . 2010-02-18 01:21 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Leadertech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-16 18:17 . 2009-08-03 17:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-16 18:14 . 2009-07-29 05:21 -------- d-----w- c:\program files\Cheat Engine
2010-03-16 04:03 . 2010-02-04 02:40 41 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\jagex_runescape_preferences.dat
2010-03-16 03:58 . 2010-02-04 02:41 69 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\jagex_runescape_preferences2.dat
2010-03-16 01:31 . 2009-07-30 02:00 -------- d-----w- c:\program files\LimeWire
2010-03-12 03:50 . 2009-10-18 05:12 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\vlc
2010-03-09 02:12 . 2010-03-09 02:12 439816 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Real\Update\setup3.10\setup.exe
2010-02-28 18:53 . 2009-12-06 22:03 79488 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-28 02:30 . 2009-07-29 05:23 -------- d-----w- c:\program files\AC Tool
2010-02-27 18:37 . 2009-12-29 19:10 -------- d-----w- c:\program files\Steam
2010-02-27 04:52 . 2010-02-27 04:52 1251 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Raptr\config\certificates\x509\tls_peers\xmpp.raptr.com
2010-02-27 04:50 . 2009-12-22 23:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Raptr
2010-02-26 01:22 . 2010-01-01 17:00 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Xfire
2010-02-24 21:57 . 2009-12-22 23:40 -------- d-----w- c:\program files\Raptr
2010-02-24 21:56 . 2010-02-06 02:33 16553720 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Raptr\raptr-0.4.106-r35808-release.exe
2010-02-20 02:45 . 2009-08-22 23:12 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\LimeWire
2010-02-18 03:29 . 2009-08-08 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-17 04:38 . 2009-08-16 00:37 2416 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\wklnhst.dat
2010-02-12 05:23 . 2010-02-12 05:23 679 ----a-w- c:\windows\unins001.dat
2010-02-12 05:23 . 2002-02-10 07:00 72748 ----a-w- c:\windows\unins001.exe
2010-02-01 00:29 . 2010-02-01 00:29 36104 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2010-02-01 00:29 . 2010-02-01 00:29 131072 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-02-01 00:28 . 2010-02-01 00:28 -------- d-----w- c:\program files\Illustrate
2010-02-01 00:28 . 2010-02-01 00:28 -------- d-----w- c:\program files\GoldWave
2010-01-31 23:31 . 2006-09-21 02:40 110776 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-31 22:49 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-31 22:07 . 2010-01-01 16:59 -------- d-----w- c:\program files\Xfire
2010-01-31 21:46 . 2009-08-11 00:49 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\U3
2010-01-28 20:23 . 2009-07-30 02:52 -------- d-----w- c:\program files\OpenOffice.org 3
2010-01-28 20:22 . 2009-07-30 02:53 -------- d-----w- c:\program files\JRE
2010-01-28 19:45 . 2006-09-21 02:11 -------- d-----w- c:\program files\Common Files\Java
2010-01-28 19:45 . 2006-09-21 02:11 -------- d-----w- c:\program files\Java
2010-01-22 01:33 . 2010-01-22 01:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-01-20 22:38 . 2009-08-08 22:49 2041216 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2010-01-19 04:58 . 2009-08-08 22:49 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2010-01-19 04:57 . 2009-08-08 22:37 -------- d-----w- c:\program files\Common Files\Merge Modules
2010-01-19 04:54 . 2009-08-11 00:37 111160 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-18 05:22 . 2006-09-21 02:44 -------- d-----w- c:\program files\Microsoft Works
2010-01-18 04:52 . 2010-01-17 22:35 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\GetRightToGo
2010-01-18 03:25 . 2009-09-10 22:27 1 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-04 04:05 . 2009-11-25 02:51 96 ---ha-w- c:\windows\system32\HsInfo.dat
2009-12-30 05:40 . 2009-12-30 05:40 147144 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-28 17:29 . 2009-11-03 22:46 152576 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-28 04:03 . 2009-12-28 04:03 81920 ------r- c:\windows\bwUnin-6.1.4.68-8876480L.exe
2009-10-15 04:49 . 2010-03-16 00:18 253952 ----a-w- c:\program files\mozilla firefox\components\CheckTudouVa.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2008-07-12 00:37 . 2009-07-29 02:37 32 --sha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43BEAFD9-E005-483D-A367-146BA6C8A32E}]
2009-05-15 08:48 87448 ----a-w- c:\program files\Tudou\·ÉËÙTudou\tudouDetector.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2009-12-28 20480]
"Fraps"="c:\fraps\FRAPS.EXE" [2008-01-14 3182248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-09 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-09 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-09 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-09 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-09 455168]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-21 180269]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Startup\
’“_úEUIA1.lnk - c:\program files\Tudou\úEUTudou\TudouVa.exe [2009-5-18 1331200]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-12-27 450560]
NETGEAR WNDA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100\WNDA3100.exe [2008-12-10 1482815]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 06:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2009-12-28 04:03 20480 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 23:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Tudou\\·ÉËÙTudou\\TudouVa.exe"=
"c:\\Program Files\\Softnyx\\RakionIS\\Bin\\rakion.bin"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Steam\\steamapps\\harlan321\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\harlan321\\condition zero\\hl.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/10/2009 7:10 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/10/2009 7:10 PM 20560]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 12:10 PM 17149]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 4:45 PM 57440]
R3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31.sys [9/30/2008 3:24 AM 453120]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WNDA3100\jswpsapi.exe [2/27/2008 12:54 PM 360547]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [9/4/2007 5:53 PM 55664]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = local;localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\wahjb589.default\
FF - prefs.js: browser.startup.homepage - blank
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-PCDrProfiler - c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe
HKLM-Run-jswtrayutil - c:\program files\NETGEAR\WNDA3100\jswtrayutil.exe
HKLM-Run-kokisaziz - c:\windows\system32\towuvela.dll
SharedTaskScheduler-{a511df05-ad4b-46c8-b5bd-10cace3917c8} - c:\windows\system32\towuvela.dll
SSODL-dojunimut-{a511df05-ad4b-46c8-b5bd-10cace3917c8} - c:\windows\system32\towuvela.dll
Notify-dimsntfy - (no file)
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_HelperSvc.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-16 13:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3228)
c:\docume~1\COMPAQ~1.YOU\LOCALS~1\Temp\IadHide5.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\acs.exe
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ARPWRMSG.EXE
c:\windows\RTHDCPL.EXE
c:\windows\eHome\ehmsas.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\Tudou\·ÉËÙTudou\TudouVa.exe
.
**************************************************************************
.
Completion time: 2010-03-16 13:25:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-16 18:25

Pre-Run: 121,730,752,512 bytes free
Post-Run: 121,550,143,488 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=,1,2,3,4,5
- - End Of File - - 038C9ACB767D427E2BCEC6CD65E6CE9A

i never got either windows from the pictures you supplied.
the only thing i got was a window saying that combowfix is not associated with combofix.com or something like that
after that was another window
then a blue cmd menu saying completed stages 1,2,3, etc.

Edited by poke963, 16 March 2010 - 12:31 PM.

#12
heir

Posted 16 March 2010 - 01:20 PM

Trusted Helper

Malware Removal
5,427 posts

How is your computer running now?

#13
poke963

Posted 16 March 2010 - 02:56 PM

Member

Topic Starter
Member
10 posts

err theres not as much popups . or i cant even see any yet. ive been on the same page playing a game.
ima test around surfing diff pages

#14
heir

Posted 16 March 2010 - 03:41 PM

Trusted Helper

Malware Removal
5,427 posts

Let's do a couple of scans.

Step 1.
OTL-fix:

Run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Tudou\·ÉËÙTudou\TudouVa.exe"=-
:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the OTL fixlog

Step 2.
Scan with MBAM:

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 3.
Scan with Kaspersky Online Scanner:

Please do an online scan with Kaspersky Online Scanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure the following is checked.
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

Upgrading Java:

Posted Image

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

Download the latest version of JDK 6 Update 18 (JDK or JRE).
Click the "Download JRE" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation (jre-6u18-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u18-windows-i586.exe and select "Run as an Administrator.")

Step 4.
Things I would like to see in your reply:

The content of the fixlog from OTL from Step 1.
The content of the report from MBAM from Step 2.
The content of the report from Kaspersky Online Scanner from Step 3.
Information on how your computer is running

#15
poke963

Posted 16 March 2010 - 04:45 PM

Member

Topic Starter
Member
10 posts

Malwarebytes' Anti-Malware 1.44
Database version: 3874
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

3/16/2010 5:34:43 PM
mbam-log-2010-03-16 (17-34-43).txt

Scan type: Quick Scan
Objects scanned: 148684
Time elapsed: 8 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

WOOT! no malware
now time for the other stuff

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Tudou\·ÉËÙTudou\TudouVa.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Compaq_Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Compaq_Administrator.YOUR-4DACD0EA75
->Temp folder emptied: 81910 bytes
->Temporary Internet Files folder emptied: 4929052 bytes
->Java cache emptied: 12118713 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 2175 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 16372000 bytes

Total Files Cleaned = 32.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Compaq_Administrator
->Flash cache emptied: 0 bytes

User: Compaq_Administrator.YOUR-4DACD0EA75
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.1.37.1 log created on 03162010_202058

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_2cc.dat not found!
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_700.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

kaspersky comming up

Edited by poke963, 16 March 2010 - 07:47 PM.