What am I supposed to do now?
http://i66.photobuck...nklen/Avira.gif
This is a print screen shot of what it said.
Thanks guys!
Avira AntiVir - Hidden objects were found. [Solved]
Started by
Feilena
, Apr 14 2010 03:48 PM
-
This topic is locked
#1
Posted 14 April 2010 - 03:48 PM
Feilena
-
- Member
-
- 150 posts
Member
What am I supposed to do now?
http://i66.photobuck...nklen/Avira.gif
This is a print screen shot of what it said.
Thanks guys!
#2
Posted 14 April 2010 - 03:50 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Hi lets see what it is
GMER Rootkit Scanner - Download - Homepage
[*] Download GMER
[*] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe.
[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
Please copy and paste the report into your Post.
THEN
Download OTL to your Desktop
GMER Rootkit Scanner - Download - Homepage[*] Download GMER
[*] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe.
[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Click the image to enlarge it
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
- Save the log where you can easily find it, such as your desktop.
Please copy and paste the report into your Post.
THEN
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
#3
Posted 14 April 2010 - 06:24 PM
Feilena
- Topic Starter
-
- Member
-
- 150 posts
Member
Thank you so much Essexboy. I seem to be visiting here more and more frequently. I may have to just apply to take the free class. It would be so helpful I'm sure. I think I need to mention the fact that my computer seems to think there is something in my floppy drive? It keeps making noises. The logs you requested are below.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-14 19:09:15
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\KYLEBR~1\LOCALS~1\Temp\pxtdqpow.sys
---- System - GMER 1.0.15 ----
SSDT F7D397C6 ZwCreateKey
SSDT F7D397BC ZwCreateThread
SSDT F7D397CB ZwDeleteKey
SSDT F7D397D5 ZwDeleteValueKey
SSDT spyn.sys ZwEnumerateKey [0xF74EDCA2]
SSDT spyn.sys ZwEnumerateValueKey [0xF74EE030]
SSDT F7D397DA ZwLoadKey
SSDT spyn.sys ZwOpenKey [0xF74CF0C0]
SSDT F7D397A8 ZwOpenProcess
SSDT F7D397AD ZwOpenThread
SSDT spyn.sys ZwQueryKey [0xF74EE108]
SSDT spyn.sys ZwQueryValueKey [0xF74EDF88]
SSDT F7D397E4 ZwReplaceKey
SSDT F7D397DF ZwRestoreKey
SSDT F7D397D0 ZwSetValueKey
INT 0x62 ? 8736BBF8
INT 0x63 ? 87119BF8
INT 0x82 ? 8736BBF8
INT 0xA4 ? 87119BF8
INT 0xB4 ? 87119BF8
---- Kernel code sections - GMER 1.0.15 ----
? spyn.sys The system cannot find the file specified. !
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF5FA8380, 0x550AF5, 0xE8000020]
.text USBPORT.SYS!DllUnload F5F888AC 5 Bytes JMP 871191D8
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[2488] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3644] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8736A1F8
Device \FileSystem\Fastfat \FatCdrom 8708E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{264629F0-BFE2-41CF-9CCB-066B61B6252F} 86EBC500
Device \Driver\usbuhci \Device\USBPDO-0 871181F8
Device \Driver\usbuhci \Device\USBPDO-1 871181F8
Device \Driver\usbuhci \Device\USBPDO-2 871181F8
Device \Driver\usbehci \Device\USBPDO-3 870F6500
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
Device \Driver\Ftdisk \Device\HarddiskVolume1 873DC1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 873DC1F8
Device \Driver\Cdrom \Device\CdRom0 870E9500
Device \Driver\Cdrom \Device\CdRom1 870E9500
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F7449B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7449B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7449B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7449B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F7449B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 86EBC500
Device \Driver\NetBT \Device\NetbiosSmb 86EBC500
Device \Driver\usbuhci \Device\USBFDO-0 871181F8
Device \Driver\usbuhci \Device\USBFDO-1 871181F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86CFC500
Device \Driver\usbuhci \Device\USBFDO-2 871181F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86CFC500
Device \Driver\usbehci \Device\USBFDO-3 870F6500
Device \Driver\Ftdisk \Device\FtControl 873DC1F8
Device \FileSystem\Fastfat \Fat 8708E500
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 87007328
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD8 0xD8 0xAA 0x43 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD8 0xD8 0xAA 0x43 ...
---- EOF - GMER 1.0.15 ----
OTL logfile created on: 4/14/2010 7:09:45 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Kyle Bryant\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,023.00 Mb Total Physical Memory | 494.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 38.24 Gb Free Space | 34.23% Space Free | Partition Type: NTFS
Drive D: | 681.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KYLE
Current User Name: Kyle Bryant
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/04/14 19:09:21 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kyle Bryant\Desktop\OTL.exe
PRC - [2010/04/04 15:41:15 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/07 17:57:10 | 000,433,832 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avscan.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/02/04 16:49:19 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/27 04:48:52 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/29 10:08:28 | 001,653,248 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2009/12/23 16:57:18 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/09/13 08:21:55 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/11/18 11:31:38 | 000,253,952 | ---- | M] () -- C:\Program Files\VentSrv\ventrilo_srv.exe
PRC - [2008/11/10 11:23:50 | 001,539,072 | ---- | M] () -- C:\Program Files\Ventrilo\Ventrilo.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2007/08/18 08:53:35 | 000,050,528 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2007/05/25 12:16:08 | 000,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2007/01/04 16:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/12/15 03:23:27 | 000,075,520 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
PRC - [2006/06/07 12:46:24 | 000,942,080 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
========== Modules (SafeList) ==========
MOD - [2010/04/14 19:09:21 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kyle Bryant\Desktop\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (iPod Service)
SRV - [2010/03/16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/02/04 16:49:19 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/12/23 16:57:18 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/06/07 12:46:24 | 000,942,080 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2002/05/03 12:29:42 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel®
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_Url = http://home.microsof...arch/search.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.61
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..keyword.URL: "http://slirsredirect...0fftrab&query="
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/25 07:05:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/07 05:29:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/07 05:29:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2008/08/26 17:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle Bryant\Application Data\Mozilla\Extensions
[2010/04/13 21:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\extensions
[2009/10/10 16:17:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/06 15:19:47 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/01/19 07:26:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/19 22:46:21 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/04/12 20:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\extensions\[email protected]
[2009/10/10 16:16:10 | 000,004,212 | ---- | M] () -- C:\Documents and Settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\searchplugins\aim-search.xml
[2008/02/17 17:58:40 | 000,000,998 | ---- | M] () -- C:\Documents and Settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\searchplugins\aolsearch.gif
[2008/02/17 17:58:40 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\searchplugins\aolsearch.src
[2008/02/17 17:58:31 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\searchplugins\aolsearch.xml
[2009/01/14 01:12:10 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\searchplugins\daemon-search.xml
[2008/07/12 03:32:33 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\searchplugins\winamp-search.xml
[2010/04/13 21:07:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/18 05:08:45 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
O1 HOSTS File: ([2010/03/01 13:30:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: west.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: westathome.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: westathome.net ([]* in Trusted sites)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} http://imlive.com/ch...urce/ImlCID.cab (imlUCID Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} http://livenj02.cust...l/java/RntX.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://webmail.centr...1004MN382DELIM2
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kyle Bryant\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/10/13 16:23:46 | 000,045,056 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/09/26 19:21:07 | 000,000,158 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2003/01/27 11:48:32 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 14 Days ==========
[2010/04/14 19:09:23 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kyle Bryant\Desktop\OTL.exe
[2010/04/14 15:39:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/04/14 15:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/14 13:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle Bryant\Desktop\NES Emulator
[2010/04/12 12:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData
[2010/04/02 10:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle Bryant\Local Settings\Application Data\WeatherBug
[2010/04/02 10:22:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle Bryant\Application Data\WeatherBug
[2010/04/02 10:21:29 | 000,000,000 | ---D | C] -- C:\Program Files\AWS
OTL Extras logfile created on: 4/14/2010 7:09:45 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Kyle Bryant\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,023.00 Mb Total Physical Memory | 494.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 38.24 Gb Free Space | 34.23% Space Free | Partition Type: NTFS
Drive D: | 681.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KYLE
Current User Name: Kyle Bryant
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire -- (FrostWire Group)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\VentSrv\ventrilo_srv.exe" = C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- ()
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Documents and Settings\Kyle Bryant\Desktop\Feilena\StepMania CVS\Program\StepMania.exe" = C:\Documents and Settings\Kyle Bryant\Desktop\Feilena\StepMania CVS\Program\StepMania.exe:*:Enabled:StepMania -- (http://www.stepmania.com)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Documents and Settings\Kyle Bryant\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Kyle Bryant\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Disabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\Repair.exe" = C:\Program Files\World of Warcraft\Repair.exe:*:Disabled:Blizzard Repair Utility -- (Blizzard Entertainment, Inc.)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Kyle Bryant\Local Settings\Apps\2.0\VWGXBD3Y.K3H\VQVX6AHE.P22\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe" = C:\Documents and Settings\Kyle Bryant\Local Settings\Apps\2.0\VWGXBD3Y.K3H\VQVX6AHE.P22\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2238A301-6A20-4bdb-A655-C84AB629F6B6}" = hph_readme
"{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{2D1FFF32-B3B6-4ac4-9AB0-0E44889CBD80}" = D2300
"{31C2F32D-C5DD-4583-8181-B48591CA231C}" = RapidPlayer v5.0 ActiveX Control
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{34DAFDEC-A4B4-488A-A5CD-C91975A6F083}" = MediaRing Talk
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{49140327-BEBF-43dd-B386-43311A065609}" = hph_ProductContext
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = PlayNC Launcher
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{674D5CE7-BFE9-43B8-B246-51D8F088A1C6}" = Diskeeper Professional Premier Edition
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}" = Microsoft Works Suite Add-in for Microsoft Word
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D404F8F-05A1-4734-9550-6EC2FEE916B8}" = HP Photosmart and Deskjet 7.0 Software
"{9E5AE5C0-423C-4F4F-823B-57781C2B77F5}" = RTC Client API v1.2 Setup
"{9FF3BF5D-2641-40BF-9A6F-C41166BEB0A6}" = D2300_Help
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBEB5679-6E2C-47C6-A9B5-3C6D4CD19B60}" = hph_software_req
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D5F9FF84-6349-4BE6-94AA-F71975412E4A}" = Z Engine
"{D6346347-B8CD-4B52-BF5F-9676CDE79801}" = hph_software
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter" = AC3Filter (remove only)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM 6
"AIMTunes" = AIMTunes
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EA Download Manager" = EA Download Manager
"Fitness Dash1.02" = Fitness Dash
"FrostWire" = FrostWire 4.17.2
"G-Force" = G-Force
"Guild Wars" = Guild Wars
"GW Team Builder_is1" = GW Team Builder 1.2.1
"Hotel Dash 1.00" = Hotel Dash 1.00
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"KEMailKb" = Internet Keyboard Elite
"Loki ActiveX Control" = Loki ActiveX Control
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Ogg Codecs" = Ogg Codecs 0.81.15562
"PhoTagsExpress" = PhoTags Express
"Plants vs. Zombies" = Plants vs. Zombies
"PopCap Browser Plugin" = PopCap Browser Plugin
"PROSet" = Intel® PRO Ethernet Adapter and Software
"RealPlayer 12.0" = RealPlayer
"Shockwave" = Shockwave
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpeedFan" = SpeedFan (remove only)
"TeamViewer 5" = TeamViewer 5
"Test My Hardware_is1" = Test My Hardware 2.4
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2003Setup" = Microsoft Works 2003 Setup Launcher
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Spa Mania" = Spa Mania
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/13/2010 8:34:29 PM | Computer Name = KYLE | Source = Application Error | ID = 1000
Description = Faulting application s3rc.exe, version 0.0.0.0, faulting module s3rc.exe,
version 0.0.0.0, fault address 0x00002e02.
Error - 4/13/2010 9:27:05 PM | Computer Name = KYLE | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\KYLE BRYANT\MY DOCUMENTS\ELECTRONIC
ARTS\THE SIMS 3\CURRENTGAME.SIMS3\TRAVELDB.PACKAGE> in the hash map cannot be updated.
Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)
Error - 4/13/2010 9:27:05 PM | Computer Name = KYLE | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\KYLE BRYANT\MY DOCUMENTS\ELECTRONIC
ARTS\THE SIMS 3\CURRENTGAME.SIMS3\TRAVELDB.PACKAGE> in the hash map cannot be updated.
Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)
Error - 4/13/2010 10:23:05 PM | Computer Name = KYLE | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\KYLE BRYANT\MY DOCUMENTS\ELECTRONIC
ARTS\THE SIMS 3\CURRENTGAME.SIMS3\TRAVELDB.PACKAGE> in the hash map cannot be updated.
Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)
Error - 4/14/2010 4:49:11 AM | Computer Name = KYLE | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 4/14/2010 4:03:50 PM | Computer Name = KYLE | Source = MSDTC | ID = 4437
Description = The account that the MS DTC service is running under is invalid. This
can happen if the service account information has been changed using the Services
snap-in in Microsoft Management Console (MMC). MS DTC service will continue to
start. Please make sure that the MS DTC service account information is updated using
the Component Services Explorer.
Error - 4/14/2010 4:45:26 PM | Computer Name = KYLE | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.HistoryHandler cannot be loaded. Error description:
The system cannot find the file specified. .
Error - 4/14/2010 4:45:26 PM | Computer Name = KYLE | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.RSSHandler cannot be loaded. Error description:
MAPI: Logon failed. .
Error - 4/14/2010 5:25:19 PM | Computer Name = KYLE | Source = MSDTC | ID = 4437
Description = The account that the MS DTC service is running under is invalid. This
can happen if the service account information has been changed using the Services
snap-in in Microsoft Management Console (MMC). MS DTC service will continue to
start. Please make sure that the MS DTC service account information is updated using
the Component Services Explorer.
Error - 4/14/2010 5:25:21 PM | Computer Name = KYLE | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\txprop\dtcinfo.cpp(158),
hr = 8000ffff: TransactionManager->GetWhereaboutsSi
[ System Events ]
Error - 4/14/2010 5:02:37 PM | Computer Name = KYLE | Source = Service Control Manager | ID = 7000
Description = The aswFsBlk service failed to start due to the following error: %%2
Error - 4/14/2010 5:02:37 PM | Computer Name = KYLE | Source = Service Control Manager | ID = 7000
Description = The avast! Standard Shield Support service failed to start due to
the following error: %%2
Error - 4/14/2010 5:02:37 PM | Computer Name = KYLE | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3
Error - 4/14/2010 5:02:55 PM | Computer Name = KYLE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSP aswTdi
Error - 4/14/2010 5:21:48 PM | Computer Name = KYLE | Source = Service Control Manager | ID = 7000
Description = The aswFsBlk service failed to start due to the following error: %%2
Error - 4/14/2010 5:21:50 PM | Computer Name = KYLE | Source = Service Control Manager | ID = 7000
Description = The avast! Standard Shield Support service failed to start due to
the following error: %%2
Error - 4/14/2010 5:21:50 PM | Computer Name = KYLE | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3
Error - 4/14/2010 5:22:00 PM | Computer Name = KYLE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSP aswTdi
Error - 4/14/2010 5:25:22 PM | Computer Name = KYLE | Source = Service Control Manager | ID = 7031
Description = The COM+ System Application service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.
Error - 4/14/2010 5:25:22 PM | Computer Name = KYLE | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the COM+ System Application service,
but this action failed with the following error: %%1056
< End of report >
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-14 19:09:15
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\KYLEBR~1\LOCALS~1\Temp\pxtdqpow.sys
---- System - GMER 1.0.15 ----
SSDT F7D397C6 ZwCreateKey
SSDT F7D397BC ZwCreateThread
SSDT F7D397CB ZwDeleteKey
SSDT F7D397D5 ZwDeleteValueKey
SSDT spyn.sys ZwEnumerateKey [0xF74EDCA2]
SSDT spyn.sys ZwEnumerateValueKey [0xF74EE030]
SSDT F7D397DA ZwLoadKey
SSDT spyn.sys ZwOpenKey [0xF74CF0C0]
SSDT F7D397A8 ZwOpenProcess
SSDT F7D397AD ZwOpenThread
SSDT spyn.sys ZwQueryKey [0xF74EE108]
SSDT spyn.sys ZwQueryValueKey [0xF74EDF88]
SSDT F7D397E4 ZwReplaceKey
SSDT F7D397DF ZwRestoreKey
SSDT F7D397D0 ZwSetValueKey
INT 0x62 ? 8736BBF8
INT 0x63 ? 87119BF8
INT 0x82 ? 8736BBF8
INT 0xA4 ? 87119BF8
INT 0xB4 ? 87119BF8
---- Kernel code sections - GMER 1.0.15 ----
? spyn.sys The system cannot find the file specified. !
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF5FA8380, 0x550AF5, 0xE8000020]
.text USBPORT.SYS!DllUnload F5F888AC 5 Bytes JMP 871191D8
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[2488] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3644] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8736A1F8
Device \FileSystem\Fastfat \FatCdrom 8708E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{264629F0-BFE2-41CF-9CCB-066B61B6252F} 86EBC500
Device \Driver\usbuhci \Device\USBPDO-0 871181F8
Device \Driver\usbuhci \Device\USBPDO-1 871181F8
Device \Driver\usbuhci \Device\USBPDO-2 871181F8
Device \Driver\usbehci \Device\USBPDO-3 870F6500
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
Device \Driver\Ftdisk \Device\HarddiskVolume1 873DC1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 873DC1F8
Device \Driver\Cdrom \Device\CdRom0 870E9500
Device \Driver\Cdrom \Device\CdRom1 870E9500
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F7449B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7449B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7449B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7449B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F7449B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 86EBC500
Device \Driver\NetBT \Device\NetbiosSmb 86EBC500
Device \Driver\usbuhci \Device\USBFDO-0 871181F8
Device \Driver\usbuhci \Device\USBFDO-1 871181F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86CFC500
Device \Driver\usbuhci \Device\USBFDO-2 871181F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86CFC500
Device \Driver\usbehci \Device\USBFDO-3 870F6500
Device \Driver\Ftdisk \Device\FtControl 873DC1F8
Device \FileSystem\Fastfat \Fat 8708E500
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 87007328
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD8 0xD8 0xAA 0x43 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD8 0xD8 0xAA 0x43 ...
---- EOF - GMER 1.0.15 ----
OTL logfile created on: 4/14/2010 7:09:45 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Kyle Bryant\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,023.00 Mb Total Physical Memory | 494.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 38.24 Gb Free Space | 34.23% Space Free | Partition Type: NTFS
Drive D: | 681.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KYLE
Current User Name: Kyle Bryant
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/04/14 19:09:21 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kyle Bryant\Desktop\OTL.exe
PRC - [2010/04/04 15:41:15 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/07 17:57:10 | 000,433,832 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avscan.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/02/04 16:49:19 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/27 04:48:52 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/29 10:08:28 | 001,653,248 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2009/12/23 16:57:18 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/09/13 08:21:55 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/11/18 11:31:38 | 000,253,952 | ---- | M] () -- C:\Program Files\VentSrv\ventrilo_srv.exe
PRC - [2008/11/10 11:23:50 | 001,539,072 | ---- | M] () -- C:\Program Files\Ventrilo\Ventrilo.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2007/08/18 08:53:35 | 000,050,528 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2007/05/25 12:16:08 | 000,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2007/01/04 16:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/12/15 03:23:27 | 000,075,520 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
PRC - [2006/06/07 12:46:24 | 000,942,080 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
========== Modules (SafeList) ==========
MOD - [2010/04/14 19:09:21 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kyle Bryant\Desktop\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (iPod Service)
SRV - [2010/03/16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/02/04 16:49:19 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/12/23 16:57:18 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/06/07 12:46:24 | 000,942,080 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2002/05/03 12:29:42 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel®
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_Url = http://home.microsof...arch/search.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.61
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..keyword.URL: "http://slirsredirect...0fftrab&query="
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/25 07:05:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/07 05:29:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/07 05:29:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2008/08/26 17:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle Bryant\Application Data\Mozilla\Extensions
[2010/04/13 21:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\extensions
[2009/10/10 16:17:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/06 15:19:47 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/01/19 07:26:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/19 22:46:21 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/04/12 20:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\extensions\[email protected]
[2009/10/10 16:16:10 | 000,004,212 | ---- | M] () -- C:\Documents and Settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\searchplugins\aim-search.xml
[2008/02/17 17:58:40 | 000,000,998 | ---- | M] () -- C:\Documents and Settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\searchplugins\aolsearch.gif
[2008/02/17 17:58:40 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\searchplugins\aolsearch.src
[2008/02/17 17:58:31 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\searchplugins\aolsearch.xml
[2009/01/14 01:12:10 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\searchplugins\daemon-search.xml
[2008/07/12 03:32:33 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\searchplugins\winamp-search.xml
[2010/04/13 21:07:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/18 05:08:45 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
O1 HOSTS File: ([2010/03/01 13:30:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: west.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: westathome.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: westathome.net ([]* in Trusted sites)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} http://imlive.com/ch...urce/ImlCID.cab (imlUCID Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} http://livenj02.cust...l/java/RntX.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://webmail.centr...1004MN382DELIM2
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kyle Bryant\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/10/13 16:23:46 | 000,045,056 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/09/26 19:21:07 | 000,000,158 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2003/01/27 11:48:32 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 14 Days ==========
[2010/04/14 19:09:23 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kyle Bryant\Desktop\OTL.exe
[2010/04/14 15:39:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/04/14 15:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/14 13:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle Bryant\Desktop\NES Emulator
[2010/04/12 12:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData
[2010/04/02 10:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle Bryant\Local Settings\Application Data\WeatherBug
[2010/04/02 10:22:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle Bryant\Application Data\WeatherBug
[2010/04/02 10:21:29 | 000,000,000 | ---D | C] -- C:\Program Files\AWS
OTL Extras logfile created on: 4/14/2010 7:09:45 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Kyle Bryant\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,023.00 Mb Total Physical Memory | 494.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 38.24 Gb Free Space | 34.23% Space Free | Partition Type: NTFS
Drive D: | 681.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KYLE
Current User Name: Kyle Bryant
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire -- (FrostWire Group)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\VentSrv\ventrilo_srv.exe" = C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- ()
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Documents and Settings\Kyle Bryant\Desktop\Feilena\StepMania CVS\Program\StepMania.exe" = C:\Documents and Settings\Kyle Bryant\Desktop\Feilena\StepMania CVS\Program\StepMania.exe:*:Enabled:StepMania -- (http://www.stepmania.com)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Documents and Settings\Kyle Bryant\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Kyle Bryant\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Disabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\Repair.exe" = C:\Program Files\World of Warcraft\Repair.exe:*:Disabled:Blizzard Repair Utility -- (Blizzard Entertainment, Inc.)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Kyle Bryant\Local Settings\Apps\2.0\VWGXBD3Y.K3H\VQVX6AHE.P22\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe" = C:\Documents and Settings\Kyle Bryant\Local Settings\Apps\2.0\VWGXBD3Y.K3H\VQVX6AHE.P22\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2238A301-6A20-4bdb-A655-C84AB629F6B6}" = hph_readme
"{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{2D1FFF32-B3B6-4ac4-9AB0-0E44889CBD80}" = D2300
"{31C2F32D-C5DD-4583-8181-B48591CA231C}" = RapidPlayer v5.0 ActiveX Control
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{34DAFDEC-A4B4-488A-A5CD-C91975A6F083}" = MediaRing Talk
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{49140327-BEBF-43dd-B386-43311A065609}" = hph_ProductContext
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = PlayNC Launcher
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{674D5CE7-BFE9-43B8-B246-51D8F088A1C6}" = Diskeeper Professional Premier Edition
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}" = Microsoft Works Suite Add-in for Microsoft Word
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D404F8F-05A1-4734-9550-6EC2FEE916B8}" = HP Photosmart and Deskjet 7.0 Software
"{9E5AE5C0-423C-4F4F-823B-57781C2B77F5}" = RTC Client API v1.2 Setup
"{9FF3BF5D-2641-40BF-9A6F-C41166BEB0A6}" = D2300_Help
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBEB5679-6E2C-47C6-A9B5-3C6D4CD19B60}" = hph_software_req
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D5F9FF84-6349-4BE6-94AA-F71975412E4A}" = Z Engine
"{D6346347-B8CD-4B52-BF5F-9676CDE79801}" = hph_software
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter" = AC3Filter (remove only)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM 6
"AIMTunes" = AIMTunes
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EA Download Manager" = EA Download Manager
"Fitness Dash1.02" = Fitness Dash
"FrostWire" = FrostWire 4.17.2
"G-Force" = G-Force
"Guild Wars" = Guild Wars
"GW Team Builder_is1" = GW Team Builder 1.2.1
"Hotel Dash 1.00" = Hotel Dash 1.00
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"KEMailKb" = Internet Keyboard Elite
"Loki ActiveX Control" = Loki ActiveX Control
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Ogg Codecs" = Ogg Codecs 0.81.15562
"PhoTagsExpress" = PhoTags Express
"Plants vs. Zombies" = Plants vs. Zombies
"PopCap Browser Plugin" = PopCap Browser Plugin
"PROSet" = Intel® PRO Ethernet Adapter and Software
"RealPlayer 12.0" = RealPlayer
"Shockwave" = Shockwave
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpeedFan" = SpeedFan (remove only)
"TeamViewer 5" = TeamViewer 5
"Test My Hardware_is1" = Test My Hardware 2.4
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2003Setup" = Microsoft Works 2003 Setup Launcher
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Spa Mania" = Spa Mania
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/13/2010 8:34:29 PM | Computer Name = KYLE | Source = Application Error | ID = 1000
Description = Faulting application s3rc.exe, version 0.0.0.0, faulting module s3rc.exe,
version 0.0.0.0, fault address 0x00002e02.
Error - 4/13/2010 9:27:05 PM | Computer Name = KYLE | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\KYLE BRYANT\MY DOCUMENTS\ELECTRONIC
ARTS\THE SIMS 3\CURRENTGAME.SIMS3\TRAVELDB.PACKAGE> in the hash map cannot be updated.
Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)
Error - 4/13/2010 9:27:05 PM | Computer Name = KYLE | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\KYLE BRYANT\MY DOCUMENTS\ELECTRONIC
ARTS\THE SIMS 3\CURRENTGAME.SIMS3\TRAVELDB.PACKAGE> in the hash map cannot be updated.
Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)
Error - 4/13/2010 10:23:05 PM | Computer Name = KYLE | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\KYLE BRYANT\MY DOCUMENTS\ELECTRONIC
ARTS\THE SIMS 3\CURRENTGAME.SIMS3\TRAVELDB.PACKAGE> in the hash map cannot be updated.
Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)
Error - 4/14/2010 4:49:11 AM | Computer Name = KYLE | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 4/14/2010 4:03:50 PM | Computer Name = KYLE | Source = MSDTC | ID = 4437
Description = The account that the MS DTC service is running under is invalid. This
can happen if the service account information has been changed using the Services
snap-in in Microsoft Management Console (MMC). MS DTC service will continue to
start. Please make sure that the MS DTC service account information is updated using
the Component Services Explorer.
Error - 4/14/2010 4:45:26 PM | Computer Name = KYLE | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.HistoryHandler cannot be loaded. Error description:
The system cannot find the file specified. .
Error - 4/14/2010 4:45:26 PM | Computer Name = KYLE | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.RSSHandler cannot be loaded. Error description:
MAPI: Logon failed. .
Error - 4/14/2010 5:25:19 PM | Computer Name = KYLE | Source = MSDTC | ID = 4437
Description = The account that the MS DTC service is running under is invalid. This
can happen if the service account information has been changed using the Services
snap-in in Microsoft Management Console (MMC). MS DTC service will continue to
start. Please make sure that the MS DTC service account information is updated using
the Component Services Explorer.
Error - 4/14/2010 5:25:21 PM | Computer Name = KYLE | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\txprop\dtcinfo.cpp(158),
hr = 8000ffff: TransactionManager->GetWhereaboutsSi
[ System Events ]
Error - 4/14/2010 5:02:37 PM | Computer Name = KYLE | Source = Service Control Manager | ID = 7000
Description = The aswFsBlk service failed to start due to the following error: %%2
Error - 4/14/2010 5:02:37 PM | Computer Name = KYLE | Source = Service Control Manager | ID = 7000
Description = The avast! Standard Shield Support service failed to start due to
the following error: %%2
Error - 4/14/2010 5:02:37 PM | Computer Name = KYLE | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3
Error - 4/14/2010 5:02:55 PM | Computer Name = KYLE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSP aswTdi
Error - 4/14/2010 5:21:48 PM | Computer Name = KYLE | Source = Service Control Manager | ID = 7000
Description = The aswFsBlk service failed to start due to the following error: %%2
Error - 4/14/2010 5:21:50 PM | Computer Name = KYLE | Source = Service Control Manager | ID = 7000
Description = The avast! Standard Shield Support service failed to start due to
the following error: %%2
Error - 4/14/2010 5:21:50 PM | Computer Name = KYLE | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3
Error - 4/14/2010 5:22:00 PM | Computer Name = KYLE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSP aswTdi
Error - 4/14/2010 5:25:22 PM | Computer Name = KYLE | Source = Service Control Manager | ID = 7031
Description = The COM+ System Application service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.
Error - 4/14/2010 5:25:22 PM | Computer Name = KYLE | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the COM+ System Application service,
but this action failed with the following error: %%1056
< End of report >
Edited by Feilena, 14 April 2010 - 07:00 PM.
#4
Posted 15 April 2010 - 11:28 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Hmm intriguing - nothing of import was showing there, did Avira give a file name ? Also what is your main antivirus as I can see at least two
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
#5
Posted 15 April 2010 - 12:04 PM
Feilena
- Topic Starter
-
- Member
-
- 150 posts
Member
Avira is my primary anti-virus now. I have had ESET NOD 32 installed, which the remnants are probably still in there, because it embeds itself into Windows. I also had Avast installed, but none of them installed at the same time. Also I didn't get any file name.
Combo Fix log:
ComboFix 10-04-14.04 - Kyle Bryant 04/15/2010 12:47:18.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.558 [GMT -5:00]
Running from: c:\documents and settings\Kyle Bryant\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
/wow section - STAGE 4
Access is denied.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ctfmon .exe
.
((((((((((((((((((((((((( Files Created from 2010-03-15 to 2010-04-15 )))))))))))))))))))))))))))))))
.
2010-04-15 14:40 . 2010-04-15 14:40 439816 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Real\Update\setup3.10\setup.exe
2010-04-14 20:39 . 2010-04-14 20:42 -------- dc-h--w- c:\windows\ie8
2010-04-14 20:11 . 2010-04-14 20:12 38784 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-14 20:10 . 2010-04-14 20:12 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-14 20:10 . 2010-04-14 20:13 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-12 17:54 . 2010-04-12 17:54 -------- d-----w- C:\ProgramData
2010-04-02 15:22 . 2010-04-02 15:23 -------- d-----w- c:\documents and settings\Kyle Bryant\Local Settings\Application Data\WeatherBug
2010-04-02 15:22 . 2010-04-02 15:22 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\WeatherBug
2010-04-02 15:21 . 2010-04-02 15:21 18944 ----a-r- c:\documents and settings\Kyle Bryant\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2010-04-02 15:21 . 2010-04-02 15:21 11264 ----a-r- c:\documents and settings\Kyle Bryant\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A1630.exe
2010-04-02 15:21 . 2010-04-02 15:21 -------- d-----w- c:\program files\AWS
2010-04-02 14:48 . 2010-04-03 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-02 14:46 . 2010-04-15 17:41 -------- d-----w- c:\windows\system32\NtmsData
2010-04-02 14:43 . 2010-04-02 14:43 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\Avira
2010-04-02 14:38 . 2010-04-02 14:38 182088 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-25 13:26 . 2010-03-25 13:26 -------- d-----w- c:\program files\Fitness Dash
2010-03-25 13:26 . 2010-03-25 13:26 -------- d-----w- c:\windows\Fitness Dash
2010-03-25 12:59 . 2010-03-25 12:59 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\Dress Up Rush
2010-03-25 12:57 . 2010-03-25 12:57 -------- d-----w- c:\windows\Dress Up Rush
2010-03-18 10:09 . 2010-03-18 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2010-03-18 10:08 . 2010-03-19 13:21 -------- d-----w- c:\program files\PopCap Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 17:42 . 2009-06-11 11:29 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\Skype
2010-04-15 13:03 . 2009-06-11 11:30 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\skypePM
2010-04-14 20:12 . 2009-06-02 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-04-14 01:41 . 2003-01-27 17:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-14 00:36 . 2009-06-02 17:08 -------- d-----w- c:\program files\Electronic Arts
2010-04-13 21:58 . 2009-05-27 17:23 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\BitTorrent
2010-04-11 08:27 . 2009-04-27 01:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-11 05:41 . 2009-07-17 10:30 -------- d-----w- c:\program files\World of Warcraft
2010-04-02 14:48 . 2005-01-20 06:58 -------- d-----w- c:\program files\Yahoo!
2010-04-02 14:48 . 2007-08-17 03:27 -------- d-----w- c:\program files\CCleaner
2010-04-02 14:46 . 2009-05-07 16:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-02 14:46 . 2009-05-07 16:03 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-30 05:46 . 2009-05-07 16:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45 . 2009-05-07 16:03 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 13:26 . 2007-10-18 23:29 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\PlayFirst
2010-03-25 13:26 . 2007-10-18 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-03-25 12:56 . 2010-01-13 09:02 -------- d-----w- c:\program files\Games
2010-03-13 14:55 . 2008-12-16 06:42 -------- d-----w- c:\program files\Guild Wars
2010-03-12 19:38 . 2010-03-12 19:38 -------- d-----w- c:\program files\Skyhook Wireless
2010-03-10 06:15 . 2002-08-29 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 01:33 . 2010-03-10 01:33 50354 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Facebook\uninstall.exe
2010-03-10 01:33 . 2010-03-10 01:33 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\Facebook
2010-03-08 17:20 . 2007-02-01 00:03 -------- d--h--w- c:\documents and settings\Kyle Bryant\Application Data\Move Networks
2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Facebook\axfbootloader.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-03-05 09:24 . 2004-03-09 00:04 63408 -c--a-w- c:\documents and settings\Kyle Bryant\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-03 17:45 . 2005-01-21 20:52 -------- d-----w- c:\program files\Common Files\Java
2010-03-03 17:45 . 2010-03-03 17:45 503808 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-573ca0b1-n\msvcp71.dll
2010-03-03 17:45 . 2010-03-03 17:45 348160 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-573ca0b1-n\msvcr71.dll
2010-03-03 17:45 . 2010-03-03 17:45 61440 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-371b073a-n\decora-sse.dll
2010-03-03 17:45 . 2010-03-03 17:45 499712 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-573ca0b1-n\jmc.dll
2010-03-03 17:45 . 2010-03-03 17:45 12800 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-371b073a-n\decora-d3d.dll
2010-03-03 17:35 . 2005-01-21 20:59 -------- d-----w- c:\program files\Java
2010-03-02 19:37 . 2008-12-08 06:41 -------- d-----w- c:\program files\AIM6
2010-03-01 20:24 . 2010-03-01 20:24 -------- d-----w- c:\program files\Avira
2010-03-01 20:24 . 2010-03-01 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-03-01 18:47 . 2010-03-01 18:47 -------- d-----w- c:\program files\Common Files\Apple
2010-03-01 18:47 . 2007-03-27 23:50 -------- d-----w- c:\program files\Apple Software Update
2010-03-01 18:47 . 2010-03-01 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-03-01 14:05 . 2010-03-01 20:24 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-01 09:48 . 2010-01-20 15:50 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-03-01 06:30 . 2010-03-01 06:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2010-02-25 06:24 . 2004-08-24 01:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-05-08 23:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 14:10 . 2008-05-08 23:15 2189952 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 18:24 . 2009-10-10 21:26 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-16 13:25 . 2008-05-08 23:15 2066816 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2002-08-29 11:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 15:24 . 2009-11-04 15:44 3532 ----a-w- C:\drmHeader.bin
2010-02-11 12:02 . 2008-05-08 23:15 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 21:49 . 2010-01-11 03:48 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-04 21:49 . 2010-01-11 03:47 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-04 21:49 . 2010-01-11 03:47 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-27 09:49 . 2010-01-11 03:48 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-27 09:49 . 2010-02-28 15:00 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-27 09:49 . 2010-01-27 09:49 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-01-27 09:49 . 2010-01-11 03:48 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-27 09:49 . 2010-01-11 03:48 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-27 09:49 . 2010-01-11 03:48 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-27 09:49 . 2010-01-27 09:49 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-01-27 09:49 . 2010-01-11 03:48 8 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-27 09:49 . 2010-01-11 03:47 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-27 09:48 . 2010-01-27 09:48 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-01-27 09:48 . 2010-01-27 09:48 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-01-27 09:48 . 2010-01-11 03:47 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-27 09:48 . 2010-01-11 03:47 816784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-27 09:48 . 2010-01-11 03:47 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-27 09:48 . 2010-01-11 03:47 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-01-27 16:42 . 2009-01-27 16:42 5632 -csha-w- c:\program files\Thumbs.db
1999-07-07 00:00 . 1999-07-07 00:00 6 -csh--r- c:\windows\@@desktop.dat
2005-04-16 23:09 . 2005-04-16 23:09 475 -csh--w- c:\windows\SYSTEM32\ewb.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Combo Fix log:
ComboFix 10-04-14.04 - Kyle Bryant 04/15/2010 12:47:18.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.558 [GMT -5:00]
Running from: c:\documents and settings\Kyle Bryant\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
/wow section - STAGE 4
Access is denied.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ctfmon .exe
.
((((((((((((((((((((((((( Files Created from 2010-03-15 to 2010-04-15 )))))))))))))))))))))))))))))))
.
2010-04-15 14:40 . 2010-04-15 14:40 439816 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Real\Update\setup3.10\setup.exe
2010-04-14 20:39 . 2010-04-14 20:42 -------- dc-h--w- c:\windows\ie8
2010-04-14 20:11 . 2010-04-14 20:12 38784 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-14 20:10 . 2010-04-14 20:12 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-14 20:10 . 2010-04-14 20:13 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-12 17:54 . 2010-04-12 17:54 -------- d-----w- C:\ProgramData
2010-04-02 15:22 . 2010-04-02 15:23 -------- d-----w- c:\documents and settings\Kyle Bryant\Local Settings\Application Data\WeatherBug
2010-04-02 15:22 . 2010-04-02 15:22 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\WeatherBug
2010-04-02 15:21 . 2010-04-02 15:21 18944 ----a-r- c:\documents and settings\Kyle Bryant\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2010-04-02 15:21 . 2010-04-02 15:21 11264 ----a-r- c:\documents and settings\Kyle Bryant\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A1630.exe
2010-04-02 15:21 . 2010-04-02 15:21 -------- d-----w- c:\program files\AWS
2010-04-02 14:48 . 2010-04-03 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-02 14:46 . 2010-04-15 17:41 -------- d-----w- c:\windows\system32\NtmsData
2010-04-02 14:43 . 2010-04-02 14:43 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\Avira
2010-04-02 14:38 . 2010-04-02 14:38 182088 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-25 13:26 . 2010-03-25 13:26 -------- d-----w- c:\program files\Fitness Dash
2010-03-25 13:26 . 2010-03-25 13:26 -------- d-----w- c:\windows\Fitness Dash
2010-03-25 12:59 . 2010-03-25 12:59 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\Dress Up Rush
2010-03-25 12:57 . 2010-03-25 12:57 -------- d-----w- c:\windows\Dress Up Rush
2010-03-18 10:09 . 2010-03-18 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2010-03-18 10:08 . 2010-03-19 13:21 -------- d-----w- c:\program files\PopCap Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 17:42 . 2009-06-11 11:29 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\Skype
2010-04-15 13:03 . 2009-06-11 11:30 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\skypePM
2010-04-14 20:12 . 2009-06-02 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-04-14 01:41 . 2003-01-27 17:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-14 00:36 . 2009-06-02 17:08 -------- d-----w- c:\program files\Electronic Arts
2010-04-13 21:58 . 2009-05-27 17:23 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\BitTorrent
2010-04-11 08:27 . 2009-04-27 01:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-11 05:41 . 2009-07-17 10:30 -------- d-----w- c:\program files\World of Warcraft
2010-04-02 14:48 . 2005-01-20 06:58 -------- d-----w- c:\program files\Yahoo!
2010-04-02 14:48 . 2007-08-17 03:27 -------- d-----w- c:\program files\CCleaner
2010-04-02 14:46 . 2009-05-07 16:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-02 14:46 . 2009-05-07 16:03 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-30 05:46 . 2009-05-07 16:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45 . 2009-05-07 16:03 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 13:26 . 2007-10-18 23:29 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\PlayFirst
2010-03-25 13:26 . 2007-10-18 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-03-25 12:56 . 2010-01-13 09:02 -------- d-----w- c:\program files\Games
2010-03-13 14:55 . 2008-12-16 06:42 -------- d-----w- c:\program files\Guild Wars
2010-03-12 19:38 . 2010-03-12 19:38 -------- d-----w- c:\program files\Skyhook Wireless
2010-03-10 06:15 . 2002-08-29 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 01:33 . 2010-03-10 01:33 50354 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Facebook\uninstall.exe
2010-03-10 01:33 . 2010-03-10 01:33 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\Facebook
2010-03-08 17:20 . 2007-02-01 00:03 -------- d--h--w- c:\documents and settings\Kyle Bryant\Application Data\Move Networks
2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Facebook\axfbootloader.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-03-05 09:24 . 2004-03-09 00:04 63408 -c--a-w- c:\documents and settings\Kyle Bryant\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-03 17:45 . 2005-01-21 20:52 -------- d-----w- c:\program files\Common Files\Java
2010-03-03 17:45 . 2010-03-03 17:45 503808 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-573ca0b1-n\msvcp71.dll
2010-03-03 17:45 . 2010-03-03 17:45 348160 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-573ca0b1-n\msvcr71.dll
2010-03-03 17:45 . 2010-03-03 17:45 61440 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-371b073a-n\decora-sse.dll
2010-03-03 17:45 . 2010-03-03 17:45 499712 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-573ca0b1-n\jmc.dll
2010-03-03 17:45 . 2010-03-03 17:45 12800 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-371b073a-n\decora-d3d.dll
2010-03-03 17:35 . 2005-01-21 20:59 -------- d-----w- c:\program files\Java
2010-03-02 19:37 . 2008-12-08 06:41 -------- d-----w- c:\program files\AIM6
2010-03-01 20:24 . 2010-03-01 20:24 -------- d-----w- c:\program files\Avira
2010-03-01 20:24 . 2010-03-01 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-03-01 18:47 . 2010-03-01 18:47 -------- d-----w- c:\program files\Common Files\Apple
2010-03-01 18:47 . 2007-03-27 23:50 -------- d-----w- c:\program files\Apple Software Update
2010-03-01 18:47 . 2010-03-01 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-03-01 14:05 . 2010-03-01 20:24 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-01 09:48 . 2010-01-20 15:50 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-03-01 06:30 . 2010-03-01 06:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2010-02-25 06:24 . 2004-08-24 01:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-05-08 23:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 14:10 . 2008-05-08 23:15 2189952 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 18:24 . 2009-10-10 21:26 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-16 13:25 . 2008-05-08 23:15 2066816 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2002-08-29 11:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 15:24 . 2009-11-04 15:44 3532 ----a-w- C:\drmHeader.bin
2010-02-11 12:02 . 2008-05-08 23:15 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 21:49 . 2010-01-11 03:48 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-04 21:49 . 2010-01-11 03:47 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-04 21:49 . 2010-01-11 03:47 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-27 09:49 . 2010-01-11 03:48 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-27 09:49 . 2010-02-28 15:00 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-27 09:49 . 2010-01-27 09:49 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-01-27 09:49 . 2010-01-11 03:48 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-27 09:49 . 2010-01-11 03:48 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-27 09:49 . 2010-01-11 03:48 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-27 09:49 . 2010-01-27 09:49 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-01-27 09:49 . 2010-01-11 03:48 8 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-27 09:49 . 2010-01-11 03:47 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-27 09:48 . 2010-01-27 09:48 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-01-27 09:48 . 2010-01-27 09:48 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-01-27 09:48 . 2010-01-11 03:47 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-27 09:48 . 2010-01-11 03:47 816784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-27 09:48 . 2010-01-11 03:47 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-27 09:48 . 2010-01-11 03:47 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-01-27 16:42 . 2009-01-27 16:42 5632 -csha-w- c:\program files\Thumbs.db
1999-07-07 00:00 . 1999-07-07 00:00 6 -csh--r- c:\windows\@@desktop.dat
2005-04-16 23:09 . 2005-04-16 23:09 475 -csh--w- c:\windows\SYSTEM32\ewb.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Edited by Feilena, 15 April 2010 - 12:04 PM.
#6
Posted 15 April 2010 - 12:08 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Hi Feilena could I have the entire log please 
#7
Posted 15 April 2010 - 12:10 PM
Feilena
- Topic Starter
-
- Member
-
- 150 posts
Member
My sincerest apologies for that I thought I had it all! Apparently not.
ComboFix 10-04-14.04 - Kyle Bryant 04/15/2010 12:47:18.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.558 [GMT -5:00]
Running from: c:\documents and settings\Kyle Bryant\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
/wow section - STAGE 4
Access is denied.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ctfmon .exe
.
((((((((((((((((((((((((( Files Created from 2010-03-15 to 2010-04-15 )))))))))))))))))))))))))))))))
.
2010-04-15 14:40 . 2010-04-15 14:40 439816 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Real\Update\setup3.10\setup.exe
2010-04-14 20:39 . 2010-04-14 20:42 -------- dc-h--w- c:\windows\ie8
2010-04-14 20:11 . 2010-04-14 20:12 38784 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-14 20:10 . 2010-04-14 20:12 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-14 20:10 . 2010-04-14 20:13 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-12 17:54 . 2010-04-12 17:54 -------- d-----w- C:\ProgramData
2010-04-02 15:22 . 2010-04-02 15:23 -------- d-----w- c:\documents and settings\Kyle Bryant\Local Settings\Application Data\WeatherBug
2010-04-02 15:22 . 2010-04-02 15:22 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\WeatherBug
2010-04-02 15:21 . 2010-04-02 15:21 18944 ----a-r- c:\documents and settings\Kyle Bryant\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2010-04-02 15:21 . 2010-04-02 15:21 11264 ----a-r- c:\documents and settings\Kyle Bryant\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A1630.exe
2010-04-02 15:21 . 2010-04-02 15:21 -------- d-----w- c:\program files\AWS
2010-04-02 14:48 . 2010-04-03 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-02 14:46 . 2010-04-15 17:41 -------- d-----w- c:\windows\system32\NtmsData
2010-04-02 14:43 . 2010-04-02 14:43 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\Avira
2010-04-02 14:38 . 2010-04-02 14:38 182088 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-25 13:26 . 2010-03-25 13:26 -------- d-----w- c:\program files\Fitness Dash
2010-03-25 13:26 . 2010-03-25 13:26 -------- d-----w- c:\windows\Fitness Dash
2010-03-25 12:59 . 2010-03-25 12:59 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\Dress Up Rush
2010-03-25 12:57 . 2010-03-25 12:57 -------- d-----w- c:\windows\Dress Up Rush
2010-03-18 10:09 . 2010-03-18 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2010-03-18 10:08 . 2010-03-19 13:21 -------- d-----w- c:\program files\PopCap Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 17:42 . 2009-06-11 11:29 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\Skype
2010-04-15 13:03 . 2009-06-11 11:30 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\skypePM
2010-04-14 20:12 . 2009-06-02 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-04-14 01:41 . 2003-01-27 17:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-14 00:36 . 2009-06-02 17:08 -------- d-----w- c:\program files\Electronic Arts
2010-04-13 21:58 . 2009-05-27 17:23 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\BitTorrent
2010-04-11 08:27 . 2009-04-27 01:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-11 05:41 . 2009-07-17 10:30 -------- d-----w- c:\program files\World of Warcraft
2010-04-02 14:48 . 2005-01-20 06:58 -------- d-----w- c:\program files\Yahoo!
2010-04-02 14:48 . 2007-08-17 03:27 -------- d-----w- c:\program files\CCleaner
2010-04-02 14:46 . 2009-05-07 16:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-02 14:46 . 2009-05-07 16:03 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-30 05:46 . 2009-05-07 16:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45 . 2009-05-07 16:03 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 13:26 . 2007-10-18 23:29 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\PlayFirst
2010-03-25 13:26 . 2007-10-18 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-03-25 12:56 . 2010-01-13 09:02 -------- d-----w- c:\program files\Games
2010-03-13 14:55 . 2008-12-16 06:42 -------- d-----w- c:\program files\Guild Wars
2010-03-12 19:38 . 2010-03-12 19:38 -------- d-----w- c:\program files\Skyhook Wireless
2010-03-10 06:15 . 2002-08-29 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 01:33 . 2010-03-10 01:33 50354 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Facebook\uninstall.exe
2010-03-10 01:33 . 2010-03-10 01:33 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\Facebook
2010-03-08 17:20 . 2007-02-01 00:03 -------- d--h--w- c:\documents and settings\Kyle Bryant\Application Data\Move Networks
2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Facebook\axfbootloader.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-03-05 09:24 . 2004-03-09 00:04 63408 -c--a-w- c:\documents and settings\Kyle Bryant\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-03 17:45 . 2005-01-21 20:52 -------- d-----w- c:\program files\Common Files\Java
2010-03-03 17:45 . 2010-03-03 17:45 503808 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-573ca0b1-n\msvcp71.dll
2010-03-03 17:45 . 2010-03-03 17:45 348160 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-573ca0b1-n\msvcr71.dll
2010-03-03 17:45 . 2010-03-03 17:45 61440 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-371b073a-n\decora-sse.dll
2010-03-03 17:45 . 2010-03-03 17:45 499712 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-573ca0b1-n\jmc.dll
2010-03-03 17:45 . 2010-03-03 17:45 12800 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-371b073a-n\decora-d3d.dll
2010-03-03 17:35 . 2005-01-21 20:59 -------- d-----w- c:\program files\Java
2010-03-02 19:37 . 2008-12-08 06:41 -------- d-----w- c:\program files\AIM6
2010-03-01 20:24 . 2010-03-01 20:24 -------- d-----w- c:\program files\Avira
2010-03-01 20:24 . 2010-03-01 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-03-01 18:47 . 2010-03-01 18:47 -------- d-----w- c:\program files\Common Files\Apple
2010-03-01 18:47 . 2007-03-27 23:50 -------- d-----w- c:\program files\Apple Software Update
2010-03-01 18:47 . 2010-03-01 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-03-01 14:05 . 2010-03-01 20:24 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-01 09:48 . 2010-01-20 15:50 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-03-01 06:30 . 2010-03-01 06:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2010-02-25 06:24 . 2004-08-24 01:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-05-08 23:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 14:10 . 2008-05-08 23:15 2189952 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 18:24 . 2009-10-10 21:26 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-16 13:25 . 2008-05-08 23:15 2066816 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2002-08-29 11:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 15:24 . 2009-11-04 15:44 3532 ----a-w- C:\drmHeader.bin
2010-02-11 12:02 . 2008-05-08 23:15 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 21:49 . 2010-01-11 03:48 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-04 21:49 . 2010-01-11 03:47 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-04 21:49 . 2010-01-11 03:47 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-27 09:49 . 2010-01-11 03:48 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-27 09:49 . 2010-02-28 15:00 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-27 09:49 . 2010-01-27 09:49 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-01-27 09:49 . 2010-01-11 03:48 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-27 09:49 . 2010-01-11 03:48 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-27 09:49 . 2010-01-11 03:48 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-27 09:49 . 2010-01-27 09:49 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-01-27 09:49 . 2010-01-11 03:48 8 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-27 09:49 . 2010-01-11 03:47 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-27 09:48 . 2010-01-27 09:48 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-01-27 09:48 . 2010-01-27 09:48 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-01-27 09:48 . 2010-01-11 03:47 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-27 09:48 . 2010-01-11 03:47 816784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-27 09:48 . 2010-01-11 03:47 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-27 09:48 . 2010-01-11 03:47 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-01-27 16:42 . 2009-01-27 16:42 5632 -csha-w- c:\program files\Thumbs.db
1999-07-07 00:00 . 1999-07-07 00:00 6 -csh--r- c:\windows\@@desktop.dat
2005-04-16 23:09 . 2005-04-16 23:09 475 -csh--w- c:\windows\SYSTEM32\ewb.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 22:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-08-18 50528]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-12-29 1653248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-13 198160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Kyle Bryant^Start Menu^Programs^Startup^hamachi.lnk.disabled]
backup=c:\windows\pss\hamachi.lnk.disabledStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Kyle Bryant^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Kyle Bryant^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup
path=c:\documents and settings\Kyle Bryant\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^Kyle Bryant^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Kyle Bryant\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-01-27 09:48 788880 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2008-11-20 20:24 684032 -c--a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2007-08-18 13:53 50528 ----a-w- c:\program files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 10:59 122880 ----a-w- c:\windows\BCMSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-05-27 17:09 321344 ----a-w- c:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2006-06-07 17:35 319488 ----a-w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DwlClient]
2004-05-28 02:05 323584 -c--a-w- c:\program files\Common Files\Dell\EUSW\Support.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KEMailKb]
2005-08-09 08:27 401408 -c--a-w- c:\progra~1\MICROI~1\INTERN~1\KEMailKb.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPDrv4XP]
2005-02-21 11:15 40960 -c--a-w- c:\progra~1\MICROI~1\INTERN~1\KPDRV4XP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-30 05:46 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 02:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-01-12 04:17 13666408 ----a-w- c:\windows\SYSTEM32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-05 00:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\ntunecmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-01-07 05:27 1657448 ----a-w- c:\windows\SYSTEM32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 19:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-13 13:21 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 21:45 313472 -c--a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2009-12-29 15:08 1653248 ----a-r- c:\program files\AWS\WeatherBug\Weather.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-05-27 02:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"SCardSvr"=3 (0x3)
"seclogon"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Netlogon"=3 (0x3)
"gusvc"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Documents and Settings\\Kyle Bryant\\Desktop\\Feilena\\StepMania CVS\\Program\\StepMania.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Documents and Settings\\Kyle Bryant\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Kyle Bryant\\Local Settings\\Apps\\2.0\\VWGXBD3Y.K3H\\VQVX6AHE.P22\\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\\CurseClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [1/10/2010 10:48 PM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/1/2010 3:24 PM 135336]
R2 HIDKbFlt;HIDKbFlt.SvcDesc%;c:\windows\SYSTEM32\DRIVERS\HIDKbFlt.sys [7/25/2005 5:13 AM 23680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 8:19 AM 1181328]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/15/2009 1:01 AM 93320]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/17/2008 5:51 PM 24652]
S0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [1/14/2009 1:08 AM 717296]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S3 cheetah1;cheetah1;\??\c:\documents and settings\Kyle Bryant\Desktop\GameCheetah MapleStory\cheetah.sys --> c:\documents and settings\Kyle Bryant\Desktop\GameCheetah MapleStory\cheetah.sys [?]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:49]
2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:49]
2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:49]
2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:49]
2010-04-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:49]
2010-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Trusted Zone: west.com
Trusted Zone: westathome.com
Trusted Zone: westathome.net
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\Kyle Bryant\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Kyle Bryant\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\Kyle Bryant\Application Data\Move Networks\plugins\npqmp071504000001.dll
FF - plugin: c:\documents and settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-CurseClient - c:\program files\Curse\CurseClient.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-iCall Internet Phone - c:\program files\iCall\iCall.exe
MSConfigStartUp-Microsoft Works Update Detection - c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
MSConfigStartUp-MimBoot - c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_02\bin\jusched.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-VoipBuster - c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-15 12:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-58719493-697674143-1452570031-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2010-04-15 13:01:43
ComboFix-quarantined-files.txt 2010-04-15 18:01
Pre-Run: 41,042,685,952 bytes free
Post-Run: 41,173,659,648 bytes free
- - End Of File - - F9B6F5D284582D072FF67BF5CE4D4F8F
ComboFix 10-04-14.04 - Kyle Bryant 04/15/2010 12:47:18.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.558 [GMT -5:00]
Running from: c:\documents and settings\Kyle Bryant\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
/wow section - STAGE 4
Access is denied.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ctfmon .exe
.
((((((((((((((((((((((((( Files Created from 2010-03-15 to 2010-04-15 )))))))))))))))))))))))))))))))
.
2010-04-15 14:40 . 2010-04-15 14:40 439816 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Real\Update\setup3.10\setup.exe
2010-04-14 20:39 . 2010-04-14 20:42 -------- dc-h--w- c:\windows\ie8
2010-04-14 20:11 . 2010-04-14 20:12 38784 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-14 20:10 . 2010-04-14 20:12 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-14 20:10 . 2010-04-14 20:13 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-12 17:54 . 2010-04-12 17:54 -------- d-----w- C:\ProgramData
2010-04-02 15:22 . 2010-04-02 15:23 -------- d-----w- c:\documents and settings\Kyle Bryant\Local Settings\Application Data\WeatherBug
2010-04-02 15:22 . 2010-04-02 15:22 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\WeatherBug
2010-04-02 15:21 . 2010-04-02 15:21 18944 ----a-r- c:\documents and settings\Kyle Bryant\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2010-04-02 15:21 . 2010-04-02 15:21 11264 ----a-r- c:\documents and settings\Kyle Bryant\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A1630.exe
2010-04-02 15:21 . 2010-04-02 15:21 -------- d-----w- c:\program files\AWS
2010-04-02 14:48 . 2010-04-03 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-02 14:46 . 2010-04-15 17:41 -------- d-----w- c:\windows\system32\NtmsData
2010-04-02 14:43 . 2010-04-02 14:43 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\Avira
2010-04-02 14:38 . 2010-04-02 14:38 182088 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-25 13:26 . 2010-03-25 13:26 -------- d-----w- c:\program files\Fitness Dash
2010-03-25 13:26 . 2010-03-25 13:26 -------- d-----w- c:\windows\Fitness Dash
2010-03-25 12:59 . 2010-03-25 12:59 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\Dress Up Rush
2010-03-25 12:57 . 2010-03-25 12:57 -------- d-----w- c:\windows\Dress Up Rush
2010-03-18 10:09 . 2010-03-18 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2010-03-18 10:08 . 2010-03-19 13:21 -------- d-----w- c:\program files\PopCap Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 17:42 . 2009-06-11 11:29 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\Skype
2010-04-15 13:03 . 2009-06-11 11:30 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\skypePM
2010-04-14 20:12 . 2009-06-02 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-04-14 01:41 . 2003-01-27 17:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-14 00:36 . 2009-06-02 17:08 -------- d-----w- c:\program files\Electronic Arts
2010-04-13 21:58 . 2009-05-27 17:23 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\BitTorrent
2010-04-11 08:27 . 2009-04-27 01:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-11 05:41 . 2009-07-17 10:30 -------- d-----w- c:\program files\World of Warcraft
2010-04-02 14:48 . 2005-01-20 06:58 -------- d-----w- c:\program files\Yahoo!
2010-04-02 14:48 . 2007-08-17 03:27 -------- d-----w- c:\program files\CCleaner
2010-04-02 14:46 . 2009-05-07 16:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-02 14:46 . 2009-05-07 16:03 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-30 05:46 . 2009-05-07 16:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45 . 2009-05-07 16:03 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 13:26 . 2007-10-18 23:29 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\PlayFirst
2010-03-25 13:26 . 2007-10-18 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-03-25 12:56 . 2010-01-13 09:02 -------- d-----w- c:\program files\Games
2010-03-13 14:55 . 2008-12-16 06:42 -------- d-----w- c:\program files\Guild Wars
2010-03-12 19:38 . 2010-03-12 19:38 -------- d-----w- c:\program files\Skyhook Wireless
2010-03-10 06:15 . 2002-08-29 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 01:33 . 2010-03-10 01:33 50354 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Facebook\uninstall.exe
2010-03-10 01:33 . 2010-03-10 01:33 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\Facebook
2010-03-08 17:20 . 2007-02-01 00:03 -------- d--h--w- c:\documents and settings\Kyle Bryant\Application Data\Move Networks
2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Facebook\axfbootloader.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-03-05 09:24 . 2004-03-09 00:04 63408 -c--a-w- c:\documents and settings\Kyle Bryant\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-03 17:45 . 2005-01-21 20:52 -------- d-----w- c:\program files\Common Files\Java
2010-03-03 17:45 . 2010-03-03 17:45 503808 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-573ca0b1-n\msvcp71.dll
2010-03-03 17:45 . 2010-03-03 17:45 348160 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-573ca0b1-n\msvcr71.dll
2010-03-03 17:45 . 2010-03-03 17:45 61440 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-371b073a-n\decora-sse.dll
2010-03-03 17:45 . 2010-03-03 17:45 499712 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-573ca0b1-n\jmc.dll
2010-03-03 17:45 . 2010-03-03 17:45 12800 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-371b073a-n\decora-d3d.dll
2010-03-03 17:35 . 2005-01-21 20:59 -------- d-----w- c:\program files\Java
2010-03-02 19:37 . 2008-12-08 06:41 -------- d-----w- c:\program files\AIM6
2010-03-01 20:24 . 2010-03-01 20:24 -------- d-----w- c:\program files\Avira
2010-03-01 20:24 . 2010-03-01 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-03-01 18:47 . 2010-03-01 18:47 -------- d-----w- c:\program files\Common Files\Apple
2010-03-01 18:47 . 2007-03-27 23:50 -------- d-----w- c:\program files\Apple Software Update
2010-03-01 18:47 . 2010-03-01 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-03-01 14:05 . 2010-03-01 20:24 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-01 09:48 . 2010-01-20 15:50 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-03-01 06:30 . 2010-03-01 06:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2010-02-25 06:24 . 2004-08-24 01:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-05-08 23:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 14:10 . 2008-05-08 23:15 2189952 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 18:24 . 2009-10-10 21:26 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-16 13:25 . 2008-05-08 23:15 2066816 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2002-08-29 11:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 15:24 . 2009-11-04 15:44 3532 ----a-w- C:\drmHeader.bin
2010-02-11 12:02 . 2008-05-08 23:15 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 21:49 . 2010-01-11 03:48 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-04 21:49 . 2010-01-11 03:47 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-04 21:49 . 2010-01-11 03:47 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-27 09:49 . 2010-01-11 03:48 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-27 09:49 . 2010-02-28 15:00 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-27 09:49 . 2010-01-27 09:49 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-01-27 09:49 . 2010-01-11 03:48 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-27 09:49 . 2010-01-11 03:48 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-27 09:49 . 2010-01-11 03:48 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-27 09:49 . 2010-01-27 09:49 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-01-27 09:49 . 2010-01-11 03:48 8 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-27 09:49 . 2010-01-11 03:47 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-27 09:48 . 2010-01-27 09:48 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-01-27 09:48 . 2010-01-27 09:48 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-01-27 09:48 . 2010-01-11 03:47 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-27 09:48 . 2010-01-11 03:47 816784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-27 09:48 . 2010-01-11 03:47 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-27 09:48 . 2010-01-11 03:47 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-01-27 16:42 . 2009-01-27 16:42 5632 -csha-w- c:\program files\Thumbs.db
1999-07-07 00:00 . 1999-07-07 00:00 6 -csh--r- c:\windows\@@desktop.dat
2005-04-16 23:09 . 2005-04-16 23:09 475 -csh--w- c:\windows\SYSTEM32\ewb.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 22:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-08-18 50528]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-12-29 1653248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-13 198160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Kyle Bryant^Start Menu^Programs^Startup^hamachi.lnk.disabled]
backup=c:\windows\pss\hamachi.lnk.disabledStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Kyle Bryant^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Kyle Bryant^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup
path=c:\documents and settings\Kyle Bryant\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^Kyle Bryant^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Kyle Bryant\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-01-27 09:48 788880 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2008-11-20 20:24 684032 -c--a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2007-08-18 13:53 50528 ----a-w- c:\program files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 10:59 122880 ----a-w- c:\windows\BCMSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-05-27 17:09 321344 ----a-w- c:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2006-06-07 17:35 319488 ----a-w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DwlClient]
2004-05-28 02:05 323584 -c--a-w- c:\program files\Common Files\Dell\EUSW\Support.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KEMailKb]
2005-08-09 08:27 401408 -c--a-w- c:\progra~1\MICROI~1\INTERN~1\KEMailKb.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPDrv4XP]
2005-02-21 11:15 40960 -c--a-w- c:\progra~1\MICROI~1\INTERN~1\KPDRV4XP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-30 05:46 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 02:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-01-12 04:17 13666408 ----a-w- c:\windows\SYSTEM32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-05 00:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\ntunecmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-01-07 05:27 1657448 ----a-w- c:\windows\SYSTEM32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 19:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-13 13:21 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 21:45 313472 -c--a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2009-12-29 15:08 1653248 ----a-r- c:\program files\AWS\WeatherBug\Weather.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-05-27 02:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"SCardSvr"=3 (0x3)
"seclogon"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Netlogon"=3 (0x3)
"gusvc"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Documents and Settings\\Kyle Bryant\\Desktop\\Feilena\\StepMania CVS\\Program\\StepMania.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Documents and Settings\\Kyle Bryant\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Kyle Bryant\\Local Settings\\Apps\\2.0\\VWGXBD3Y.K3H\\VQVX6AHE.P22\\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\\CurseClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [1/10/2010 10:48 PM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/1/2010 3:24 PM 135336]
R2 HIDKbFlt;HIDKbFlt.SvcDesc%;c:\windows\SYSTEM32\DRIVERS\HIDKbFlt.sys [7/25/2005 5:13 AM 23680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 8:19 AM 1181328]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/15/2009 1:01 AM 93320]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/17/2008 5:51 PM 24652]
S0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [1/14/2009 1:08 AM 717296]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S3 cheetah1;cheetah1;\??\c:\documents and settings\Kyle Bryant\Desktop\GameCheetah MapleStory\cheetah.sys --> c:\documents and settings\Kyle Bryant\Desktop\GameCheetah MapleStory\cheetah.sys [?]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:49]
2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:49]
2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:49]
2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:49]
2010-04-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:49]
2010-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Trusted Zone: west.com
Trusted Zone: westathome.com
Trusted Zone: westathome.net
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\Kyle Bryant\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Kyle Bryant\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\Kyle Bryant\Application Data\Move Networks\plugins\npqmp071504000001.dll
FF - plugin: c:\documents and settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-CurseClient - c:\program files\Curse\CurseClient.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-iCall Internet Phone - c:\program files\iCall\iCall.exe
MSConfigStartUp-Microsoft Works Update Detection - c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
MSConfigStartUp-MimBoot - c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_02\bin\jusched.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-VoipBuster - c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-15 12:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-58719493-697674143-1452570031-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2010-04-15 13:01:43
ComboFix-quarantined-files.txt 2010-04-15 18:01
Pre-Run: 41,042,685,952 bytes free
Post-Run: 41,173,659,648 bytes free
- - End Of File - - F9B6F5D284582D072FF67BF5CE4D4F8F
#8
Posted 15 April 2010 - 12:42 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
On completion of this run could you scan with Avira again to see if you get the same alert
1. Please open Notepad
2. Now copy/paste the entire content of the codebox below into the Notepad window:
3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
4. Save the above as CFScript.txt
5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
1. Please open Notepad
- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
File:: c:\windows\@@desktop.dat
3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
4. Save the above as CFScript.txt
5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
- A new OTListit log.
#9
Posted 15 April 2010 - 12:57 PM
Feilena
- Topic Starter
-
- Member
-
- 150 posts
Member
Essexboy,
Since Combofix ran the previous time I no longer have my Avira Guard Icon in my System Tray. However it seems to think the guard is still active. I'm not sure how to shut it off.
Since Combofix ran the previous time I no longer have my Avira Guard Icon in my System Tray. However it seems to think the guard is still active. I'm not sure how to shut it off.
#10
Posted 15 April 2010 - 01:00 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Run it anyway, is the Avira icon under the hidden icons ?
#11
Posted 15 April 2010 - 01:02 PM
Feilena
- Topic Starter
-
- Member
-
- 150 posts
Member
There are no hidden icons listed. All that is showing is my Volume Controls and my Ad-Aware Guard. Not even my graphics card software is showing up.
#12
Posted 15 April 2010 - 01:07 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Ok we will revisit that once you are happy that you are clean
#13
Posted 15 April 2010 - 01:20 PM
Feilena
- Topic Starter
-
- Member
-
- 150 posts
Member
The ComboFix log you requested. However did you want me to run a quick scan with OTL? No parameters?
ComboFix 10-04-14.04 - Kyle Bryant 04/15/2010 14:05:26.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.405 [GMT -5:00]
Running from: c:\documents and settings\Kyle Bryant\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kyle Bryant\Desktop\cfscript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FILE ::
"c:\windows\@@desktop.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\@@desktop.dat
.
((((((((((((((((((((((((( Files Created from 2010-03-15 to 2010-04-15 )))))))))))))))))))))))))))))))
.
2010-04-15 14:40 . 2010-04-15 14:40 439816 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Real\Update\setup3.10\setup.exe
2010-04-14 20:39 . 2010-04-14 20:42 -------- dc-h--w- c:\windows\ie8
2010-04-14 20:11 . 2010-04-14 20:12 38784 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-14 20:10 . 2010-04-14 20:12 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-14 20:10 . 2010-04-14 20:13 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-12 17:54 . 2010-04-12 17:54 -------- d-----w- C:\ProgramData
2010-04-02 15:22 . 2010-04-02 15:23 -------- d-----w- c:\documents and settings\Kyle Bryant\Local Settings\Application Data\WeatherBug
2010-04-02 15:22 . 2010-04-02 15:22 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\WeatherBug
2010-04-02 15:21 . 2010-04-02 15:21 18944 ----a-r- c:\documents and settings\Kyle Bryant\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2010-04-02 15:21 . 2010-04-02 15:21 11264 ----a-r- c:\documents and settings\Kyle Bryant\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A1630.exe
2010-04-02 15:21 . 2010-04-02 15:21 -------- d-----w- c:\program files\AWS
2010-04-02 14:48 . 2010-04-03 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-02 14:46 . 2010-04-15 17:41 -------- d-----w- c:\windows\system32\NtmsData
2010-04-02 14:43 . 2010-04-02 14:43 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\Avira
2010-04-02 14:38 . 2010-04-02 14:38 182088 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-25 13:26 . 2010-03-25 13:26 -------- d-----w- c:\program files\Fitness Dash
2010-03-25 13:26 . 2010-03-25 13:26 -------- d-----w- c:\windows\Fitness Dash
2010-03-25 12:59 . 2010-03-25 12:59 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\Dress Up Rush
2010-03-25 12:57 . 2010-03-25 12:57 -------- d-----w- c:\windows\Dress Up Rush
2010-03-18 10:09 . 2010-03-18 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2010-03-18 10:08 . 2010-03-19 13:21 -------- d-----w- c:\program files\PopCap Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 17:42 . 2009-06-11 11:29 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\Skype
2010-04-15 13:03 . 2009-06-11 11:30 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\skypePM
2010-04-14 20:12 . 2009-06-02 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-04-14 01:41 . 2003-01-27 17:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-14 00:36 . 2009-06-02 17:08 -------- d-----w- c:\program files\Electronic Arts
2010-04-13 21:58 . 2009-05-27 17:23 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\BitTorrent
2010-04-11 08:27 . 2009-04-27 01:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-11 05:41 . 2009-07-17 10:30 -------- d-----w- c:\program files\World of Warcraft
2010-04-02 14:48 . 2005-01-20 06:58 -------- d-----w- c:\program files\Yahoo!
2010-04-02 14:48 . 2007-08-17 03:27 -------- d-----w- c:\program files\CCleaner
2010-04-02 14:46 . 2009-05-07 16:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-02 14:46 . 2009-05-07 16:03 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-30 05:46 . 2009-05-07 16:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45 . 2009-05-07 16:03 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 13:26 . 2007-10-18 23:29 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\PlayFirst
2010-03-25 13:26 . 2007-10-18 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-03-25 12:56 . 2010-01-13 09:02 -------- d-----w- c:\program files\Games
2010-03-13 14:55 . 2008-12-16 06:42 -------- d-----w- c:\program files\Guild Wars
2010-03-12 19:38 . 2010-03-12 19:38 -------- d-----w- c:\program files\Skyhook Wireless
2010-03-10 06:15 . 2002-08-29 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 01:33 . 2010-03-10 01:33 50354 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Facebook\uninstall.exe
2010-03-10 01:33 . 2010-03-10 01:33 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\Facebook
2010-03-08 17:20 . 2007-02-01 00:03 -------- d--h--w- c:\documents and settings\Kyle Bryant\Application Data\Move Networks
2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Facebook\axfbootloader.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-03-05 09:24 . 2004-03-09 00:04 63408 -c--a-w- c:\documents and settings\Kyle Bryant\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-03 17:45 . 2005-01-21 20:52 -------- d-----w- c:\program files\Common Files\Java
2010-03-03 17:45 . 2010-03-03 17:45 503808 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-573ca0b1-n\msvcp71.dll
2010-03-03 17:45 . 2010-03-03 17:45 348160 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-573ca0b1-n\msvcr71.dll
2010-03-03 17:45 . 2010-03-03 17:45 61440 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-371b073a-n\decora-sse.dll
2010-03-03 17:45 . 2010-03-03 17:45 499712 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-573ca0b1-n\jmc.dll
2010-03-03 17:45 . 2010-03-03 17:45 12800 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-371b073a-n\decora-d3d.dll
2010-03-03 17:35 . 2005-01-21 20:59 -------- d-----w- c:\program files\Java
2010-03-02 19:37 . 2008-12-08 06:41 -------- d-----w- c:\program files\AIM6
2010-03-01 20:24 . 2010-03-01 20:24 -------- d-----w- c:\program files\Avira
2010-03-01 20:24 . 2010-03-01 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-03-01 18:47 . 2010-03-01 18:47 -------- d-----w- c:\program files\Common Files\Apple
2010-03-01 18:47 . 2007-03-27 23:50 -------- d-----w- c:\program files\Apple Software Update
2010-03-01 18:47 . 2010-03-01 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-03-01 14:05 . 2010-03-01 20:24 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-01 09:48 . 2010-01-20 15:50 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-03-01 06:30 . 2010-03-01 06:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2010-02-25 06:24 . 2004-08-24 01:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-05-08 23:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 14:10 . 2008-05-08 23:15 2189952 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 18:24 . 2009-10-10 21:26 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-16 13:25 . 2008-05-08 23:15 2066816 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2002-08-29 11:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 15:24 . 2009-11-04 15:44 3532 ----a-w- C:\drmHeader.bin
2010-02-11 12:02 . 2008-05-08 23:15 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 21:49 . 2010-01-11 03:48 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-04 21:49 . 2010-01-11 03:47 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-04 21:49 . 2010-01-11 03:47 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-27 09:49 . 2010-01-11 03:48 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-27 09:49 . 2010-02-28 15:00 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-27 09:49 . 2010-01-27 09:49 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-01-27 09:49 . 2010-01-11 03:48 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-27 09:49 . 2010-01-11 03:48 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-27 09:49 . 2010-01-11 03:48 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-27 09:49 . 2010-01-27 09:49 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-01-27 09:49 . 2010-01-11 03:48 8 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-27 09:49 . 2010-01-11 03:47 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-27 09:48 . 2010-01-27 09:48 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-01-27 09:48 . 2010-01-27 09:48 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-01-27 09:48 . 2010-01-11 03:47 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-27 09:48 . 2010-01-11 03:47 816784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-27 09:48 . 2010-01-11 03:47 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-27 09:48 . 2010-01-11 03:47 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-01-27 16:42 . 2009-01-27 16:42 5632 -csha-w- c:\program files\Thumbs.db
2005-04-16 23:09 . 2005-04-16 23:09 475 -csh--w- c:\windows\SYSTEM32\ewb.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 22:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-08-18 50528]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-12-29 1653248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-13 198160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Kyle Bryant^Start Menu^Programs^Startup^hamachi.lnk.disabled]
backup=c:\windows\pss\hamachi.lnk.disabledStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Kyle Bryant^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Kyle Bryant^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup
path=c:\documents and settings\Kyle Bryant\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^Kyle Bryant^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Kyle Bryant\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-01-27 09:48 788880 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2008-11-20 20:24 684032 -c--a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2007-08-18 13:53 50528 ----a-w- c:\program files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 10:59 122880 ----a-w- c:\windows\BCMSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-05-27 17:09 321344 ----a-w- c:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2006-06-07 17:35 319488 ----a-w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DwlClient]
2004-05-28 02:05 323584 -c--a-w- c:\program files\Common Files\Dell\EUSW\Support.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KEMailKb]
2005-08-09 08:27 401408 -c--a-w- c:\progra~1\MICROI~1\INTERN~1\KEMailKb.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPDrv4XP]
2005-02-21 11:15 40960 -c--a-w- c:\progra~1\MICROI~1\INTERN~1\KPDRV4XP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-30 05:46 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 02:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-01-12 04:17 13666408 ----a-w- c:\windows\SYSTEM32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-05 00:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\ntunecmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-01-07 05:27 1657448 ----a-w- c:\windows\SYSTEM32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 19:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-13 13:21 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 21:45 313472 -c--a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2009-12-29 15:08 1653248 ----a-r- c:\program files\AWS\WeatherBug\Weather.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-05-27 02:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"SCardSvr"=3 (0x3)
"seclogon"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Netlogon"=3 (0x3)
"gusvc"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Documents and Settings\\Kyle Bryant\\Desktop\\Feilena\\StepMania CVS\\Program\\StepMania.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Documents and Settings\\Kyle Bryant\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Kyle Bryant\\Local Settings\\Apps\\2.0\\VWGXBD3Y.K3H\\VQVX6AHE.P22\\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\\CurseClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [1/10/2010 10:48 PM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/1/2010 3:24 PM 135336]
R2 HIDKbFlt;HIDKbFlt.SvcDesc%;c:\windows\SYSTEM32\DRIVERS\HIDKbFlt.sys [7/25/2005 5:13 AM 23680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 8:19 AM 1181328]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/15/2009 1:01 AM 93320]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/17/2008 5:51 PM 24652]
S0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [1/14/2009 1:08 AM 717296]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S3 cheetah1;cheetah1;\??\c:\documents and settings\Kyle Bryant\Desktop\GameCheetah MapleStory\cheetah.sys --> c:\documents and settings\Kyle Bryant\Desktop\GameCheetah MapleStory\cheetah.sys [?]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:49]
2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:49]
2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:49]
2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:49]
2010-04-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:49]
2010-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Trusted Zone: west.com
Trusted Zone: westathome.com
Trusted Zone: westathome.net
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\Kyle Bryant\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Kyle Bryant\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\Kyle Bryant\Application Data\Move Networks\plugins\npqmp071504000001.dll
FF - plugin: c:\documents and settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-15 14:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-58719493-697674143-1452570031-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2010-04-15 14:16:46
ComboFix-quarantined-files.txt 2010-04-15 19:16
ComboFix2.txt 2010-04-15 18:01
Pre-Run: 41,184,206,848 bytes free
Post-Run: 41,164,206,080 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - EBF0AA7BF9A105829DD895D8F18843A7
ComboFix 10-04-14.04 - Kyle Bryant 04/15/2010 14:05:26.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.405 [GMT -5:00]
Running from: c:\documents and settings\Kyle Bryant\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kyle Bryant\Desktop\cfscript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FILE ::
"c:\windows\@@desktop.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\@@desktop.dat
.
((((((((((((((((((((((((( Files Created from 2010-03-15 to 2010-04-15 )))))))))))))))))))))))))))))))
.
2010-04-15 14:40 . 2010-04-15 14:40 439816 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Real\Update\setup3.10\setup.exe
2010-04-14 20:39 . 2010-04-14 20:42 -------- dc-h--w- c:\windows\ie8
2010-04-14 20:11 . 2010-04-14 20:12 38784 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-14 20:10 . 2010-04-14 20:12 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-14 20:10 . 2010-04-14 20:13 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-12 17:54 . 2010-04-12 17:54 -------- d-----w- C:\ProgramData
2010-04-02 15:22 . 2010-04-02 15:23 -------- d-----w- c:\documents and settings\Kyle Bryant\Local Settings\Application Data\WeatherBug
2010-04-02 15:22 . 2010-04-02 15:22 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\WeatherBug
2010-04-02 15:21 . 2010-04-02 15:21 18944 ----a-r- c:\documents and settings\Kyle Bryant\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2010-04-02 15:21 . 2010-04-02 15:21 11264 ----a-r- c:\documents and settings\Kyle Bryant\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A1630.exe
2010-04-02 15:21 . 2010-04-02 15:21 -------- d-----w- c:\program files\AWS
2010-04-02 14:48 . 2010-04-03 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-02 14:46 . 2010-04-15 17:41 -------- d-----w- c:\windows\system32\NtmsData
2010-04-02 14:43 . 2010-04-02 14:43 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\Avira
2010-04-02 14:38 . 2010-04-02 14:38 182088 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-25 13:26 . 2010-03-25 13:26 -------- d-----w- c:\program files\Fitness Dash
2010-03-25 13:26 . 2010-03-25 13:26 -------- d-----w- c:\windows\Fitness Dash
2010-03-25 12:59 . 2010-03-25 12:59 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\Dress Up Rush
2010-03-25 12:57 . 2010-03-25 12:57 -------- d-----w- c:\windows\Dress Up Rush
2010-03-18 10:09 . 2010-03-18 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2010-03-18 10:08 . 2010-03-19 13:21 -------- d-----w- c:\program files\PopCap Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 17:42 . 2009-06-11 11:29 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\Skype
2010-04-15 13:03 . 2009-06-11 11:30 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\skypePM
2010-04-14 20:12 . 2009-06-02 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-04-14 01:41 . 2003-01-27 17:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-14 00:36 . 2009-06-02 17:08 -------- d-----w- c:\program files\Electronic Arts
2010-04-13 21:58 . 2009-05-27 17:23 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\BitTorrent
2010-04-11 08:27 . 2009-04-27 01:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-11 05:41 . 2009-07-17 10:30 -------- d-----w- c:\program files\World of Warcraft
2010-04-02 14:48 . 2005-01-20 06:58 -------- d-----w- c:\program files\Yahoo!
2010-04-02 14:48 . 2007-08-17 03:27 -------- d-----w- c:\program files\CCleaner
2010-04-02 14:46 . 2009-05-07 16:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-02 14:46 . 2009-05-07 16:03 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-30 05:46 . 2009-05-07 16:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45 . 2009-05-07 16:03 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 13:26 . 2007-10-18 23:29 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\PlayFirst
2010-03-25 13:26 . 2007-10-18 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-03-25 12:56 . 2010-01-13 09:02 -------- d-----w- c:\program files\Games
2010-03-13 14:55 . 2008-12-16 06:42 -------- d-----w- c:\program files\Guild Wars
2010-03-12 19:38 . 2010-03-12 19:38 -------- d-----w- c:\program files\Skyhook Wireless
2010-03-10 06:15 . 2002-08-29 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 01:33 . 2010-03-10 01:33 50354 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Facebook\uninstall.exe
2010-03-10 01:33 . 2010-03-10 01:33 -------- d-----w- c:\documents and settings\Kyle Bryant\Application Data\Facebook
2010-03-08 17:20 . 2007-02-01 00:03 -------- d--h--w- c:\documents and settings\Kyle Bryant\Application Data\Move Networks
2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Facebook\axfbootloader.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-03-05 09:24 . 2004-03-09 00:04 63408 -c--a-w- c:\documents and settings\Kyle Bryant\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-03 17:45 . 2005-01-21 20:52 -------- d-----w- c:\program files\Common Files\Java
2010-03-03 17:45 . 2010-03-03 17:45 503808 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-573ca0b1-n\msvcp71.dll
2010-03-03 17:45 . 2010-03-03 17:45 348160 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-573ca0b1-n\msvcr71.dll
2010-03-03 17:45 . 2010-03-03 17:45 61440 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-371b073a-n\decora-sse.dll
2010-03-03 17:45 . 2010-03-03 17:45 499712 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-573ca0b1-n\jmc.dll
2010-03-03 17:45 . 2010-03-03 17:45 12800 ----a-w- c:\documents and settings\Kyle Bryant\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-371b073a-n\decora-d3d.dll
2010-03-03 17:35 . 2005-01-21 20:59 -------- d-----w- c:\program files\Java
2010-03-02 19:37 . 2008-12-08 06:41 -------- d-----w- c:\program files\AIM6
2010-03-01 20:24 . 2010-03-01 20:24 -------- d-----w- c:\program files\Avira
2010-03-01 20:24 . 2010-03-01 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-03-01 18:47 . 2010-03-01 18:47 -------- d-----w- c:\program files\Common Files\Apple
2010-03-01 18:47 . 2007-03-27 23:50 -------- d-----w- c:\program files\Apple Software Update
2010-03-01 18:47 . 2010-03-01 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-03-01 14:05 . 2010-03-01 20:24 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-01 09:48 . 2010-01-20 15:50 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-03-01 06:30 . 2010-03-01 06:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2010-02-25 06:24 . 2004-08-24 01:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-05-08 23:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 14:10 . 2008-05-08 23:15 2189952 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 18:24 . 2009-10-10 21:26 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-16 13:25 . 2008-05-08 23:15 2066816 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2002-08-29 11:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 15:24 . 2009-11-04 15:44 3532 ----a-w- C:\drmHeader.bin
2010-02-11 12:02 . 2008-05-08 23:15 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 21:49 . 2010-01-11 03:48 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-04 21:49 . 2010-01-11 03:47 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-04 21:49 . 2010-01-11 03:47 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-27 09:49 . 2010-01-11 03:48 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-27 09:49 . 2010-02-28 15:00 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-27 09:49 . 2010-01-27 09:49 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-01-27 09:49 . 2010-01-11 03:48 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-27 09:49 . 2010-01-11 03:48 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-27 09:49 . 2010-01-11 03:48 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-27 09:49 . 2010-01-27 09:49 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-01-27 09:49 . 2010-01-11 03:48 8 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-27 09:49 . 2010-01-11 03:47 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-27 09:48 . 2010-01-27 09:48 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-01-27 09:48 . 2010-01-27 09:48 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-01-27 09:48 . 2010-01-11 03:47 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-27 09:48 . 2010-01-11 03:47 816784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-27 09:48 . 2010-01-11 03:47 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-27 09:48 . 2010-01-11 03:47 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-01-27 16:42 . 2009-01-27 16:42 5632 -csha-w- c:\program files\Thumbs.db
2005-04-16 23:09 . 2005-04-16 23:09 475 -csh--w- c:\windows\SYSTEM32\ewb.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 22:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-08-18 50528]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-12-29 1653248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-13 198160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Kyle Bryant^Start Menu^Programs^Startup^hamachi.lnk.disabled]
backup=c:\windows\pss\hamachi.lnk.disabledStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Kyle Bryant^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Kyle Bryant^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup
path=c:\documents and settings\Kyle Bryant\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^Kyle Bryant^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Kyle Bryant\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-01-27 09:48 788880 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2008-11-20 20:24 684032 -c--a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2007-08-18 13:53 50528 ----a-w- c:\program files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 10:59 122880 ----a-w- c:\windows\BCMSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-05-27 17:09 321344 ----a-w- c:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2006-06-07 17:35 319488 ----a-w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DwlClient]
2004-05-28 02:05 323584 -c--a-w- c:\program files\Common Files\Dell\EUSW\Support.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KEMailKb]
2005-08-09 08:27 401408 -c--a-w- c:\progra~1\MICROI~1\INTERN~1\KEMailKb.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPDrv4XP]
2005-02-21 11:15 40960 -c--a-w- c:\progra~1\MICROI~1\INTERN~1\KPDRV4XP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-30 05:46 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 02:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-01-12 04:17 13666408 ----a-w- c:\windows\SYSTEM32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-05 00:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\ntunecmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-01-07 05:27 1657448 ----a-w- c:\windows\SYSTEM32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 19:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-13 13:21 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 21:45 313472 -c--a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2009-12-29 15:08 1653248 ----a-r- c:\program files\AWS\WeatherBug\Weather.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-05-27 02:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"SCardSvr"=3 (0x3)
"seclogon"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Netlogon"=3 (0x3)
"gusvc"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Documents and Settings\\Kyle Bryant\\Desktop\\Feilena\\StepMania CVS\\Program\\StepMania.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Documents and Settings\\Kyle Bryant\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Kyle Bryant\\Local Settings\\Apps\\2.0\\VWGXBD3Y.K3H\\VQVX6AHE.P22\\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\\CurseClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [1/10/2010 10:48 PM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/1/2010 3:24 PM 135336]
R2 HIDKbFlt;HIDKbFlt.SvcDesc%;c:\windows\SYSTEM32\DRIVERS\HIDKbFlt.sys [7/25/2005 5:13 AM 23680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 8:19 AM 1181328]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/15/2009 1:01 AM 93320]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/17/2008 5:51 PM 24652]
S0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [1/14/2009 1:08 AM 717296]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S3 cheetah1;cheetah1;\??\c:\documents and settings\Kyle Bryant\Desktop\GameCheetah MapleStory\cheetah.sys --> c:\documents and settings\Kyle Bryant\Desktop\GameCheetah MapleStory\cheetah.sys [?]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:49]
2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:49]
2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:49]
2010-04-15 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:49]
2010-04-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 21:49]
2010-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Trusted Zone: west.com
Trusted Zone: westathome.com
Trusted Zone: westathome.net
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\Kyle Bryant\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Kyle Bryant\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\Kyle Bryant\Application Data\Move Networks\plugins\npqmp071504000001.dll
FF - plugin: c:\documents and settings\Kyle Bryant\Application Data\Mozilla\Firefox\Profiles\vspchm7e.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-15 14:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-58719493-697674143-1452570031-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2010-04-15 14:16:46
ComboFix-quarantined-files.txt 2010-04-15 19:16
ComboFix2.txt 2010-04-15 18:01
Pre-Run: 41,184,206,848 bytes free
Post-Run: 41,164,206,080 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - EBF0AA7BF9A105829DD895D8F18843A7
#14
Posted 15 April 2010 - 01:22 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
No, no need I would like you to run an Avira scan now to see if it still detects the problem
#15
Posted 15 April 2010 - 01:32 PM
Feilena
- Topic Starter
-
- Member
-
- 150 posts
Member
So I've been setting here near 8 minutes now with the scan on with no activity. The screen reads Hidden Objects Search is Running! However there are no files scanned, and nothing going on the timer just continues to tick. Its been acting strangely since I updated to the newest version. When it installed I had to come visit the Java Chat because it was attempting to install some form of hardware and I didn't allow it to install it tried once more, after I had talked to them in chat and they advised me to allow it to install. However I was in the midst of typing in an IM and hit space bar and it closed again. Its not shown back up since.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
