Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rookit.Agent Removal [Solved]

Started by HalYurAznPal , May 05 2010 10:36 PM

  • This topic is locked This topic is locked

#16
HalYurAznPal
Posted 07 May 2010 - 09:44 AM

HalYurAznPal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
After I tried repairing a window comes up saying "The network adapter 'Local Area Connection' does not have a valid IP configuration".

Update: Fixed, proceeding with the steps from earlier.

Edited by HalYurAznPal, 07 May 2010 - 10:29 AM.

  • 0

Advertisements

#17
HalYurAznPal
Posted 07 May 2010 - 11:21 AM

HalYurAznPal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hey boss, here are the logs you requested

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4075

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

07/05/2010 12:49:38 PM
mbam-log-2010-05-07 (12-49-38).txt

Scan type: Quick scan
Objects scanned: 145150
Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

The OTL log:

OTL logfile created on: 07/05/2010 1:07:44 PM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Hallel\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.81 Gb Total Space | 78.56 Gb Free Space | 26.92% Space Free | Partition Type: NTFS
Drive D: | 6.27 Gb Total Space | 0.88 Gb Free Space | 14.08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HALLELUJAH
Current User Name: Hallel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Hallel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Windows\System32\lxctcoms.exe ( )


========== Modules (SafeList) ==========

MOD - C:\Users\Hallel\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (stllssvr) -- File not found
SRV - (avast! Web Scanner) -- File not found
SRV - (avast! Mail Scanner) -- File not found
SRV - (avast! Antivirus) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (lxct_device) -- C:\Windows\System32\lxctcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (WinDriver6) -- C:\Windows\System32\drivers\windrvr6.sys (Jungo)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (UMPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (A5AGU) -- C:\Windows\System32\drivers\agux86.sys (D-Link Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (VST_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (MagicTune) -- C:\Windows\System32\drivers\MTictwl.sys ()
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (OVT511Plus) -- C:\Windows\System32\drivers\omcamvid.sys (OmniVision Technologies, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/30 01:25:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/07 13:06:26 | 000,000,000 | ---D | M]

[2010/04/30 01:26:01 | 000,000,000 | ---D | M] -- C:\Users\Hallel\AppData\Roaming\mozilla\Extensions
[2010/05/07 13:06:48 | 000,000,000 | ---D | M] -- C:\Users\Hallel\AppData\Roaming\mozilla\Firefox\Profiles\rdqnamks.default\extensions
[2010/04/30 02:03:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hallel\AppData\Roaming\mozilla\Firefox\Profiles\rdqnamks.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/07 13:06:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/07 13:06:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/07 13:06:18 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/12/19 08:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

O1 HOSTS File: ([2010/05/06 22:00:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LXCTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.210.47.10 207.210.47.38 207.210.47.39
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/04 15:16:02 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/07 13:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/07 13:06:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/07 12:34:13 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/05/07 12:34:13 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/05/07 12:34:13 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/05/07 12:34:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/05/07 12:34:13 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/05/07 12:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/05/07 12:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/05/07 12:31:15 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Hallel\Desktop\TFC.exe
[2010/05/06 22:08:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/05/06 22:08:50 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Local\temp
[2010/05/06 22:08:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/05/06 15:53:02 | 000,000,000 | ---D | C] -- C:\Combo-Fix23342C
[2010/05/06 15:52:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/05/06 13:35:33 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010/05/06 12:30:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/05/06 12:30:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/05/06 12:30:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/05/06 12:29:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/06 12:19:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/06 10:50:26 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Hallel\Desktop\OTL.exe
[2010/05/02 10:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/04/30 01:49:24 | 000,000,000 | ---D | C] -- C:\Users\Hal\Tracing
[2010/04/30 01:42:07 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Roaming\vlc
[2010/04/30 01:25:57 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Roaming\Mozilla
[2010/04/30 00:15:27 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Roaming\Macromedia
[2010/04/30 00:15:27 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Roaming\Adobe
[2010/04/30 00:13:17 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Local\Google
[2010/04/30 00:13:08 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Local\Mozilla
[2010/04/30 00:10:55 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Roaming\Malwarebytes
[2010/04/30 00:10:32 | 000,000,000 | R--D | C] -- C:\Users\Hal\Searches
[2010/04/30 00:10:15 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Roaming\Identities
[2010/04/30 00:10:09 | 000,000,000 | R--D | C] -- C:\Users\Hal\Contacts
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hallel\AppData\Local\Temporary Internet Files
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\Templates
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\Start Menu
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\SendTo
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\Recent
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\PrintHood
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\NetHood
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hallel\Documents\My Videos
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hallel\Documents\My Pictures
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hallel\Documents\My Music
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\My Documents
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\Local Settings
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hallel\AppData\Local\History
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\Cookies
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hallel\AppData\Local\Application Data
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\Application Data
[2010/04/30 00:09:40 | 000,000,000 | --SD | C] -- C:\Users\Hallel\AppData\Roaming\Microsoft
[2010/04/30 00:09:40 | 000,000,000 | R--D | C] -- C:\Users\Hal\Saved Games
[2010/04/30 00:09:40 | 000,000,000 | R--D | C] -- C:\Users\Hal\Pictures
[2010/04/30 00:09:40 | 000,000,000 | R--D | C] -- C:\Users\Hal\Links
[2010/04/30 00:09:40 | 000,000,000 | R--D | C] -- C:\Users\Hal\Favorites
[2010/04/30 00:09:40 | 000,000,000 | R--D | C] -- C:\Users\Hal\Downloads
[2010/04/30 00:09:40 | 000,000,000 | R--D | C] -- C:\Users\Hal\Documents
[2010/04/30 00:09:40 | 000,000,000 | R--D | C] -- C:\Users\Hal\Desktop
[2010/04/30 00:09:40 | 000,000,000 | -H-D | C] -- C:\Users\Hal\AppData
[2010/04/30 00:09:40 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Local\Microsoft Help
[2010/04/30 00:09:40 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Local\Microsoft
[2010/04/30 00:09:40 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Roaming\Media Center Programs
[2010/04/30 00:09:40 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Local\Adobe
[2010/04/28 17:13:19 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/04/28 17:13:19 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/04/28 17:13:19 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/04/28 17:13:19 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/04/28 17:13:19 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/04/28 17:12:57 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/04/28 17:12:57 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/04/28 17:12:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/04/28 12:37:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/27 18:17:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/27 18:17:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/27 15:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/27 15:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/14 23:12:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia
[2010/03/14 23:04:01 | 000,091,136 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2010/03/14 23:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010/03/14 23:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2010/02/25 00:01:44 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2007/08/06 16:16:18 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCThcp.dll
[2007/08/06 16:16:16 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxctinpa.dll
[2007/08/06 16:16:16 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxctiesc.dll
[2007/08/06 16:16:15 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxctserv.dll
[2007/08/06 16:16:15 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxctusb1.dll
[2007/08/06 16:16:14 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxctpmui.dll
[2007/08/06 16:16:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxctprox.dll
[2007/08/06 16:16:14 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxctpplc.dll
[2007/08/06 16:16:13 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxctlmpm.dll
[2007/08/06 16:16:12 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcthbn3.dll
[2007/08/06 16:16:10 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxctcomc.dll
[2007/08/06 16:16:10 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxctcomm.dll
[30 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[30 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/07 13:10:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3B5EC866-8A93-4E2E-B6E6-EC2E18C8C982}.job
[2010/05/07 13:09:39 | 001,048,576 | -HS- | M] () -- C:\Users\Hallel\NTUSER.DAT
[2010/05/07 13:07:03 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/05/07 13:04:33 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/07 13:04:33 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/07 13:04:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/07 13:04:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/07 13:04:23 | 2137,485,312 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/07 13:03:32 | 000,524,288 | -HS- | M] () -- C:\Users\Hallel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/07 13:03:32 | 000,065,536 | -HS- | M] () -- C:\Users\Hallel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/07 13:03:27 | 002,503,956 | -H-- | M] () -- C:\Users\Hallel\AppData\Local\IconCache.db
[2010/05/07 12:46:04 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/07 12:46:04 | 000,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/07 12:46:04 | 000,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/07 12:34:17 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/05/07 12:31:16 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Hallel\Desktop\TFC.exe
[2010/05/07 11:27:48 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/05/06 22:29:36 | 000,867,892 | ---- | M] () -- C:\Users\Hallel\Desktop\SecurityCheck.exe
[2010/05/06 22:00:15 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/05/06 22:00:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/05/06 12:49:51 | 181,043,218 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/06 12:25:19 | 003,683,491 | R--- | M] () -- C:\Users\Hallel\Desktop\Combo-Fix.exe
[2010/05/06 11:07:21 | 000,284,915 | ---- | M] () -- C:\Users\Hallel\Desktop\gmer.zip
[2010/05/06 10:50:27 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Hallel\Desktop\OTL.exe
[2010/04/30 01:56:49 | 000,010,240 | ---- | M] () -- C:\Users\Hallel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/30 01:25:52 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/30 00:49:53 | 000,077,928 | ---- | M] () -- C:\Users\Hallel\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/30 00:43:39 | 000,000,340 | ---- | M] () -- C:\Users\Hallel\Desktop\Hal's Stuff.lnk
[2010/04/30 00:20:36 | 000,524,288 | -HS- | M] () -- C:\Users\Hallel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/04/30 00:13:11 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/04/30 00:09:42 | 000,000,020 | -HS- | M] () -- C:\Users\Hallel\ntuser.ini
[2010/04/29 23:59:36 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/29 16:03:23 | 002,431,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/28 23:24:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/04/28 18:38:50 | 000,000,910 | ---- | M] () -- C:\Users\Hallel\Desktop\Windows Live Messenger.lnk
[2010/04/27 18:17:51 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/27 15:07:58 | 000,000,318 | ---- | M] () -- C:\Windows\wininit.ini
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010/04/14 12:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/04/14 12:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/04/14 12:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/04/14 12:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/04/14 12:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/04/14 12:31:23 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/04/14 12:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/03/14 23:17:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[30 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[30 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/07 12:34:17 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/05/06 22:30:16 | 000,867,892 | ---- | C] () -- C:\Users\Hallel\Desktop\SecurityCheck.exe
[2010/05/06 12:30:11 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/05/06 12:30:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/05/06 12:30:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/05/06 12:30:11 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/05/06 12:30:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/05/06 12:25:19 | 003,683,491 | R--- | C] () -- C:\Users\Hallel\Desktop\Combo-Fix.exe
[2010/05/06 12:10:35 | 2137,485,312 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/06 11:07:50 | 000,293,376 | ---- | C] () -- C:\Users\Hallel\Desktop\gmer.exe
[2010/05/06 11:07:21 | 000,284,915 | ---- | C] () -- C:\Users\Hallel\Desktop\gmer.zip
[2010/04/30 01:49:11 | 000,000,910 | ---- | C] () -- C:\Users\Hallel\Desktop\Windows Live Messenger.lnk
[2010/04/30 01:25:52 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/30 00:48:53 | 000,010,240 | ---- | C] () -- C:\Users\Hallel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/30 00:43:39 | 000,000,340 | ---- | C] () -- C:\Users\Hallel\Desktop\Hal's Stuff.lnk
[2010/04/30 00:13:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/30 00:09:42 | 000,524,288 | -HS- | C] () -- C:\Users\Hal\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/04/30 00:09:42 | 000,524,288 | -HS- | C] () -- C:\Users\Hal\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/30 00:09:42 | 000,262,144 | -H-- | C] () -- C:\Users\Hal\ntuser.dat.LOG1
[2010/04/30 00:09:42 | 000,065,536 | -HS- | C] () -- C:\Users\Hal\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/30 00:09:42 | 000,000,020 | -HS- | C] () -- C:\Users\Hal\ntuser.ini
[2010/04/30 00:09:42 | 000,000,000 | -H-- | C] () -- C:\Users\Hal\ntuser.dat.LOG2
[2010/04/30 00:09:40 | 001,048,576 | -HS- | C] () -- C:\Users\Hal\NTUSER.DAT
[2010/04/27 18:17:51 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/27 13:37:43 | 000,000,318 | ---- | C] () -- C:\Windows\wininit.ini
[2010/03/14 23:17:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2009/08/27 15:04:44 | 000,557,003 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/08/27 15:04:32 | 000,811,835 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009/08/27 15:03:52 | 004,456,201 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/08/25 14:07:36 | 000,328,334 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009/08/25 13:38:04 | 000,425,040 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/08/25 12:56:56 | 000,829,781 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/08/25 12:37:02 | 000,146,098 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/06/02 13:15:44 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009/06/02 13:15:18 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009/06/02 13:15:04 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009/06/02 13:14:56 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009/06/02 13:14:30 | 000,486,400 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009/06/02 13:13:58 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009/06/02 13:13:50 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009/06/02 13:11:26 | 000,098,304 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009/06/02 13:11:16 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/03/16 08:47:36 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/01/10 18:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009/01/10 18:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009/01/10 18:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009/01/10 18:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009/01/10 18:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2009/01/10 18:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009/01/10 18:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009/01/10 18:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/01/10 18:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009/01/10 18:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2008/12/03 18:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/03/25 09:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007/08/24 20:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/08/06 16:21:28 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxctcoin.dll
[2007/08/06 16:18:48 | 000,045,056 | ---- | C] () -- C:\Windows\System32\lxctpmon.dll
[2007/08/06 16:18:48 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXCTFXPU.DLL
[2007/08/06 16:16:20 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCTinst.dll
[2007/08/06 16:16:12 | 000,204,800 | ---- | C] () -- C:\Windows\System32\lxctgrd.dll
[2007/08/06 12:57:31 | 000,013,396 | ---- | C] () -- C:\Windows\System32\drivers\MTictwl.sys
[2007/07/10 13:10:12 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007/03/06 14:49:42 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/01/04 15:06:02 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/01/04 15:06:02 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/01/04 14:59:20 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/14 13:17:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxctcaps.dll
[2006/08/08 11:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxctdrs.dll
[2006/05/03 10:31:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxctcnv4.dll
[2006/04/24 23:11:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxctvs.dll
[2001/09/18 12:00:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bmpproc.dll
[2001/09/18 12:00:00 | 000,031,746 | ---- | C] () -- C:\Windows\System32\2icpin_.dll

========== LOP Check ==========

[2010/05/07 13:03:39 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/05/07 13:10:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3B5EC866-8A93-4E2E-B6E6-EC2E18C8C982}.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2009/02/11 17:51:05 | 000,212,991 | ---- | M] ()(C:\Program Files\Adobe After Effects CS4 ????.pdf) -- C:\Program Files\Adobe After Effects CS4 읽어보기.pdf
[2009/02/11 17:51:05 | 000,143,872 | ---- | M] ()(C:\Program Files\Adobe After Effects CS4 ???????.pdf) -- C:\Program Files\Adobe After Effects CS4 お読みください.pdf
< End of report >
  • 0

#18
hammerman
Posted 07 May 2010 - 11:42 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

You have traces of Avast on your system. Use the Avast uninstall utility ASWclear utility to completely remove Avast.

Then...

Please do an online scan with Kaspersky WebScanner

Click on Accept

You may be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on Settings
  • In the scan settings, select the following:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan spyware, adware, diallers and other riskware
    Scan Archives
    Scan E-mail databases
  • Click Save
  • Now under ScanSelect My Computer
  • This will start the scanning of your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on View Report and then Save Report
  • Save the file to your desktop as a text file.
  • Copy and paste that information in your next post.

  • 0

#19
HalYurAznPal
Posted 09 May 2010 - 09:30 PM

HalYurAznPal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hey boss, sorry for the long reply. Here is the Kaspersky file you requested.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, May 9, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, May 09, 2010 20:08:00
Records in database: 4089060
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\
H:\
I:\
J:\
K:\

Scan statistics:
Objects scanned: 205321
Threats found: 2
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 03:05:44


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\smb.sys.vir Infected: Rootkit.Win32.TDSS.ap 1
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\tkkdh.sys.vir Infected: Rootkit.Win32.Agent.bert 1
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\_tkkdh_.sys.zip Infected: Rootkit.Win32.Agent.bert 1
C:\Windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6001.18000_none_5f6a9133f7f64138\smb.sys Infected: Rootkit.Win32.TDSS.ap 1

Selected area has been scanned.
  • 0

#20
hammerman
Posted 10 May 2010 - 01:08 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
C:\Windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6001.18000_none_5f6a9133f7f64138\smb.sys

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • This fix will produce a report. Please add this to your reply.

Then..

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#21
HalYurAznPal
Posted 10 May 2010 - 07:27 PM

HalYurAznPal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Here is the OTL file,

All processes killed
========== FILES ==========
File\Folder C:\Windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6001.18000_none_5f6a9133f7f64138\smb.sys not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Hal

User: Hallel
->Temp folder emptied: 106017962 bytes
->Temporary Internet Files folder emptied: 3141260 bytes
->Java cache emptied: 128094 bytes
->FireFox cache emptied: 35227408 bytes
->Flash cache emptied: 3354 bytes

User: Isaac
->Temp folder emptied: 91989 bytes
->Temporary Internet Files folder emptied: 1444975 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 88392376 bytes
->Flash cache emptied: 2735 bytes

User: Mcx1
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rudy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: TJ
->Temp folder emptied: 1028121 bytes
->Temporary Internet Files folder emptied: 1975507 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 86618890 bytes
->Flash cache emptied: 2340 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14222 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 16453320 bytes

Total Files Cleaned = 325.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Hal

User: Hallel
->Flash cache emptied: 0 bytes

User: Isaac
->Flash cache emptied: 0 bytes

User: Mcx1

User: Public

User: Rudy
->Flash cache emptied: 0 bytes

User: TJ
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05102010_211813

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Here is the security check file,

Results of screen317's Security Check version 0.99.4
Windows Vista Service Pack 1 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 20
Adobe Flash Player 10.0.45.2
Adobe Reader 9.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
  • 0

#22
hammerman
Posted 11 May 2010 - 12:07 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
smb.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#23
HalYurAznPal
Posted 11 May 2010 - 08:20 AM

HalYurAznPal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Here is the log,

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 10:14 on 11/05/2010 by Hallel (Administrator - Elevation successful)

========== filefind ==========

Searching for "smb.sys"
C:\Windows\SoftwareDistribution\Download\59814d65a7a2d9d05194235a3e58495b\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6002.18005_none_61560a3ff5180c84\smb.sys --a--- 66560 bytes [14:10 11/05/2010] [04:45 11/04/2009] 7B75299A4D201D6A6533603D6914AB04
C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6002.18005_none_61560a3ff5180c84\smb.sys --a--- 66560 bytes [20:42 20/10/2009] [04:45 11/04/2009] 7B75299A4D201D6A6533603D6914AB04
C:\Windows\System32\drivers\smb.sys --a--- 66560 bytes [20:46 17/06/2008] [05:55 19/01/2008] 031E6BCD53C9B2B9ACE111EAFEC347B6
C:\Windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6000.16386_none_5d33cf37fb0b3064\smb.sys --a--- 66048 bytes [08:57 02/11/2006] [08:57 02/11/2006] AC0D90738ADB51A6FD12FF00874A2162
C:\_OTL\MovedFiles\05102010_211429\C_Windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6001.18000_none_5f6a9133f7f64138\smb.sys --a--- 66560 bytes [20:46 17/06/2008] [05:55 19/01/2008] (Unable to calculate MD5)

-=End Of File=-
  • 0

#24
hammerman
Posted 11 May 2010 - 02:27 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Congratulations, your computer appears clean :)

Let's remove the tools we've been using.

Please follow these steps.

-- Step 1 --

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image
-- Step 2 --
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
I recommend you update to Internet Explorer 8.

Here are some measures you can take to ensure that your computer remains clean.

1. Updates

Windows Updates

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. It is recommended that you set Windows to check, download and install your updates automatically.

  • Click Start
  • Select Control Panel
  • Click on Automatic (recommended)
  • Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
  • Click Apply then OK.
Java Updates

As with Windows, Java also needs to be regularly updated to fix security vulnerabilites. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

  • Click Start
  • Select Control Panel
  • Select Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
Adobe Updates

Your Adobe reader needs updating. You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.

Other Updates

Regularly check for updates for all your security programs including firewall, antivirus, antispyware etc

2. Security Programs

Here is a list of security programs that I would recommend.

Firewall

A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online-Armor Free is a more advanced firewall which includes a Host Intrusion Protection System (HIPS). This ensures that unrecognised programs will not run unless you give permission.

Antivirus

An antivirus program is essential. The following antivirus programs are free for personal use. Do not use more than one antivirus and always update virus definitions regularly.

AVG
Avira Free
Avast

Anti-Malware

Malwarebytes Anti-Malware MBAM is an excellent anti-malware tool that should be updated and a Quick Scan performed regularly. A Full Scan does not have to be carried out on such a regular basis as the developers aim to detect the vast majority of malware with the Quick Scan. The scanner is free for on-demand scans only.

Ad-Aware, Spybot, SuperAntispyware and A-Squared Free are also very good anti-malware programs that are free for on-demand scans. Spybot has a real-time protection feature called TeaTimer.

Prevention

SpywareBlaster is an excellent free tool for preventing the installation of spyware.
SpywareGuard offers real-time protection so that spyware is detected and blocked before it can do any harm.

Cleaner

ATF Cleaner removes temporary Internet Explorer, Firefox and Windows files.

Browser

Firefox is an alternative browser to Internet Explorer and is more secure.
NoScript is an add-on for Firefox and prevents execution of malicious scripts.
MVPS is a HOSTS file to replace your existing file. This prevents you connecting to a list of well-known ad sites.
  • 0

#25
HalYurAznPal
Posted 11 May 2010 - 07:25 PM

HalYurAznPal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hey hammerman, thank you so much for your help, I really, really appreciate it. My computer was a wreck before and now it runs better than ever. :)

Unfortunately, I seem to be having the same problem as a lot of others; Google redirect. Should I start a new thread or would you be able to help me from here?
  • 0

Advertisements

#26
hammerman
Posted 12 May 2010 - 12:18 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

No need to open another topic. Let's get some fresh logs.

-- Step 1 --
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
-- Step 2 --

Please go HERE and download FileLister.
  • Save it to your Desktop
  • Rt Click ->> Extract all ->> And extract it to your Desktop
  • Additional help on extracting zip files can be found HERE
  • Open the File Lister Folder.
  • Note: Leave the FileLister.vbe file in the folder and run it from there.
Posted Image
  • Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
  • When the program is fnished it will produce a log for you C:\Files.txt
  • Which will be located in the default location from which FileLister was run (the FileLister folder)
Copy and paste the contents of that log in your reply.

-- Step 3 --

Let's check you can get into the Vista Recovery Environment.
  • Restart your computer and begin tapping the F8 key to enable the Advanced Start menu.
  • If the option 'Repair your computer' is available, select it. If not, please skip the remaining steps and let me know.
  • Select a keyboard layout, and then click Next.
  • Select a user name and enter the password, and then click OK.
  • You should now see the System Recovery Options menu.

    Posted Image
  • Select the Command Prompt. A black command prompt window should open displaying the X:\windows\system32>_ prompt (or X:\Sources>_)
  • Type Exit to close the command prompt window and then press the Restart button to reboot.
  • Let me know if you complete these steps successfully.

  • 0

#27
HalYurAznPal
Posted 12 May 2010 - 01:10 PM

HalYurAznPal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hey, all steps were completed successfully, here are the logs you requested.

OTL logfile created on: 12/05/2010 2:41:38 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Hallel\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.81 Gb Total Space | 76.13 Gb Free Space | 26.09% Space Free | Partition Type: NTFS
Drive D: | 6.27 Gb Total Space | 0.88 Gb Free Space | 14.08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HALLELUJAH
Current User Name: Hallel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Hallel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Windows\System32\lxctcoms.exe ( )


========== Modules (SafeList) ==========

MOD - C:\Users\Hallel\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (stllssvr) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (lxct_device) -- C:\Windows\System32\lxctcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (WinDriver6) -- C:\Windows\System32\drivers\windrvr6.sys (Jungo)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (UMPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (A5AGU) -- C:\Windows\System32\drivers\agux86.sys (D-Link Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (VST_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (MagicTune) -- C:\Windows\System32\drivers\MTictwl.sys ()
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (OVT511Plus) -- C:\Windows\System32\drivers\omcamvid.sys (OmniVision Technologies, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/30 01:25:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/07 13:06:26 | 000,000,000 | ---D | M]

[2010/04/30 01:26:01 | 000,000,000 | ---D | M] -- C:\Users\Hallel\AppData\Roaming\mozilla\Extensions
[2010/05/12 12:41:01 | 000,000,000 | ---D | M] -- C:\Users\Hallel\AppData\Roaming\mozilla\Firefox\Profiles\rdqnamks.default\extensions
[2010/04/30 02:03:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hallel\AppData\Roaming\mozilla\Firefox\Profiles\rdqnamks.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/09 19:06:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/07 13:06:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/07 13:06:18 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/12/19 08:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

O1 HOSTS File: ([2010/05/06 22:00:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LXCTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.210.47.10 207.210.47.39 207.210.47.40
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/04 15:16:02 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/06/29 23:22:10 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/05/12 14:40:08 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Hallel\Desktop\OTL.exe
[2010/05/10 23:43:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/05/09 18:59:22 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Local\Apple
[2010/05/07 13:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/07 13:06:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/07 13:06:26 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/07 13:06:26 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/07 13:06:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/07 13:06:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/07 12:34:13 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/05/07 12:34:13 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/05/07 12:34:13 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/05/07 12:34:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/05/07 12:34:13 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/05/07 12:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/05/07 12:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/05/06 22:08:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/05/06 22:08:50 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Local\temp
[2010/05/06 22:08:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/05/06 15:53:02 | 000,000,000 | ---D | C] -- C:\Combo-Fix23342C
[2010/05/06 13:35:33 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010/05/02 10:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/04/30 01:49:24 | 000,000,000 | ---D | C] -- C:\Users\Hal\Tracing
[2010/04/30 01:42:07 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Roaming\vlc
[2010/04/30 01:25:57 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Roaming\Mozilla
[2010/04/30 00:15:27 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Roaming\Macromedia
[2010/04/30 00:15:27 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Roaming\Adobe
[2010/04/30 00:13:17 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Local\Google
[2010/04/30 00:13:08 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Local\Mozilla
[2010/04/30 00:10:55 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Roaming\Malwarebytes
[2010/04/30 00:10:32 | 000,000,000 | R--D | C] -- C:\Users\Hal\Searches
[2010/04/30 00:10:15 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Roaming\Identities
[2010/04/30 00:10:09 | 000,000,000 | R--D | C] -- C:\Users\Hal\Contacts
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hallel\AppData\Local\Temporary Internet Files
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\Templates
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\Start Menu
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\SendTo
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\Recent
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\PrintHood
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\NetHood
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hallel\Documents\My Videos
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hallel\Documents\My Pictures
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hallel\Documents\My Music
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\My Documents
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\Local Settings
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hallel\AppData\Local\History
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\Cookies
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hallel\AppData\Local\Application Data
[2010/04/30 00:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Hal\Application Data
[2010/04/30 00:09:40 | 000,000,000 | --SD | C] -- C:\Users\Hallel\AppData\Roaming\Microsoft
[2010/04/30 00:09:40 | 000,000,000 | R--D | C] -- C:\Users\Hal\Saved Games
[2010/04/30 00:09:40 | 000,000,000 | R--D | C] -- C:\Users\Hal\Pictures
[2010/04/30 00:09:40 | 000,000,000 | R--D | C] -- C:\Users\Hal\Links
[2010/04/30 00:09:40 | 000,000,000 | R--D | C] -- C:\Users\Hal\Favorites
[2010/04/30 00:09:40 | 000,000,000 | R--D | C] -- C:\Users\Hal\Downloads
[2010/04/30 00:09:40 | 000,000,000 | R--D | C] -- C:\Users\Hal\Documents
[2010/04/30 00:09:40 | 000,000,000 | R--D | C] -- C:\Users\Hal\Desktop
[2010/04/30 00:09:40 | 000,000,000 | -H-D | C] -- C:\Users\Hal\AppData
[2010/04/30 00:09:40 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Local\Microsoft Help
[2010/04/30 00:09:40 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Local\Microsoft
[2010/04/30 00:09:40 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Roaming\Media Center Programs
[2010/04/30 00:09:40 | 000,000,000 | ---D | C] -- C:\Users\Hallel\AppData\Local\Adobe
[2010/04/28 17:12:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/04/28 12:37:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/27 18:17:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/27 18:17:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/27 15:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/27 15:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/27 12:41:06 | 000,093,184 | RHS- | C] (Microsoft Corporation) -- C:\Windows\System32\SCardSvry.dll
[2010/04/13 22:26:25 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/13 22:26:25 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/13 22:26:18 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/13 22:26:00 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2007/08/06 16:16:18 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCThcp.dll
[2007/08/06 16:16:16 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxctinpa.dll
[2007/08/06 16:16:16 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxctiesc.dll
[2007/08/06 16:16:15 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxctserv.dll
[2007/08/06 16:16:15 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxctusb1.dll
[2007/08/06 16:16:14 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxctpmui.dll
[2007/08/06 16:16:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxctprox.dll
[2007/08/06 16:16:14 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxctpplc.dll
[2007/08/06 16:16:13 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxctlmpm.dll
[2007/08/06 16:16:12 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcthbn3.dll
[2007/08/06 16:16:10 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxctcomc.dll
[2007/08/06 16:16:10 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxctcomm.dll
[30 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[30 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/12 14:45:37 | 001,572,864 | -HS- | M] () -- C:\Users\Hallel\NTUSER.DAT
[2010/05/12 14:42:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3B5EC866-8A93-4E2E-B6E6-EC2E18C8C982}.job
[2010/05/12 14:40:09 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Hallel\Desktop\OTL.exe
[2010/05/12 14:28:56 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/12 14:28:56 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/12 13:10:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/05/12 12:35:54 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/12 12:35:54 | 000,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/12 12:35:54 | 000,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/12 12:28:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/12 12:28:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/12 12:28:50 | 2135,420,928 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/11 21:30:11 | 000,524,288 | -HS- | M] () -- C:\Users\Hallel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/11 21:30:11 | 000,065,536 | -HS- | M] () -- C:\Users\Hallel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/11 21:30:08 | 002,005,072 | -H-- | M] () -- C:\Users\Hallel\AppData\Local\IconCache.db
[2010/05/11 21:14:18 | 000,000,680 | ---- | M] () -- C:\Users\Hallel\AppData\Local\d3d9caps.dat
[2010/05/11 21:12:57 | 002,431,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/07 23:20:49 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/05/07 23:13:43 | 000,001,722 | ---- | M] () -- C:\Users\Hallel\Desktop\Windows Live Messenger.lnk
[2010/05/07 13:06:18 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/07 13:06:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/07 13:06:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/07 13:06:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/07 12:34:17 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/05/07 11:27:48 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/05/06 22:00:15 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/05/06 22:00:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/05/06 12:49:51 | 181,043,218 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/04/30 01:56:49 | 000,010,240 | ---- | M] () -- C:\Users\Hallel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/30 01:25:52 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/30 00:49:53 | 000,077,928 | ---- | M] () -- C:\Users\Hallel\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/30 00:43:39 | 000,000,340 | ---- | M] () -- C:\Users\Hallel\Desktop\Hal's Stuff.lnk
[2010/04/30 00:20:36 | 000,524,288 | -HS- | M] () -- C:\Users\Hallel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/04/30 00:13:11 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/04/30 00:09:42 | 000,000,020 | -HS- | M] () -- C:\Users\Hallel\ntuser.ini
[2010/04/29 23:59:36 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/27 18:17:51 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/27 15:07:58 | 000,000,318 | ---- | M] () -- C:\Windows\wininit.ini
[2010/04/27 12:41:06 | 000,093,184 | RHS- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvry.dll
[30 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[30 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/11 21:14:18 | 000,000,680 | ---- | C] () -- C:\Users\Hallel\AppData\Local\d3d9caps.dat
[2010/05/07 23:21:45 | 2135,420,928 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/07 12:34:17 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/04/30 01:49:11 | 000,001,722 | ---- | C] () -- C:\Users\Hallel\Desktop\Windows Live Messenger.lnk
[2010/04/30 01:25:52 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/30 00:48:53 | 000,010,240 | ---- | C] () -- C:\Users\Hallel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/30 00:43:39 | 000,000,340 | ---- | C] () -- C:\Users\Hallel\Desktop\Hal's Stuff.lnk
[2010/04/30 00:13:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/30 00:09:42 | 000,524,288 | -HS- | C] () -- C:\Users\Hal\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/04/30 00:09:42 | 000,524,288 | -HS- | C] () -- C:\Users\Hal\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/30 00:09:42 | 000,262,144 | -H-- | C] () -- C:\Users\Hal\ntuser.dat.LOG1
[2010/04/30 00:09:42 | 000,065,536 | -HS- | C] () -- C:\Users\Hal\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/30 00:09:42 | 000,000,020 | -HS- | C] () -- C:\Users\Hal\ntuser.ini
[2010/04/30 00:09:42 | 000,000,000 | -H-- | C] () -- C:\Users\Hal\ntuser.dat.LOG2
[2010/04/30 00:09:40 | 001,572,864 | -HS- | C] () -- C:\Users\Hal\NTUSER.DAT
[2010/04/27 18:17:51 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/27 13:37:43 | 000,000,318 | ---- | C] () -- C:\Windows\wininit.ini
[2009/08/27 15:04:44 | 000,557,003 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/08/27 15:04:32 | 000,811,835 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009/08/27 15:03:52 | 004,456,201 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/08/25 14:07:36 | 000,328,334 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009/08/25 13:38:04 | 000,425,040 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/08/25 12:56:56 | 000,829,781 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/08/25 12:37:02 | 000,146,098 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/06/02 13:15:44 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009/06/02 13:15:18 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009/06/02 13:15:04 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009/06/02 13:14:56 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009/06/02 13:14:30 | 000,486,400 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009/06/02 13:13:58 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009/06/02 13:13:50 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009/06/02 13:11:26 | 000,098,304 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009/06/02 13:11:16 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/03/16 08:47:36 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/01/10 18:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009/01/10 18:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009/01/10 18:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009/01/10 18:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009/01/10 18:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2009/01/10 18:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009/01/10 18:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009/01/10 18:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/01/10 18:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009/01/10 18:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2008/12/03 18:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/03/25 09:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007/08/24 20:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/08/06 16:21:28 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxctcoin.dll
[2007/08/06 16:18:48 | 000,045,056 | ---- | C] () -- C:\Windows\System32\lxctpmon.dll
[2007/08/06 16:18:48 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXCTFXPU.DLL
[2007/08/06 16:16:20 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCTinst.dll
[2007/08/06 16:16:12 | 000,204,800 | ---- | C] () -- C:\Windows\System32\lxctgrd.dll
[2007/08/06 12:57:31 | 000,013,396 | ---- | C] () -- C:\Windows\System32\drivers\MTictwl.sys
[2007/07/10 13:10:12 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007/03/06 14:49:42 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/01/04 15:06:02 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/01/04 15:06:02 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/01/04 14:59:20 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/14 13:17:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxctcaps.dll
[2006/08/08 11:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxctdrs.dll
[2006/05/03 10:31:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxctcnv4.dll
[2006/04/24 23:11:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxctvs.dll
[2001/09/18 12:00:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bmpproc.dll
[2001/09/18 12:00:00 | 000,031,746 | ---- | C] () -- C:\Windows\System32\2icpin_.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/01/04 15:16:02 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2008/01/19 03:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2007/01/04 14:59:00 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/11/27 16:11:31 | 000,003,532 | ---- | M] () -- C:\drmHeader.bin
[2009/12/04 12:54:52 | 000,000,471 | ---- | M] () -- C:\faxend.log
[2009/12/04 12:54:52 | 000,000,242 | ---- | M] () -- C:\faxendPdoc.log
[2009/12/04 12:54:47 | 000,000,363 | ---- | M] () -- C:\faxfile.log
[2010/05/12 12:28:50 | 2135,420,928 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/06 22:17:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/16 15:11:37 | 000,009,544 | ---- | M] () -- C:\lxct.log
[2010/04/30 12:08:44 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009/03/06 22:17:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/12 12:28:49 | 2451,324,928 | -HS- | M] () -- C:\pagefile.sys
[2008/03/08 16:12:08 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log
[2008/12/14 00:22:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/12/16 11:50:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/01/04 12:15:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/01/11 18:53:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/01/14 18:53:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/01/18 10:20:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/10/12 11:40:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/10/18 14:35:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/10/19 11:10:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/10/25 14:06:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/10/25 14:17:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/10/25 21:13:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/10/25 22:31:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/10/26 10:55:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/11/16 13:05:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/11/16 21:07:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/11/28 09:30:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/12/06 11:22:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/12/07 00:04:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/12/13 13:44:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2008/12/14 00:22:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/12/16 11:50:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/01/04 12:15:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/01/11 18:53:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/01/14 18:53:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/01/18 10:20:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/10/12 11:40:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008/10/18 14:35:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/10/19 11:10:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/10/25 14:06:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/10/25 14:17:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/10/25 21:13:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/10/25 22:31:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/10/26 10:55:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/11/16 13:05:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/11/16 21:07:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/11/28 09:30:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/12/06 11:22:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/12/07 00:04:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/12/13 13:44:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2007/08/11 10:43:33 | 000,933,054 | ---- | M] () -- C:\TB.log
[2008/08/17 09:33:43 | 000,000,150 | ---- | M] () -- C:\YServer.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/19 03:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/19 03:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/02/20 17:18:40 | 000,411,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/23 07:32:31 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 07:32:36 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 07:32:33 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2010/02/18 10:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/02/18 07:52:00 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys

========== Files - Unicode (All) ==========
[2009/02/11 17:51:05 | 000,212,991 | ---- | M] ()(C:\Program Files\Adobe After Effects CS4 ????.pdf) -- C:\Program Files\Adobe After Effects CS4 읽어보기.pdf
[2009/02/11 17:51:05 | 000,143,872 | ---- | M] ()(C:\Program Files\Adobe After Effects CS4 ???????.pdf) -- C:\Program Files\Adobe After Effects CS4 お読みください.pdf
< End of report >

OTL Extras logfile created on: 12/05/2010 2:41:38 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Hallel\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.81 Gb Total Space | 76.13 Gb Free Space | 26.09% Space Free | Partition Type: NTFS
Drive D: | 6.27 Gb Total Space | 0.88 Gb Free Space | 14.08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HALLELUJAH
Current User Name: Hallel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B437E3-90F4-42FF-8262-865F66F6E344}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0AEBFD94-3D54-4CC7-84C2-8ACD7BCC352C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1187AB15-CE7A-4E9D-BCFE-DE41AFF62690}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{11B8A80B-D087-4063-83F8-7A50B95E74D9}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1499C257-A8BE-42CB-8B56-300FD489D32D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{156BAB5D-B063-4048-8FDE-B1351CE98D62}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1F072D40-2540-4855-87CE-3A9D5301E87A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32DCBB70-319A-4305-AD48-006881286623}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3F8DD7FC-FD7A-418F-AFF2-837B96D9D26E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{43D02F78-88FC-4B99-996E-FD5F18A3EB6D}" = lport=10244 | protocol=6 | dir=in | app=system |
"{4582C8E7-0392-4253-BBB7-3F6656337173}" = lport=10244 | protocol=6 | dir=in | app=system |
"{4E906A83-A3FF-4B4D-9A0F-D01E4136494B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5346875A-0981-4CD0-AA4C-8B0C7E4D363B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{54A121FD-EB01-4639-A517-DD643D7607B7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{66C44C89-834F-4281-8DD9-3164279A1E2D}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{6C17410F-B5A3-47A8-B13A-A1E9DE98F796}" = lport=2869 | protocol=6 | dir=in | app=system |
"{768EC7C3-4F8D-4ED0-A67E-B0DF58466172}" = lport=3390 | protocol=6 | dir=in | app=system |
"{778E217A-6438-46AB-99CF-27E95DF6F1FB}" = rport=10244 | protocol=6 | dir=out | app=system |
"{8ACE3D3A-A09D-4002-8FFA-B53A6A983414}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{923D7639-7336-41E9-863A-453E196FC886}" = lport=3390 | protocol=6 | dir=in | app=system |
"{961D136F-F21E-44EA-A509-4A0FB8961784}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9BE86A16-67F4-4525-88C5-5C91D1DF0AD7}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9CD735B1-AF3A-448F-AF1E-558A1CC96BBF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BDDC240F-54F7-4C0B-A03B-3E0D501CE521}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{C4EE0530-40B9-40A1-8D9F-0A781BBFFD2F}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{C6BB50D9-BBEC-43D1-A669-0A0B5097FDE5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C887C37C-17B7-403E-B888-4529C6E15807}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D0F68B36-80BA-4BBB-83B2-E159E2CD54E8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D5FFF8B7-10D4-4763-831A-0F52EE7CB272}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1E873FA-1218-40D9-9E90-86BD65CB5B0F}" = rport=10244 | protocol=6 | dir=out | app=system |
"{E8FEDF77-C024-4502-A99C-34810589F874}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EDDB7DCB-7F7A-4063-B2AA-2D021AF59F28}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0DA9D3D-945D-40EF-B0D1-ECFDAC0EBD33}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FB199B1C-3FED-4D54-B373-0E5299B933F0}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{083330C0-D2D3-448D-B096-E5DDBD3275FA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{089755ED-9A71-4D3E-BF13-145A965BCF57}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{091BF94A-84DC-46E3-B436-7E65C27CCC00}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{18F90DA8-E82A-4F9D-B139-A5D502815A1D}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{20C97FCD-CAD4-44C2-BE61-E948548CE89E}" = protocol=17 | dir=in | app=c:\program files\lexmark 5400 series\lxctmon.exe |
"{27D88955-C880-4593-9EFC-EE159079BF05}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{2E2D68C8-5E00-49D4-B48D-CED0DC39614A}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{31A6FCDE-3641-4531-9DA5-1BF0A8F1076D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{320334CE-8A46-40F3-A232-26DD839DC5D8}" = protocol=6 | dir=in | app=c:\program files\lexmark 5400 series\lxctaiox.exe |
"{328DE31F-4C95-43DB-B506-43509515138A}" = protocol=6 | dir=in | app=c:\windows\system32\lxctcoms.exe |
"{39CA6898-CEB4-487A-970B-6BF3DF87994C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{53096E04-0AD2-4D2E-9002-320F82586D66}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{558DCEC5-3605-49D2-AB62-B060BE2E9C84}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5CC7D832-9B2D-4DAC-9D00-51DFCEA798B5}" = dir=in | app=c:\program files\hp connections\6811507\program\hp connections |
"{5DAAB843-82BF-4E58-8073-BAC199B75B11}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{712A184B-0ADB-4840-A3AB-B101634C3EF1}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{735793EB-B82C-4D75-A631-B920D3D06598}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{7854FC45-8783-4A22-80ED-A5B60E81CD90}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{798EA52C-FF05-45DD-9BFA-C24865684E94}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7A781AF1-9B74-45A7-A71D-49EB56B42D55}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7A96CDC1-A60E-462A-872D-AC2C7AB2E24E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{82C9F915-CFD6-453D-86B1-02FAA23F1DC8}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{82E2D180-B678-4591-B6DE-E3C07179F6D9}" = protocol=6 | dir=in | app=c:\program files\lexmark 5400 series\lxctmon.exe |
"{8386C1D6-7F93-41BB-B5B1-3DB58C6FB138}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{849C6803-3A54-4C59-8DD8-8DF351047976}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{99937D49-B74D-4FA4-AC61-CF39D4DAB059}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{99CA9A80-BEE2-4ED6-8CEE-8C22311C3590}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{9AB331F0-C43B-41F6-9B4E-5BD7633D5CF6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9BB04F86-71EB-48DE-AFE4-44F7F1722F00}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{A3B01A74-DE87-4D0B-A733-F4409550A689}" = protocol=17 | dir=in | app=c:\windows\system32\lxctcoms.exe |
"{ADFB203B-B7FD-49AC-B9DF-F259AE711DD4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B4F7E1F1-7A00-4D7B-BD98-FA43A7CB31B5}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{B908FE17-F21C-4194-B45C-747E7427D3D4}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{BD0C452D-4CC3-4E36-B7F2-7F3C230F4FD3}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C8B63B2B-AB23-4B61-9CF7-A2AC9E178DEA}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{CF39A581-86A2-4637-8F86-C3DE32C8876C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{D8955056-1D09-4E58-A2A7-D7276736D79C}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{D8D4E95B-BB08-499E-AEF6-32061A1E9066}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F204AB61-CFB0-478C-A578-D0988F5B99A9}" = protocol=17 | dir=in | app=c:\program files\lexmark 5400 series\lxctaiox.exe |
"{F6F1F0DB-65BF-4A8C-8DFB-93B527EA0F66}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{FD9A6DA8-42FE-4A45-A0C3-B5D99CBE52C1}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"TCP Query User{462C0E03-2EB1-4B6F-A0B4-67551417741A}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{5ADA0295-A704-456C-962C-0211EA3D5016}C:\program files\counterpath\x-lite\x-lite.exe" = protocol=6 | dir=in | app=c:\program files\counterpath\x-lite\x-lite.exe |
"TCP Query User{CC11EA2F-96BE-4D12-BD73-5F9617FBE305}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{F2320FF9-1C99-42DA-A943-7A9691F54DF9}C:\program files\windows live\messenger\msnmsgr .exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr .exe |
"UDP Query User{19AEAB9F-96AE-431A-8A73-F8552C68EC78}C:\program files\counterpath\x-lite\x-lite.exe" = protocol=17 | dir=in | app=c:\program files\counterpath\x-lite\x-lite.exe |
"UDP Query User{20957E77-4566-46AF-8E53-AEC39082DF33}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{467F2936-5F09-4DED-AF4B-02F3465AF5DA}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{6193FFA8-2566-4CAB-A43D-65158A492335}C:\program files\windows live\messenger\msnmsgr .exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr .exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0373779B-A362-4B2E-B8E9-7442F19F9394}" = HP Total Care Advisor
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{10DCF8BB-B7B8-43F1-A006-A05EB08583CA}" = Logger Pro 3.6.0 Demo
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DA92370-2929-4A4D-B3DF-B1651D77C6AA}" = MapleStory
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C3DC29BC-A8CF-4578-9DFC-37F049C44771}" = OcxSetup
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Any Video Converter_is1" = Any Video Converter 3.0.3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Lexmark 5400 Series" = Lexmark 5400 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.8.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/05/2010 9:16:44 PM | Computer Name = hallelujah | Source = ESENT | ID = 412
Description = Windows (2584) Windows: Unable to read the header of logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.
Error -501.

Error - 10/05/2010 9:16:44 PM | Computer Name = hallelujah | Source = ESENT | ID = 412
Description = Windows (2584) Windows: Unable to read the header of logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.
Error -501.

Error - 10/05/2010 9:16:44 PM | Computer Name = hallelujah | Source = Windows Search Service | ID = 9000
Description =

Error - 10/05/2010 9:16:45 PM | Computer Name = hallelujah | Source = Windows Search Service | ID = 7040
Description =

Error - 10/05/2010 9:16:45 PM | Computer Name = hallelujah | Source = Windows Search Service | ID = 9002
Description =

Error - 10/05/2010 9:16:45 PM | Computer Name = hallelujah | Source = Windows Search Service | ID = 3029
Description =

Error - 10/05/2010 9:16:46 PM | Computer Name = hallelujah | Source = Windows Search Service | ID = 3029
Description =

Error - 10/05/2010 9:16:46 PM | Computer Name = hallelujah | Source = Windows Search Service | ID = 3028
Description =

Error - 10/05/2010 9:16:46 PM | Computer Name = hallelujah | Source = Windows Search Service | ID = 3058
Description =

Error - 10/05/2010 9:17:02 PM | Computer Name = hallelujah | Source = Windows Search Service | ID = 7040
Description =

[ Media Center Events ]
Error - 20/12/2007 6:09:41 PM | Computer Name = hallelujah | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 04/01/2008 11:21:17 PM | Computer Name = hallelujah | Source = McrMgr | ID = 100
Description =

Error - 04/01/2008 11:34:35 PM | Computer Name = hallelujah | Source = McrMgr | ID = 100
Description =

Error - 04/01/2008 11:36:54 PM | Computer Name = hallelujah | Source = McrMgr | ID = 100
Description =

Error - 04/01/2008 11:48:04 PM | Computer Name = hallelujah | Source = McrMgr | ID = 100
Description =

Error - 13/01/2008 6:57:25 PM | Computer Name = hallelujah | Source = Mcx2Svc | ID = 301
Description =

Error - 16/04/2008 4:39:20 PM | Computer Name = hallelujah | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 05/09/2009 7:29:07 PM | Computer Name = hallelujah | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 07/10/2009 4:33:40 PM | Computer Name = hallelujah | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/10/2009 10:25:39 PM | Computer Name = hallelujah | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 08/04/2008 7:55:49 AM | Computer Name = hallelujah | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 776
seconds with 660 seconds of active time. This session ended with a crash.

Error - 10/04/2008 8:05:44 PM | Computer Name = hallelujah | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2098
seconds with 960 seconds of active time. This session ended with a crash.

Error - 20/04/2008 12:15:01 PM | Computer Name = hallelujah | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6157
seconds with 2160 seconds of active time. This session ended with a crash.

Error - 22/11/2008 5:02:43 PM | Computer Name = hallelujah | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6855
seconds with 3120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/05/2010 9:08:29 PM | Computer Name = hallelujah | Source = Microsoft-Windows-Service Pack Installer | ID = 8
Description =

Error - 11/05/2010 9:12:35 PM | Computer Name = hallelujah | Source = HTTP | ID = 15016
Description =

Error - 11/05/2010 9:14:06 PM | Computer Name = hallelujah | Source = Service Control Manager | ID = 7000
Description =

Error - 11/05/2010 9:15:23 PM | Computer Name = hallelujah | Source = Service Control Manager | ID = 7024
Description =

Error - 11/05/2010 9:56:17 PM | Computer Name = hallelujah | Source = HTTP | ID = 15016
Description =

Error - 11/05/2010 9:57:15 PM | Computer Name = hallelujah | Source = Service Control Manager | ID = 7000
Description =

Error - 11/05/2010 9:58:46 PM | Computer Name = hallelujah | Source = Service Control Manager | ID = 7024
Description =

Error - 12/05/2010 12:28:57 PM | Computer Name = hallelujah | Source = HTTP | ID = 15016
Description =

Error - 12/05/2010 12:30:43 PM | Computer Name = hallelujah | Source = Service Control Manager | ID = 7000
Description =

Error - 12/05/2010 12:31:20 PM | Computer Name = hallelujah | Source = Service Control Manager | ID = 7024
Description =


< End of report >
  • 0

#28
HalYurAznPal
Posted 12 May 2010 - 01:11 PM

HalYurAznPal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Filelister file,


+++++++++++++++++++++++++++
+ File Lister Version 1.1.4 +
+ +
+ By bamajim / SpywareHammer.com +
+++++++++++++++++++++++++++

Report ran on --->>> 12/05/2010 2:52:29 PM

====== Running Processes ======

C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\WScript.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

====== BHO's ======
BHO: (NO NAME) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: (NO NAME) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: (NO NAME) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: (NO NAME) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

BHO: (NO NAME) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

BHO: (NO NAME) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

====== System Keys (some whitelisted items will not be shown)======

Winlogon\Userinit = C:\Windows\system32\userinit.exe,
Winlogon\Shell = Explorer.exe

====== HKLM\~\Run Keys ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[LXCTCATS] = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
[Malwarebytes Anti-Malware (rootkit-scan)] = "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
[avgnt] = "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
[SunJavaUpdateSched] = "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
[QuickTime Task] = "C:\Program Files\QuickTime\QTTask.exe" -atboottime

====== HKCU\~\Run Keys ======

[msnmsgr] = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

====== DNS Info (List may be empty) ======

HKEY_LOCAL_MACHINE\CCS\~\{BC1206EB-AE85-4833-901F-16AFF14E1757}\ NameServer= 207.210.47.10,207.210.47.27

HKEY_LOCAL_MACHINE\CS001\~\{BC1206EB-AE85-4833-901F-16AFF14E1757}\ NameServer= 207.210.47.10,207.210.47.27

HKEY_LOCAL_MACHINE\CS002\~\{BC1206EB-AE85-4833-901F-16AFF14E1757}\ NameServer= 207.210.47.10,207.210.47.27

ICSDomain = mshome.net
SyncDomainWithMembership = 1
NV Hostname = hallelujah
DataBasePath = %SystemRoot%\System32\drivers\etc
ForwardBroadcasts = 0
IPEnableRouter = 0
Hostname = hallelujah
UseDomainNameDevolution = 1
DeadGWDetectDefault = 1
DontAddDefaultGatewayDefault = 0
EnableWsd = 1
QualifyingDestinationThreshold = 3
DisableUserTOSSetting = 0
TCPFinWait2Delay = 16
OverrideDefaultAddressSelection = 1
EnableICMPRedirect = 1
DhcpDomain = quickclic.net
DhcpNameServer = 207.210.47.10 207.210.47.39 207.210.47.40

====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

06/05/2010 10:08:13 PM 07/05/2010 11:21:45 PM 2135420928 38 C:\hiberfil.sys
30/04/2010 12:08:09 PM 109 32 C:\mbam-error.txt
28/04/2010 12:37:10 PM 376956931 C:\Windows\ERDNT
28/04/2010 12:37:10 PM 349296179 C:\Windows\ERDNT\AutoBackup
28/04/2010 12:37:10 PM 115715260 C:\Windows\ERDNT\AutoBackup\28-04-2010
28/04/2010 12:37:20 PM 9408512 C:\Windows\ERDNT\AutoBackup\28-04-2010\Users
28/04/2010 12:37:20 PM 5599232 C:\Windows\ERDNT\AutoBackup\28-04-2010\Users\00000001
28/04/2010 12:37:20 PM 3809280 C:\Windows\ERDNT\AutoBackup\28-04-2010\Users\00000002
29/04/2010 9:39:51 AM 116849851 C:\Windows\ERDNT\AutoBackup\29-04-2010
29/04/2010 9:39:57 AM 9412608 C:\Windows\ERDNT\AutoBackup\29-04-2010\Users
29/04/2010 9:39:57 AM 5603328 C:\Windows\ERDNT\AutoBackup\29-04-2010\Users\00000001
29/04/2010 9:39:57 AM 3809280 C:\Windows\ERDNT\AutoBackup\29-04-2010\Users\00000002
30/04/2010 12:51:59 AM 116731068 C:\Windows\ERDNT\AutoBackup\30-04-2010
30/04/2010 12:52:04 AM 9412608 C:\Windows\ERDNT\AutoBackup\30-04-2010\Users
30/04/2010 12:52:04 AM 5603328 C:\Windows\ERDNT\AutoBackup\30-04-2010\Users\00000001
30/04/2010 12:52:04 AM 3809280 C:\Windows\ERDNT\AutoBackup\30-04-2010\Users\00000002
06/05/2010 1:42:35 PM 27660752 C:\Windows\ERDNT\cache
06/05/2010 10:08:50 PM 527484 C:\Windows\temp
09/05/2010 10:48:24 AM 2067 32 C:\Windows\ie8_main.log
30/04/2010 12:13:11 AM 0 32 C:\Windows\nsreg.dat
27/04/2010 12:44:24 PM 466030 32 C:\Windows\ntbtlog.txt
27/04/2010 12:40:40 PM 12 32 C:\Windows\srun.log
27/04/2010 1:37:43 PM 318 32 C:\Windows\wininit.ini
10/05/2010 11:43:19 PM 42496 C:\Windows\System32\EventProviders
10/05/2010 11:43:19 PM 6144 C:\Windows\System32\EventProviders\de-de
10/05/2010 11:43:19 PM 5632 C:\Windows\System32\EventProviders\en-us
10/05/2010 11:43:19 PM 6144 C:\Windows\System32\EventProviders\es-es
10/05/2010 11:43:19 PM 6144 C:\Windows\System32\EventProviders\fr-fr
10/05/2010 11:43:19 PM 5120 C:\Windows\System32\EventProviders\ja-jp
13/04/2010 2:39:03 PM 98304 32 C:\Windows\System32\cabview.dll
07/05/2010 1:06:26 PM 411368 32 C:\Windows\System32\deployJava1.dll
30/03/2010 2:45:24 PM 389632 32 C:\Windows\System32\html.iec
30/03/2010 2:45:26 PM 230400 32 C:\Windows\System32\ieaksie.dll
30/03/2010 2:45:27 PM 380928 32 C:\Windows\System32\ieapfltr.dll
30/03/2010 2:45:26 PM 389120 32 C:\Windows\System32\iedkcs32.dll
30/03/2010 2:45:24 PM 78336 32 C:\Windows\System32\ieencode.dll
30/03/2010 2:45:27 PM 6069248 32 C:\Windows\System32\ieframe.dll
30/03/2010 2:45:26 PM 193024 32 C:\Windows\System32\iepeers.dll
30/03/2010 2:45:27 PM 270848 32 C:\Windows\System32\iertutil.dll
30/03/2010 2:45:24 PM 26624 32 C:\Windows\System32\ieUnatt.exe
13/04/2010 10:25:57 PM 190464 32 C:\Windows\System32\iphlpsvc.dll
07/05/2010 1:06:26 PM 145184 32 C:\Windows\System32\java.exe
07/05/2010 1:06:26 PM 145184 32 C:\Windows\System32\javaw.exe
07/05/2010 1:06:26 PM 153376 32 C:\Windows\System32\javaws.exe
30/03/2010 2:45:23 PM 28160 32 C:\Windows\System32\jsproxy.dll
07/05/2010 12:25:39 PM 499712 32 C:\Windows\System32\kerberos.dll
13/04/2010 10:26:00 PM 62464 32 C:\Windows\System32\l3codeca.acm
30/03/2010 2:45:26 PM 458240 32 C:\Windows\System32\msfeeds.dll
30/03/2010 2:45:29 PM 3586048 32 C:\Windows\System32\mshtml.dll
30/03/2010 2:45:22 PM 1383424 32 C:\Windows\System32\mshtml.tlb
30/03/2010 2:45:27 PM 476672 32 C:\Windows\System32\mshtmled.dll
30/03/2010 2:45:23 PM 671232 32 C:\Windows\System32\mstime.dll
14/03/2010 11:04:01 PM 91136 32 C:\Windows\System32\nmwcdcls.dll
13/04/2010 10:26:25 PM 3598216 32 C:\Windows\System32\ntkrnlpa.exe
13/04/2010 10:26:25 PM 3545992 32 C:\Windows\System32\ntoskrnl.exe
30/03/2010 2:45:29 PM 146432 32 C:\Windows\System32\occache.dll
27/04/2010 12:41:06 PM 93184 39 C:\Windows\System32\SCardSvry.dll
07/05/2010 12:25:38 PM 270848 32 C:\Windows\System32\schannel.dll
30/03/2010 2:45:29 PM 1174528 32 C:\Windows\System32\urlmon.dll
13/04/2010 10:26:18 PM 430080 32 C:\Windows\System32\vbscript.dll
08/05/2010 9:05:47 PM 378368 32 C:\Windows\System32\winhttp.dll
30/03/2010 2:45:29 PM 833024 32 C:\Windows\System32\wininet.dll
13/04/2010 2:39:06 PM 171520 32 C:\Windows\System32\wintrust.dll

====== "\Administrator & All Users\Startup" Last 60 Days======




====== "\Program Files" Last 60 Days======

07/05/2010 12:34:12 PM 97777703 C:\Program Files\Avira
02/05/2010 10:47:47 AM 1024000 C:\Program Files\CONEXANT
27/04/2010 3:37:03 PM 3977663 C:\Program Files\Malwarebytes' Anti-Malware
14/03/2010 11:03:30 PM 2983655 C:\Program Files\Nokia

======"Drivers" Modified Last 60 Days======

27/04/2010 6:17:46 PM 20952 32 C:\Windows\System32\drivers\mbam.sys
27/04/2010 6:17:49 PM 38224 32 C:\Windows\System32\drivers\mbamswissarmy.sys
14/03/2010 11:17:12 PM 0 34 C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

====== Files Deleted under "%Temp%" ======

11 Files deleted

======"All Users\Application Data" Last 60 Days======



====== HKLM\~\ShellServiceObjectDelayLoad======

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll


====== HKLM\~\SharedTaskScheduler======

Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll

======HKLM\~\msconfig\startupreg======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKLM\Software\microsoft\shared tools\msconfig\startupreg\EzPrint
HKLM\Software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKLM\Software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKLM\Software\microsoft\shared tools\msconfig\startupreg\HPADVISOR
HKLM\Software\microsoft\shared tools\msconfig\startupreg\IAAnotif
HKLM\Software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKLM\Software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Lexmark 5400 Series Fax Server
HKLM\Software\microsoft\shared tools\msconfig\startupreg\LXCTCATS
HKLM\Software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Persistence
HKLM\Software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKLM\Software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKLM\Software\microsoft\shared tools\msconfig\startupreg\swg
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Windows Defender

====== Services ( Services that are Whitelisted are not shown) ======

A5AGU (D-Link Wireless LAN 802.11 USB device driver)- C:\Windows\system32\DRIVERS\AGUx86.sys - Manual/Stopped
adp94xx (adp94xx)- C:\Windows\system32\drivers\adp94xx.sys - Disabled/Stopped
adpahci (adpahci)- C:\Windows\system32\drivers\adpahci.sys - Disabled/Stopped
amdide (amdide)- C:\Windows\system32\drivers\amdide.sys - Disabled/Stopped
arcsas (arcsas)- C:\Windows\system32\drivers\arcsas.sys - Disabled/Stopped
avipbb (avipbb)- C:\Windows\system32\DRIVERS\avipbb.sys - System/Running
bowser (Bowser)- C:\Windows\system32\DRIVERS\bowser.sys - Manual/Running
BrFiltLo (Brother USB Mass-Storage Lower Filter Driver)- C:\Windows\system32\drivers\brfiltlo.sys - Manual/Stopped
BrFiltUp (Brother USB Mass-Storage Upper Filter Driver)- C:\Windows\system32\drivers\brfiltup.sys - Manual/Stopped
Brserid (Brother MFC Serial Port Interface Driver (WDM))- C:\Windows\system32\drivers\brserid.sys - Disabled/Stopped
BrSerWdm (Brother WDM Serial driver)- C:\Windows\system32\drivers\brserwdm.sys - Disabled/Stopped
BrUsbMdm (Brother MFC USB Fax Only Modem)- C:\Windows\system32\drivers\brusbmdm.sys - Disabled/Stopped
BrUsbSer (Brother MFC USB Serial WDM Driver)- C:\Windows\system32\drivers\brusbser.sys - Manual/Stopped
circlass (Consumer IR Devices)- C:\Windows\system32\drivers\circlass.sys - Disabled/Stopped
CLFS (Common Log (CLFS))- C:\Windows\system32\CLFS.sys - Boot/Running
Crusoe (Transmeta Crusoe Processor Driver)- C:\Windows\system32\drivers\crusoe.sys - Disabled/Stopped
DfsC (DFS Namespace Client Driver)- C:\Windows\system32\Drivers\dfsc.sys - System/Running
DXGKrnl (LDDM Graphics Subsystem)- C:\Windows\system32\drivers\dxgkrnl.sys - Manual/Running
E100B (Intel® PRO Adapter Driver)- C:\Windows\system32\DRIVERS\e100b325.sys - Manual/Running
E1G60 (Intel® PRO/1000 NDIS 6 Adapter Driver)- C:\Windows\system32\DRIVERS\E1G60I32.sys - Manual/Stopped
Ecache (ReadyBoost Caching Driver)- C:\Windows\system32\drivers\ecache.sys - Boot/Running
elxstor (elxstor)- C:\Windows\system32\drivers\elxstor.sys - Disabled/Stopped
FileInfo (File Information FS MiniFilter)- C:\Windows\system32\drivers\fileinfo.sys - Boot/Running
Filetrace (FileTrace)- C:\Windows\system32\drivers\filetrace.sys - Manual/Stopped
fssfltr (FssFltr)- C:\Windows\system32\DRIVERS\fssfltr.sys - Manual/Stopped
gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms)- C:\Windows\system32\drivers\gagp30kx.sys - Manual/Stopped
HidBth (Microsoft Bluetooth HID Miniport)- C:\Windows\system32\drivers\hidbth.sys - Disabled/Stopped
HidIr (Microsoft Infrared HID Driver)- C:\Windows\system32\drivers\hidir.sys - Disabled/Stopped
HpCISSs (HpCISSs)- C:\Windows\system32\drivers\hpcisss.sys - Disabled/Stopped
HSXHWBS2 (HSXHWBS2)- C:\Windows\system32\DRIVERS\HSXHWBS2.sys - Manual/Running
iaStor (Intel RAID Controller)- C:\Windows\system32\drivers\iastor.sys - Boot/Running
iaStorV (Intel RAID Controller Vista)- C:\Windows\system32\drivers\iastorv.sys - Disabled/Stopped
igfx (igfx)- C:\Windows\system32\DRIVERS\igdkmd32.sys - Manual/Running
IPMIDRV (IPMIDRV)- C:\Windows\system32\drivers\ipmidrv.sys - Disabled/Stopped
iScsiPrt (iScsiPort Driver)- C:\Windows\system32\DRIVERS\msiscsi.sys - Manual/Running
iteatapi (ITEATAPI_Service_Install)- C:\Windows\system32\drivers\iteatapi.sys - Disabled/Stopped
iteraid (ITERAID_Service_Install)- C:\Windows\system32\drivers\iteraid.sys - Disabled/Stopped
lltdio (Link-Layer Topology Discovery Mapper I/O Driver)- C:\Windows\system32\DRIVERS\lltdio.sys - Auto/Running
LSI_FC (LSI_FC)- C:\Windows\system32\drivers\lsi_fc.sys - Disabled/Stopped
LSI_SAS (LSI_SAS)- C:\Windows\system32\drivers\lsi_sas.sys - Disabled/Stopped
LSI_SCSI (LSI_SCSI)- C:\Windows\system32\drivers\lsi_scsi.sys - Disabled/Stopped
luafv (UAC File Virtualization)- C:\Windows\system32\drivers\luafv.sys - Disabled/Stopped
MagicTune (MagicTune)- C:\Windows\system32\drivers\MTiCtwl.sys - Manual/Stopped
megasas (megasas)- C:\Windows\system32\drivers\megasas.sys - Disabled/Stopped
mpio (Microsoft Multi-Path Bus Driver)- C:\Windows\system32\drivers\mpio.sys - Disabled/Stopped
mpsdrv (Windows Firewall Authorization Driver)- C:\Windows\system32\drivers\mpsdrv.sys - Manual/Running
mrxsmb10 (SMB 1.x MiniRedirector)- C:\Windows\system32\DRIVERS\mrxsmb10.sys - Manual/Running
mrxsmb20 (SMB 2.0 MiniRedirector)- C:\Windows\system32\DRIVERS\mrxsmb20.sys - Manual/Running
msahci (msahci)- C:\Windows\system32\drivers\msahci.sys - Disabled/Stopped
msdsm (Microsoft Multi-Path Device Specific Module)- C:\Windows\system32\drivers\msdsm.sys - Disabled/Stopped
msisadrv (ISA/EISA Class Driver)- C:\Windows\system32\drivers\msisadrv.sys - Boot/Running
MsRPC (MsRPC)- C:\Windows\system32\drivers\MsRPC.sys - Manual/Stopped
NativeWifiP (NativeWiFi Filter)- C:\Windows\system32\DRIVERS\nwifi.sys - Manual/Running
nfrd960 (nfrd960)- C:\Windows\system32\drivers\nfrd960.sys - Disabled/Stopped
nmwcd (Nokia USB Phone Parent)- C:\Windows\system32\drivers\ccdcmb.sys - Manual/Stopped
nmwcdc (Nokia USB Generic)- C:\Windows\system32\drivers\ccdcmbo.sys - Manual/Stopped
nmwcdnsu (Nokia USB Flashing Phone Parent)- C:\Windows\system32\drivers\nmwcdnsu.sys - Manual/Stopped
nmwcdnsuc (Nokia USB Flashing Generic)- C:\Windows\system32\drivers\nmwcdnsuc.sys - Manual/Stopped
nsiproxy (NSI proxy service)- C:\Windows\system32\drivers\nsiproxy.sys - System/Running
ntrigdigi (N-trig HID Tablet Driver)- C:\Windows\system32\drivers\ntrigdigi.sys - Disabled/Stopped
NuidFltr (NUID filter driver)- C:\Windows\system32\DRIVERS\NuidFltr.sys - Manual/Running
nvstor (nvstor)- C:\Windows\system32\drivers\nvstor.sys - Disabled/Stopped
OVT511Plus (Dual Mode USB Camera Plus)- C:\Windows\system32\Drivers\omcamvid.sys - Manual/Stopped
PEAUTH (PEAUTH)- C:\Windows\system32\drivers\peauth.sys - Auto/Running
Ps2 (PS2)- C:\Windows\system32\DRIVERS\PS2.sys - Manual/Running
ql2300 (QLogic Fibre Channel Miniport Driver)- C:\Windows\system32\drivers\ql2300.sys - Disabled/Stopped
ql40xx (QLogic iSCSI Miniport Driver)- C:\Windows\system32\drivers\ql40xx.sys - Disabled/Stopped
QWAVEdrv (QWAVE driver)- C:\Windows\system32\drivers\qwavedrv.sys - Manual/Stopped
RDPENCDD (RDP Encoder Mirror Driver)- C:\Windows\system32\drivers\rdpencdd.sys - System/Running
rspndr (Link-Layer Topology Discovery Responder)- C:\Windows\system32\DRIVERS\rspndr.sys - Auto/Running
sbp2port (SBP-2 Transport/Protocol Bus Driver)- C:\Windows\system32\drivers\sbp2port.sys - Disabled/Stopped
sermouse (Serial Mouse Driver)- C:\Windows\system32\drivers\sermouse.sys - Disabled/Stopped
sffdisk (SFF Storage Class Driver)- C:\Windows\system32\drivers\sffdisk.sys - Disabled/Stopped
sffp_mmc (SFF Storage Protocol Driver for MMC)- C:\Windows\system32\drivers\sffp_mmc.sys - Manual/Stopped
sffp_sd (SFF Storage Protocol Driver for SDBus)- C:\Windows\system32\drivers\sffp_sd.sys - Manual/Stopped
SiSRaid2 (SiSRaid2)- C:\Windows\system32\drivers\sisraid2.sys - Disabled/Stopped
SiSRaid4 (SiSRaid4)- C:\Windows\system32\drivers\sisraid4.sys - Disabled/Stopped
spldr (Security Processor Loader Driver)- C:\Windows\system32\drivers\spldr.sys - Boot/Running
srv2 (srv2)- C:\Windows\system32\DRIVERS\srv2.sys - Manual/Running
srvnet (srvnet)- C:\Windows\system32\DRIVERS\srvnet.sys - Manual/Running
ssmdrv (ssmdrv)- C:\Windows\system32\DRIVERS\ssmdrv.sys - System/Running
Tcpip6 (Microsoft IPv6 Protocol Driver)- C:\Windows\system32\DRIVERS\tcpip.sys - Manual/Stopped
tcpipreg (TCP/IP Registry Compatibility)- C:\Windows\system32\drivers\tcpipreg.sys - Auto/Running
tdx (NetIO Legacy TDI Support Driver)- C:\Windows\system32\DRIVERS\tdx.sys - System/Running
tssecsrv (Terminal Services Security Filter Driver)- C:\Windows\system32\DRIVERS\tssecsrv.sys - Manual/Running
tunmp (Microsoft Tun Miniport Adapter Driver)- C:\Windows\system32\DRIVERS\tunmp.sys - Manual/Running
tunnel (Microsoft IPv6 Tunnel Miniport Adapter Driver)- C:\Windows\system32\DRIVERS\tunnel.sys - Manual/Running
uagp35 (Microsoft AGPv3.5 Filter)- C:\Windows\system32\drivers\uagp35.sys - Manual/Stopped
uliagpkx (Uli AGP Bus Filter)- C:\Windows\system32\drivers\uliagpkx.sys - Manual/Stopped
uliahci (uliahci)- C:\Windows\system32\drivers\uliahci.sys - Disabled/Stopped
UlSata (UlSata)- C:\Windows\system32\drivers\ulsata.sys - Disabled/Stopped
ulsata2 (ulsata2)- C:\Windows\system32\drivers\ulsata2.sys - Disabled/Stopped
umbus (UMBus Enumerator Driver)- C:\Windows\system32\DRIVERS\umbus.sys - Manual/Running
UMPass (Microsoft UMPass Driver)- C:\Windows\system32\DRIVERS\umpass.sys - Manual/Stopped
upperdev (upperdev)- C:\Windows\system32\DRIVERS\usbser_lowerflt.sys - Manual/Stopped
USBAAPL (Apple Mobile USB Driver)- C:\Windows\system32\Drivers\usbaapl.sys - Manual/Stopped
usbcir (eHome Infrared Receiver (USBCIR))- C:\Windows\system32\drivers\usbcir.sys - Disabled/Stopped
usbser (USB Modem Driver)- C:\Windows\system32\drivers\usbser.sys - Manual/Stopped
UsbserFilt (UsbserFilt)- C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys - Manual/Stopped
ViaC7 (VIA C7 Processor Driver)- C:\Windows\system32\drivers\viac7.sys - Disabled/Stopped
volmgr (Volume Manager Driver)- C:\Windows\system32\drivers\volmgr.sys - Boot/Running
volmgrx (Dynamic Volume Manager)- C:\Windows\system32\drivers\volmgrx.sys - Boot/Running
vsmraid (vsmraid)- C:\Windows\system32\drivers\vsmraid.sys - Disabled/Stopped
VSTHWBS2 (VSTHWBS2)- C:\Windows\system32\DRIVERS\VSTBS23.SYS - Manual/Stopped
VST_DPV (VST_DPV)- C:\Windows\system32\DRIVERS\VSTDPV3.SYS - Manual/Stopped
WacomPen (Wacom Serial Pen HID Driver)- C:\Windows\system32\drivers\wacompen.sys - Disabled/Stopped
Wanarpv6 (Remote Access IPv6 ARP Driver)- C:\Windows\system32\DRIVERS\wanarp.sys - System/Running
Wdf01000 (Kernel Mode Driver Frameworks service)- C:\Windows\system32\drivers\Wdf01000.sys - Boot/Running
WinDriver6 (WinDriver6)- C:\Windows\system32\drivers\windrvr6.sys - Manual/Running
WmiAcpi (Microsoft Windows Management Interface for ACPI)- C:\Windows\system32\drivers\wmiacpi.sys - Disabled/Stopped
WpdUsb (WpdUsb)- C:\Windows\system32\DRIVERS\wpdusb.sys - Manual/Stopped
XAudio (XAudio)- C:\Windows\system32\DRIVERS\xaudio.sys - Auto/Running

====== Uninstall List ======

A file named 'UNI.txt' was created and saved to
FileListers default location. Post the results if requested.

======== Other Info ========

TOTAL PHYSICAL RAM: 2137 MB

Boot Info

OS Type: Microsoft® Windows Vista™ Home Premium
Build: 6.0.6001
Service Pack: 1.0

====== Files with Hidden Attributes======

A file named 'Hidden.txt' was created and saved to
FileListers default location. Post the results if requested.

==End of Report==
  • 0

#29
hammerman
Posted 12 May 2010 - 02:52 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please download maxlook, saving the file to your desktop.
Double click maxlook.exe to run it. Note - you must run it only once!
As instructed when the tool runs, restart the computer and logon to the Recovery Environment.
Once you get to the System Recovery Options screen, first take note of the drive letter assigned to the operating system, then select Command Prompt.

Posted Image

Type the following bolded command at the x:\sources> prompt (or x:\windows\system32>) then hit Enter.

cd /d x:\windows <--- the red x represents your operating system drive letter, as shown in the image below


Posted Image

At the C:\Windows> prompt type the following command then hit Enter

look.bat

You will see many files copied then return to the x:\windows> prompt.
Type Exit then restart your computer and logon in normal mode.
Please run maxlook.exe again now. Note - you must run it only once!
It will produce looklog.txt on the desktop and open it.
Please post the results here.
  • 0

#30
HalYurAznPal
Posted 12 May 2010 - 04:58 PM

HalYurAznPal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Here is the maxlook log

Run from C:\Users\Hallel\Desktop\maxlook.exe on 12/05/2010 at 18:56:44.88

No infected file found
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP