I use Sygate firewall and (until recently) AVG antivirus, on XP-SP3.
After a guest used my computer, the following behavior started:
1) services.exe wanted to connect to www.navlot.com and www.arrodilla.com I disallowed the connections with sygate, and redirected them to 127.0.0.1 in "hosts" file
2) AVG kept finding an infected file with a "generic" type of infection, and i kept deleting it. it happened for about 5 times. Then AVG didnt find that file anymore.
3) I cant open connections (http) to www.avira.com, www.avast.com, www.eset.com, www.cnet.com, and several other sites that may offer antivirus apps. I used a sniffer (wireshark) to check it - when i http to one of these sites, i dont even see a SYN request, so its blocked somewhere before wireshark on the tcp stack.
Timewise this behavior began after i let Nokia OVI download an update, but i dont think its related.
i cant find the virus/malware blocking my connections (and possibly doing other malicious stuff), i'm asking for your help.
i followed the instructions on this site:
1) Malwarebytes didnt find anything of use (only several bad cookies). When i ran it again, it didnt find anything anymore
2) I uninstalled AVG and installed Avast! that didnt find anything as well.
3) ran TFC, ERUNT
4) when i run GMER with "files" test, at some point i get a blue screen. i tried several runs - it keep blue-screening. so i the log i attach DOES NOT INCLUDE FILES, i hope its enough for now.
i cant seem to find the virus/malware blocking my connections, i'm asking for your help.
thank you.
%%%%%%%%%%%%%%%%%%%% GMER LOG START %%%%%%%%%%%%%%%%%%%%
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-06 08:45:43
Windows 5.1.2600 Service Pack 3
Running: fkikoszg.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pgldrpow.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwAllocateVirtualMemory [0xBA28AB30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA429EC08]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA429EAC4]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwCreateThread [0xBA28A6F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xA429F078]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA429EFA2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA429E69A]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xBA28A470]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA429EB9E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA429E5DA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA429E63E]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwProtectVirtualMemory [0xBA28AC50]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA429ECBE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xA429F146]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA429EC7E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA429EDFE]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xBA28A990]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwTerminateProcess [0xBA28A8D0]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwWriteVirtualMemory [0xBA28AD60]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xA42AB50A]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xA42AB32E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xA42AB468]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2C74 80504510 4 Bytes JMP 9192A429
PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP A42AB46C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP A42AB332 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP A42A74AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP A42A897E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP A42AB50E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text tcpip.sys!IPTransmit + 10FC A43CBD3A 6 Bytes CALL B9D07CE0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPTransmit + 2A52 A43CD690 6 Bytes CALL B9D07CE0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPRegisterProtocol + 930 A43E3454 6 Bytes CALL B9D07CE0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text wanarp.sys B5CD03FD 7 Bytes CALL B9D07E30 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\aswTdi \Device\AswUdpFilter wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\aswTdi \Device\ASWTDI wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\aswTdi \Device\AswTcpFilter wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
---- EOF - GMER 1.0.15 ----
%%%%%%%%%%%%%%%%%%%% GMER LOG END %%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%% MBAM LOG START %%%%%%%%%%%%%%%%%%%%
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4069
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
05/05/2010 21:10:30
mbam-log-2010-05-05 (21-10-30).txt
Scan type: Quick scan
Objects scanned: 116466
Time elapsed: 2 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
%%%%%%%%%%%%%%%%%%%% MBAM LOG END %%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%% OTL LOG START %%%%%%%%%%%%%%%%%%%%
OTL logfile created on: 06/05/2010 08:56:35 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\tmp\vir
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 661.27 Gb Free Space | 70.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 298.08 Gb Total Space | 34.93 Gb Free Space | 11.72% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: IS
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/04/26 01:50:50 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\tmp\vir\OTL.exe
PRC - [2010/04/14 19:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/04/14 19:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/12/15 18:19:14 | 002,465,792 | ---- | M] (SEC) -- C:\Program Files\MagicTune Premium\MagicTune.exe
PRC - [2009/11/27 03:33:24 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2008/07/23 18:04:20 | 005,625,344 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/23 16:05:00 | 000,045,056 | ---- | M] () -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
PRC - [2007/01/15 17:18:00 | 000,036,864 | ---- | M] () -- C:\Program Files\MagicTune Premium\GammaTray.exe
PRC - [2004/08/13 20:05:56 | 002,532,576 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe
PRC - [2004/03/31 16:23:06 | 000,823,296 | ---- | M] (LockTime) -- C:\Program Files\NetLimiter\NetLimiter.exe
========== Modules (SafeList) ==========
MOD - [2010/04/26 01:50:50 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\tmp\vir\OTL.exe
MOD - [2004/08/10 18:05:30 | 000,083,096 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\SSSensor.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/04/14 19:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/04/14 19:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/04/14 19:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/11/27 03:33:24 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/10/20 21:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/11/27 16:38:04 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2007/11/27 14:57:52 | 000,213,552 | ---- | M] (National Instruments Corporation) [On_Demand | Stopped] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2007/11/27 14:57:20 | 000,050,736 | ---- | M] (National Instruments Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lktsrv.exe -- (lkTimeSync)
SRV - [2007/11/27 14:56:48 | 000,040,488 | ---- | M] (National Instruments Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lkads.exe -- (lkClassAds)
SRV - [2007/11/07 09:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/08/23 16:05:00 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine)
SRV - [2007/07/19 17:38:16 | 000,048,704 | ---- | M] (National Instruments Corp.) [On_Demand | Stopped] -- C:\WINDOWS\System32\nisvcloc.exe -- (niSvcLoc)
SRV - [2007/01/29 16:19:48 | 001,007,616 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2004/08/13 20:05:56 | 002,532,576 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService)
========== Driver Services (SafeList) ==========
DRV - [2010/04/14 19:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/04/14 19:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/04/14 19:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/04/14 19:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/04/14 19:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/14 19:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/10/20 21:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/10/06 11:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/06/04 14:53:04 | 000,014,080 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MTiCtwl.sys -- (MagicTune)
DRV - [2009/03/21 00:21:31 | 000,110,080 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2009/03/21 00:21:30 | 006,048,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2009/03/21 00:19:38 | 000,111,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/03/21 00:18:34 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2009/03/21 00:15:20 | 004,745,216 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/11/02 22:55:08 | 000,062,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BazisVirtualCD.sys -- (BazisVirtualCD)
DRV - [2008/11/02 16:14:10 | 000,056,320 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VirtDiskBus.sys -- (VirtDiskBus)
DRV - [2008/09/18 17:49:33 | 000,324,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 05:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/10/23 11:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2005/01/02 04:10:37 | 000,026,240 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2005/01/02 04:07:05 | 000,009,728 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2004/08/13 05:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/10 18:05:44 | 000,014,240 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n)
DRV - [2004/08/10 18:05:42 | 000,014,240 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n)
DRV - [2004/08/10 18:05:42 | 000,014,240 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n)
DRV - [2004/08/10 18:05:42 | 000,014,240 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n)
DRV - [2004/08/10 17:53:14 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2004/08/10 17:51:30 | 000,059,984 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer)
DRV - [2003/09/25 02:00:00 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/iat/us_il.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 43 E1 AD C9 E0 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/10 17:06:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/26 01:21:41 | 000,000,000 | ---D | M]
[2009/03/22 00:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/05/01 15:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1kgzer79.default\extensions
[2009/10/07 17:18:06 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1kgzer79.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2010/04/20 22:45:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1kgzer79.default\extensions\{a089fffd-e0cb-431b-8d3a-ebb8afb26dcf}
[2010/05/01 15:36:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1kgzer79.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/13 11:48:02 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1kgzer79.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/04/20 22:45:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1kgzer79.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/12/25 17:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1kgzer79.default\extensions\filtersetg@updater
[2010/05/05 11:51:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/25 11:58:43 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2007/02/08 11:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll
[2007/07/24 19:03:42 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files\Mozilla Firefox\plugins\nplv85win32.dll
O1 HOSTS File: ([2010/04/24 01:49:27 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe (LockTime)
O4 - HKLM..\Run: [NI Background Service] C:\Program Files\National Instruments\Shared\Update Service\BackgroundService.exe (National Instruments)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe ()
O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GammaTray.lnk = C:\Program Files\MagicTune Premium\GammaTray.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\NetLimiter\nl_lsp.dll ()
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: orange.co.il ([access] https in Trusted sites)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://access.orang...ca32/wficat.cab (Citrix ICA Client)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1272040042125 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-09.su...ows-i586-jc.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {EC0403E0-9158-4CF8-A2B6-3C62C3B9B6B7} https://access.orang...t/EPAClient.exe (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.117.235.237 62.219.186.7
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/20 09:15:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9ea08bb8-3733-11de-b8e2-002354269aa5}\Shell - "" = AutoRun
O33 - MountPoints2\{9ea08bb8-3733-11de-b8e2-002354269aa5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9ea08bb8-3733-11de-b8e2-002354269aa5}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/03/20 09:14:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)
========== Files/Folders - Created Within 90 Days ==========
[2010/05/05 21:12:32 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/05 21:12:32 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/05 21:12:32 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/05 21:12:32 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/05 21:12:32 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/05 21:12:32 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/05 21:12:32 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/05 21:12:26 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/05 21:12:26 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/05 21:12:23 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/05 21:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/05 20:49:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/05 20:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/05 12:03:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/05/05 12:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2010/05/05 12:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2010/05/05 12:03:37 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/05/05 12:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/05/05 12:03:31 | 000,007,936 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2010/05/05 12:03:31 | 000,007,936 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2010/05/05 12:03:30 | 000,022,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2010/05/05 12:03:29 | 000,660,480 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2010/05/05 12:03:29 | 000,017,664 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2010/05/05 12:03:27 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010/05/04 12:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\BwgSoftware
[2010/05/03 09:05:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\pics
[2010/05/01 15:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2010/05/01 15:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\vlc-1.0.5
[2010/04/28 12:37:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/25 23:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/04/25 23:25:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/25 23:25:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/25 23:25:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/25 23:25:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/24 01:40:18 | 000,000,000 | ---D | C] -- C:\AVGTemp
[2010/04/21 10:22:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/04/21 00:51:17 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/04/20 23:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/04/14 17:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\VLSI
[2010/04/08 17:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Vinnitsa_2010
[2010/03/25 12:17:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\skypePM
[2010/03/25 12:14:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\OvtCam
[2010/03/25 12:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2010/03/25 12:12:21 | 000,174,530 | ---- | C] (OmniVision Technologies, Inc.) -- C:\WINDOWS\System32\drivers\ov519vid.sys
[2010/03/25 12:12:21 | 000,135,168 | ---- | C] (OmniVision Technologies, Inc.) -- C:\WINDOWS\ov519cap.exe
[2010/03/25 12:12:21 | 000,061,440 | ---- | C] (OmniVision Technologies, Inc.) -- C:\WINDOWS\ov519dib.dll
[2010/03/25 12:12:21 | 000,040,960 | ---- | C] (OmniVision Technologies Inc.) -- C:\WINDOWS\System32\ov519ext.dll
[2010/03/25 12:12:21 | 000,025,211 | ---- | C] (OmniVision Technologies Inc.) -- C:\WINDOWS\System32\drivers\ov519cmd.sys
[2010/03/25 12:12:21 | 000,025,099 | ---- | C] (OmniVision Technologies Inc.) -- C:\WINDOWS\System32\ov519ext.ax
[2010/03/25 12:12:21 | 000,016,426 | ---- | C] (OmniVision Technologies Inc.) -- C:\WINDOWS\System32\ov519usd.dll
[2010/03/25 12:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\VGA USB Camera
[2010/03/25 12:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Skype
[2010/03/25 11:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/03/25 11:58:20 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/03/25 11:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/03/24 18:45:14 | 000,000,000 | ---D | C] -- C:\disk_on_key_backup
[2010/03/24 11:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\Xming
[2010/03/24 11:28:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SSH
[2010/03/20 19:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2010/03/19 00:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\avisplit
[2010/03/12 18:54:58 | 000,000,000 | ---D | C] -- C:\canon_downloads
[2010/02/22 14:25:37 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/02/06 13:42:49 | 000,000,000 | ---D | C] -- C:\GMouse20
[2010/02/06 13:42:45 | 000,283,648 | ---- | C] (Stirling Technologies, Inc.) -- C:\WINDOWS\uninst.exe
[2010/02/06 13:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\WINDOWS
========== Files - Modified Within 90 Days ==========
[2010/05/06 08:32:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/06 08:32:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/06 08:23:19 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{33678BF7-0ACC-41A0-BD5B-03F8DD4BA146}.job
[2010/05/06 01:23:43 | 007,147,520 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/05/06 01:23:43 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/05/06 00:37:59 | 000,028,014 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\win_logon.reg
[2010/05/05 21:12:32 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/05 21:12:32 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/05 12:06:36 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/05 12:06:36 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/05 12:06:36 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/05 12:03:43 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2010/05/04 12:18:01 | 000,002,112 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BwgBurn.lnk
[2010/05/04 11:24:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/01 15:53:16 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\vlc.exe.lnk
[2010/04/30 14:55:43 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/30 02:46:15 | 000,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 20:37:33 | 000,075,808 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/26 20:36:50 | 000,303,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/23 19:38:28 | 000,000,528 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/23 19:38:28 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/04/22 11:47:00 | 004,318,672 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/04/21 01:14:34 | 000,570,790 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\me.jpg
[2010/04/21 00:51:17 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/04/20 22:59:43 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/04/15 03:51:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/14 19:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/14 19:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/14 19:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/14 19:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/14 19:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/14 19:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/14 19:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/14 19:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/14 19:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/10 20:20:50 | 003,351,750 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\kefir_05_kak_na_ulitcu.mp3
[2010/03/26 16:46:11 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2010/03/25 12:17:46 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/20 22:07:48 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010/03/04 01:01:44 | 000,000,519 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2010/02/06 19:17:10 | 000,000,110 | ---- | M] () -- C:\WINDOWS\GMouse.ini
========== Files Created - No Company Name ==========
[2010/05/06 00:37:59 | 000,028,014 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\win_logon.reg
[2010/05/05 21:12:32 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/05 12:03:43 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2010/05/04 12:18:01 | 000,002,112 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BwgBurn.lnk
[2010/05/01 15:53:16 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\vlc.exe.lnk
[2010/04/21 10:35:00 | 000,000,438 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{33678BF7-0ACC-41A0-BD5B-03F8DD4BA146}.job
[2010/04/21 01:14:34 | 000,570,790 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\me.jpg
[2010/04/20 21:54:07 | 003,351,750 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\kefir_05_kak_na_ulitcu.mp3
[2010/04/16 11:59:55 | 007,147,520 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/03/26 16:46:11 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2010/03/25 12:17:46 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/25 12:12:21 | 000,200,704 | ---- | C] () -- C:\WINDOWS\sel3110.exe
[2010/03/25 12:12:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\CleanDev.exe
[2010/03/25 12:12:21 | 000,032,528 | ---- | C] () -- C:\WINDOWS\amcap.exe
[2010/03/25 11:58:21 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/03/20 22:07:48 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010/02/06 19:17:10 | 000,000,110 | ---- | C] () -- C:\WINDOWS\GMouse.ini
[2009/10/20 21:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/03/23 01:47:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/21 01:12:39 | 000,000,519 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2009/03/21 00:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll
[2009/03/21 00:18:48 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009/03/21 00:18:48 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009/03/21 00:18:45 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/03/21 00:18:45 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/03/21 00:15:45 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/03/20 23:31:56 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/03/20 23:31:50 | 000,034,642 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/03/20 23:31:50 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/11/02 16:12:02 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\BazisVirtualCD.sys
[2008/11/02 16:11:38 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\VirtDiskBus.sys
[2007/10/23 11:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys
[2004/08/10 21:39:04 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2004/03/30 23:47:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\nl_msgs.dll
[2004/03/30 23:47:41 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\nl_msgc.dll
========== LOP Check ==========
[2009/12/22 18:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG9
[2009/05/03 21:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BwgSoftware
[2009/06/04 13:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Citrix
[2009/03/24 04:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/03/24 02:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Design Science
[2010/05/05 14:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\foobar2000
[2010/03/20 20:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2009/05/29 16:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\hte
[2009/06/08 19:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICAClient
[2009/04/10 15:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LockTime
[2009/07/14 18:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mp3tag
[2009/05/25 20:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MuPAD
[2009/04/15 19:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\National Instruments
[2009/06/04 13:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Netscape
[2010/05/05 11:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2009/12/30 01:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia Ovi Suite
[2010/01/24 15:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Notepad++
[2009/08/16 09:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2010/03/24 18:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SSH
[2010/04/14 02:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/02/03 01:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wireshark
[2010/05/05 21:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/05 20:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/05 12:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/04/15 18:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\National Instruments
[2010/05/05 12:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/12/26 20:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2010/05/06 08:23:19 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{33678BF7-0ACC-41A0-BD5B-03F8DD4BA146}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2003/02/19 15:23:20 | 000,315,240 | ---- | M] (Microsoft Corporation) -- C:\Q814761_WXP_SP2_x86_ENU.exe
[2003/02/19 15:23:22 | 000,131,944 | ---- | M] (Microsoft Corporation) -- C:\Q814761_WXP_SP2_x86_ENU_Symbols.exe
< MD5 for: AGP440.SYS >
[2008/07/12 18:19:54 | 018,835,952 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2008/07/12 18:19:54 | 018,835,952 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 07:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2007/01/23 17:22:16 | 000,032,890 | ---- | M] () MD5=4FA5D1120762802A741F374F8B391E69 -- C:\Program Files\MATLAB\R2009a\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll
[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: IASTOR.SYS >
[2009/03/21 00:20:25 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Drivers\RAID\IMSM_V8501032_XPVista\IMSM\Driver\32bit\IaStor.sys
[2008/09/18 17:49:33 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\NLDRV\001\iastor.sys
[2008/09/18 17:49:33 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2009/03/21 00:20:25 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Drivers\RAID\IMSM_V8501032_XPVista\IMSM\Driver\64bit\IaStor.sys
< MD5 for: NETLOGON.DLL >
[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009/03/21 05:06:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/03/21 05:06:28 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/03/21 05:06:28 | 000,917,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/14 19:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/04/14 19:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/04/14 19:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/04/14 19:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/04/14 19:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/04/14 19:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/04/14 19:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 16:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/11 14:36:50 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2010/04/21 00:51:17 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys
< End of report >
%%%%%%%%%%%%%%%%%%%% OTL LOG END %%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%% OTL EXTRAS LOG START %%%%%%%%%%%%%%%%%%%%
OTL Extras logfile created on: 06/05/2010 08:56:35 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\tmp\vir
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 661.27 Gb Free Space | 70.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 298.08 Gb Total Space | 34.93 Gb Free Space | 11.72% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: IS
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8256:TCP" = 8256:TCP
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\OLD_C_80gb\Program Files\eMule\emule.exe" = C:\OLD_C_80gb\Program Files\eMule\emule.exe:*:Disabled:eMule -- File not found
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- File not found
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- File not found
"C:\OLD_C_80gb\Documents\old_win\eMule\emule.exe" = C:\OLD_C_80gb\Documents\old_win\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2 -- File not found
"C:\Program Files\MagicTune Premium\MagicTune.exe" = C:\Program Files\MagicTune Premium\MagicTune.exe:*:Enabled:MagicTune -- (SEC)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{065F29A4-D4D9-4BB9-85AF-8A878907BBD6}" = NI LabVIEW Run-Time Engine 8.5.1
"{0699C67B-F5B5-4CA3-A3A9-B976406FA4DA}" = NI Service Locator
"{17F4ADCB-387E-43A5-8292-A4A37704D670}" = NI MDF Support
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{25A90BCC-92FB-4998-A1C2-403237B79D54}" = NI Circuit Design Suite 10.1 Edu Licenses
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{297BDF30-471F-4E8C-9C05-09C3882300CD}" = NI LabWindows/CVI 8.1.1 Run-Time Engine
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3116A1B1-4E07-46ED-89F9-57409D88588A}" = NI MetaSuite Installer
"{329A3C81-7884-4A64-B8F6-078795C31506}" = Citrix Endpoint Analysis Client
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{38A4AD83-3492-4A4E-A502-48106D88DD3E}" = NI USI 1.5.0
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{45FA54F6-8574-49D2-9E2D-0BDDE6237822}" = NI LabVIEW Run-Time Engine 8.2.1
"{4E0DE929-EB66-4A28-A351-645B22369078}" = NI Update Service 1.0
"{5474BF08-A9D0-49A2-9FCA-4D081B3797B5}" = NI Logos XT Support
"{57700DD3-0C10-4CE6-95BA-630284EE2CB1}" = NI License Manager
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{671A5B67-1A00-424A-A902-49BC020FB3D1}" = NI VC2005MSMs x86
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{69F9B60B-DD42-43F6-8B74-3E2C85DB3347}" = NI Circuit Design Suite 10.1 Education
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6E605604-E2CE-4331-AA19-5FEF273F3CFD}" = NI LabVIEW Real-Time FIFO for Runtime
"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant
"{7469D3E1-2470-4539-81CB-A95036683D9B}" = NI Update Service Extras 1.0
"{74712ACB-DD68-4A05-8D2B-8ABD5B29087C}" = NI Circuit Design Suite 10.1 Core
"{77F73F6E-139D-4B38-AB0D-6D2F0E860478}" = NI Logos 4.9.1
"{7C0B9FD1-5181-4446-AD62-299873B5508B}" = NI Uninstaller
"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8AD1C907-5AA3-471C-9825-90099149D453}" = BwgBurn Version 0.7.6
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901E040D-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Hebrew User Interface Pack
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BF448A52-C83E-455D-B5D3-FD9E964C9419}" = Sygate Personal Firewall Pro
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D105D090-E9E5-4572-A61C-01EDE7568A17}" = NI TDMS
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F28D6E4E-EA52-49F5-B5E8-EDA4F380F83A}" = NI DN 2.0 installer
"{F7D0E9F5-6025-49FA-B13C-CFA27E062062}" = NI EULA Depot
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"32fsu32_is1" = File Scavenger 3.2 (English)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"avast5" = avast! Free Antivirus
"AVI Splitter_is1" = AVI Splitter
"Citrix ICA Web Client" = MetaFrame Presentation Server Web Client for Win32
"CloneCD" = CloneCD
"DSMT6" = MathType 6
"ERUNT_is1" = ERUNT 1.1j
"foobar2000" = foobar2000 v0.9.6.3
"GhostMouse 2.0" = GhostMouse 2.0
"Google Desktop" = Google Desktop
"HC51 9.60PL0" = HI-TECH C51-lite V9.60PL0
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Photo & Imaging" = HP Image Zone 4.2
"ie8" = Windows Internet Explorer 8
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2009a" = MATLAB R2009a
"MentorGraphicsJI" = Mentor Graphics Products
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mp3tag" = Mp3tag v2.44
"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
"Musette_is1" = Musette version 2.9.9
"NetLimiter" = NetLimiter 1.30 (remove only)
"NI Uninstaller" = National Instruments Software
"Nokia PC Suite" = Nokia PC Suite
"Picasa 3" = Picasa 3
"PICC 9.60PL0" = HI-TECH PICC lite V9.60PL0
"Transcribe!_is1" = Transcribe! 7.51
"VGA USB Camera" = VGA USB Camera
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"Wireshark" = Wireshark 1.2.6
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Xming_is1" = Xming 6.9.0.31
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 20/04/2010 15:05:58 | Computer Name = IS | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in avscan.exe [1012]. Just-In-Time
debugging this exception failed with the following error: The logged in user did
not have access to debug the crashing application. Check the documentation index
for 'Just-in-time debugging, errors' for more information.
Error - 24/04/2010 12:59:25 | Computer Name = IS | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 bwg.createdatadisk.exe, P2 0.0.7.5, P3 496a4876,
P4 system.drawing, P5 2.0.0.0, P6 4889dec2, P7 184, P8 20, P9 system.argumentexception,
P10 NIL.
Error - 05/05/2010 04:39:10 | Computer Name = IS | Source = MsiInstaller | ID = 11500
Description = Product: MSVC80_x86_v2 -- Error 1500. Another installation is in progress.
You must complete that installation before continuing this one.
Error - 05/05/2010 04:44:26 | Computer Name = IS | Source = MsiInstaller | ID = 11500
Description = Product: MSVC80_x86 -- Error 1500. Another installation is in progress.
You must complete that installation before continuing this one.
[ System Events ]
Error - 05/05/2010 07:06:12 | Computer Name = IS | Source = Service Control Manager | ID = 7034
Description = The MagicTuneEngine service terminated unexpectedly. It has done
this 1 time(s).
Error - 05/05/2010 13:46:03 | Computer Name = IS | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 05/05/2010 13:46:03 | Computer Name = IS | Source = Service Control Manager | ID = 7034
Description = The MagicTuneEngine service terminated unexpectedly. It has done
this 1 time(s).
Error - 05/05/2010 13:46:03 | Computer Name = IS | Source = Service Control Manager | ID = 7034
Description = The Sygate Personal Firewall Pro service terminated unexpectedly.
It has done this 1 time(s).
Error - 05/05/2010 13:46:04 | Computer Name = IS | Source = Service Control Manager | ID = 7031
Description = The AVG Free WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.
Error - 05/05/2010 14:01:26 | Computer Name = IS | Source = Service Control Manager | ID = 7034
Description = The MagicTuneEngine service terminated unexpectedly. It has done
this 1 time(s).
Error - 05/05/2010 16:37:29 | Computer Name = IS | Source = Service Control Manager | ID = 7034
Description = The MagicTuneEngine service terminated unexpectedly. It has done
this 1 time(s).
Error - 05/05/2010 17:18:09 | Computer Name = IS | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3
00000001, parameter4 873ccff1.
Error - 05/05/2010 17:40:58 | Computer Name = IS | Source = Service Control Manager | ID = 7034
Description = The MagicTuneEngine service terminated unexpectedly. It has done
this 1 time(s).
Error - 05/05/2010 18:23:41 | Computer Name = IS | Source = Service Control Manager | ID = 7034
Description = The MagicTuneEngine service terminated unexpectedly. It has done
this 1 time(s).
< End of report >
%%%%%%%%%%%%%%%%%%%% OTL EXTRAS LOG END %%%%%%%%%%%%%%%%%%%%