Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help! Can't Remove Playsushi Virus


  • Please log in to reply

#1
pnzr993

pnzr993

    New Member

  • Member
  • Pip
  • 1 posts
Please Help! Have tried everything to remove play sushi. Ran Avast and Malbyte with no luck. Tried to delete it and remove it from FF. It keeps coming back. It appears to block certain searches. It will even block specific ping requests. It appears to be a Hack or Trojan of some sort?? :) I fear its trying to re-direct or steal credit card info??? Here are my logs:

OTL LOG:
TL logfile created on: 5/29/2010 11:11:50 PM - Run 1
OTL by OldTimer - Version 3.2.5.1 Folder = C:\Documents and Settings\admin\Desktop\PC Utilities
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1000 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 11.01 Gb Free Space | 9.85% Space Free | Partition Type: NTFS
Drive D: | 199.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EAGLE
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/29 23:10:57 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\PC Utilities\OTL.exe
PRC - [2010/05/25 14:32:02 | 000,074,984 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010/04/01 10:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/09 03:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/03/09 03:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/12/21 14:15:04 | 000,818,288 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/04/03 11:39:40 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files\AGI\core\3.1\AGCoreService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2001/08/17 23:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2010/05/29 23:10:57 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\PC Utilities\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/25 14:32:02 | 000,074,984 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/03/09 03:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/03/09 03:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/03/09 03:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/02/01 10:07:00 | 003,461,068 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/04/03 11:39:40 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files\AGI\core\3.1\AGCoreService.exe -- (AGCoreService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2002/09/25 19:30:26 | 000,099,904 | ---- | M] (Groove Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Groove Networks\Groove\Bin\GrooveInstallerService.exe -- (GrooveInstallerService)


========== Driver Services (SafeList) ==========

DRV - [2010/05/25 14:31:58 | 000,119,016 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/03/09 03:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/03/09 03:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/03/09 03:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/03/09 03:08:41 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/03/09 03:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/09 03:08:15 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/12/09 22:18:47 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/05/09 02:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/02/18 15:44:00 | 006,308,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/01/26 15:13:41 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/01/26 15:13:39 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/10/30 06:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/04/13 11:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/10/12 10:40:12 | 000,009,096 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/08/10 07:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/08/10 05:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/16 06:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/04/13 13:34:02 | 000,414,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2005/04/13 13:32:42 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2004/08/03 15:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2003/07/11 05:22:08 | 000,014,912 | ---- | M] (IBM) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\LUMDriver.sys -- (LUMDriver)
DRV - [2002/10/03 14:52:08 | 000,040,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STTub203.sys -- (STTub203)
DRV - [2001/08/17 13:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 13:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 13:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.ewtn.com/...dvent/index.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/25 10:54:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/29 20:15:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/29 20:15:35 | 000,000,000 | ---D | M]

[2009/12/21 08:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Extensions
[2010/05/29 22:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\908mwhee.default\extensions
[2010/05/29 20:40:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\908mwhee.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/29 20:15:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/22 10:15:24 | 000,404,992 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2010/05/29 20:48:39 | 000,000,698 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C17590D2-ECB4-4B15-8820-F58798DCC118} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.c.../acclaim_v5.cab (GameLauncher Control)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\admin\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\admin\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/03 21:40:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/15 12:47:30 | 000,000,000 | R--D | M] - D:\autorun -- [ CDFS ]
O32 - AutoRun File - [2010/01/14 15:48:42 | 000,000,037 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010/01/14 15:48:42 | 000,000,300 | R--- | M] () - D:\autorun.ini -- [ CDFS ]
O33 - MountPoints2\{17fc7dde-e227-11de-a5e0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{17fc7dde-e227-11de-a5e0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{17fc7dde-e227-11de-a5e0-806d6172696f}\Shell\AutoRun\command - "" = D:\autorun\autorun.exe -- [2010/01/14 15:48:42 | 000,533,864 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{461b29c1-94f3-11da-96e4-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{461b29c1-94f3-11da-96e4-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{461b29c1-94f3-11da-96e4-806d6172696f}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found
O33 - MountPoints2\{dbc22796-9bff-11de-a0c2-000c41ec50cd}\Shell - "" = AutoRun
O33 - MountPoints2\{dbc22796-9bff-11de-a0c2-000c41ec50cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dbc22796-9bff-11de-a0c2-000c41ec50cd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (smrgdf C:\Documents and Settings\Alex\Application Data\iolo\) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/02/03 21:40:04 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/29 21:40:06 | 000,000,000 | R--D | C] -- C:\Sandbox
[2010/05/29 21:13:30 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2010/05/29 20:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2010/05/29 19:30:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/29 10:52:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/05/28 21:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Startup Optimizer
[2010/05/27 17:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/12 15:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/05/06 18:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\Monopoly Star Wars
[2010/04/23 09:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/04/17 14:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\The Weather Channel FW
[2010/04/17 14:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\The Weather Channel
[2010/04/17 14:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/04/17 14:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/04/02 18:56:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/31 19:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Temp
[2010/03/30 17:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Desktop\games
[2010/03/29 10:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Roblox
[2010/03/29 10:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\RobloxVersions
[2010/03/29 10:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\RobloxDownloads
[2010/03/25 11:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/03/25 10:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Real
[2010/03/25 10:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/03/25 10:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/03/17 20:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\iBULC
[2010/03/17 20:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\iBULC
[2010/03/08 14:39:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\WINDOWS
[2010/03/03 18:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/03/02 12:01:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/03/02 12:01:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/03/02 12:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/29 23:08:01 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-1580818891-839522115-1009.job
[2010/05/29 23:08:01 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-854245398-1580818891-839522115-1009.job
[2010/05/29 21:49:00 | 000,001,452 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2010/05/29 21:30:26 | 000,000,588 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/29 21:30:26 | 000,000,256 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/05/29 21:30:26 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2010/05/29 21:13:31 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Sandboxed Web Browser.lnk
[2010/05/29 21:12:05 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/29 20:58:06 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\SystemLook.exe
[2010/05/29 20:51:58 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/29 20:51:55 | 000,206,929 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/29 20:51:50 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-854245398-1580818891-839522115-1008.job
[2010/05/29 20:51:50 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-854245398-1580818891-839522115-1007.job
[2010/05/29 20:51:50 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-854245398-1580818891-839522115-1006.job
[2010/05/29 20:51:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/29 20:51:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/29 20:51:21 | 2146,750,464 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/29 20:50:04 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\admin\NTUSER.DAT
[2010/05/29 20:15:38 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/29 19:21:47 | 000,000,793 | ---- | M] () -- C:\WINDOWS\ka.ini
[2010/05/29 19:16:13 | 000,000,125 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/05/29 11:25:30 | 000,151,382 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\bookmarks.html
[2010/05/27 22:20:49 | 000,032,152 | ---- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/27 22:18:22 | 000,175,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/27 09:18:41 | 000,030,339 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Data CD#1 May 2010.dbr
[2010/05/26 19:57:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/05/26 18:01:09 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\admin\ntuser.ini
[2010/05/26 16:13:34 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-1580818891-839522115-1006.job
[2010/05/26 10:25:26 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-1580818891-839522115-1008.job
[2010/05/26 09:00:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\rpc.job
[2010/05/24 12:20:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/21 07:29:55 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-1580818891-839522115-1007.job
[2010/05/20 09:45:25 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/19 08:45:48 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/18 22:01:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/17 21:15:58 | 000,002,603 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\results(3).csv
[2010/05/16 17:37:48 | 000,514,336 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\The most beautiful rainbow.odt
[2010/05/16 17:10:36 | 000,016,403 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\A Novena to the Holy Spirit.odt
[2010/05/12 22:24:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/01 06:45:09 | 000,009,399 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Stars and Strikes.ods
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 08:14:34 | 000,031,436 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/26 17:32:45 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Shortcut to iTunes.lnk
[2010/04/22 22:17:30 | 000,014,895 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Monica - English - Harrison Bergeron paper.odt
[2010/04/04 12:27:42 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\9Dragons.lnk
[2010/04/02 18:56:54 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/30 22:13:54 | 000,156,677 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Data CD#1.dbr
[2010/03/30 22:03:55 | 000,045,785 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Data CD#1 March 30 2010.dbr
[2010/03/29 10:36:39 | 000,000,060 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\httpwww.roblox.comDefault.aspx.URL
[2010/03/25 10:53:32 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/03/20 18:54:16 | 000,434,728 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/20 18:54:16 | 000,068,974 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/20 18:54:14 | 000,512,592 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/16 21:10:37 | 000,014,099 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\open office.odt
[2010/03/09 13:14:53 | 000,000,069 | ---- | M] () -- C:\WINDOWS\encore_launcher.ini
[2010/03/09 03:24:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/03/09 03:24:05 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/03/09 03:12:54 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/03/09 03:12:33 | 000,162,640 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/03/09 03:09:08 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/03/09 03:08:41 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/03/09 03:08:38 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/03/09 03:08:30 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/03/09 03:08:15 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/03/08 15:44:56 | 000,000,255 | ---- | M] () -- C:\WINDOWS\MMath.ini
[2010/03/02 18:29:27 | 000,020,722 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Survival Kit List.odt
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/29 21:13:42 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Sandboxed Web Browser.lnk
[2010/05/29 21:13:39 | 000,001,452 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/05/29 20:58:06 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\SystemLook.exe
[2010/05/29 20:15:38 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/29 11:25:30 | 000,151,382 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\bookmarks.html
[2010/05/27 09:18:41 | 000,030,339 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Data CD#1 May 2010.dbr
[2010/05/20 09:26:13 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/17 21:08:26 | 000,002,603 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\results(3).csv
[2010/05/16 17:37:47 | 000,514,336 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\The most beautiful rainbow.odt
[2010/05/16 17:09:26 | 000,016,403 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\A Novena to the Holy Spirit.odt
[2010/05/01 06:18:32 | 000,009,399 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Stars and Strikes.ods
[2010/04/27 08:14:34 | 000,031,436 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/26 17:32:44 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Shortcut to iTunes.lnk
[2010/04/22 22:17:30 | 000,014,895 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Monica - English - Harrison Bergeron paper.odt
[2010/04/04 12:27:42 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\9Dragons.lnk
[2010/03/31 12:27:20 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-854245398-1580818891-839522115-1007.job
[2010/03/31 12:27:18 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-1580818891-839522115-1007.job
[2010/03/30 22:13:54 | 000,156,677 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Data CD#1.dbr
[2010/03/30 22:03:55 | 000,045,785 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Data CD#1 March 30 2010.dbr
[2010/03/29 10:36:34 | 000,000,060 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\httpwww.roblox.comDefault.aspx.URL
[2010/03/26 16:12:55 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-854245398-1580818891-839522115-1008.job
[2010/03/26 16:12:52 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-1580818891-839522115-1008.job
[2010/03/26 09:02:53 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-854245398-1580818891-839522115-1006.job
[2010/03/26 09:02:51 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-1580818891-839522115-1006.job
[2010/03/25 10:54:55 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-854245398-1580818891-839522115-1009.job
[2010/03/25 10:54:53 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-1580818891-839522115-1009.job
[2010/03/08 15:44:53 | 000,000,255 | ---- | C] () -- C:\WINDOWS\MMath.ini
[2010/03/02 18:29:27 | 000,020,722 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Survival Kit List.odt
[2010/03/01 11:35:16 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\RapidTyping.lnk
[2010/02/07 10:01:17 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\STTubeDevice203.dll
[2010/02/07 10:01:17 | 000,040,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\STTub203.sys
[2010/01/01 10:46:54 | 000,908,288 | ---- | C] () -- C:\WINDOWS\System32\libxml2_CW.dll
[2009/12/31 17:09:20 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\libexpat.dll
[2009/12/09 22:18:46 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/12/05 20:41:30 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/10/10 13:37:22 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
[2009/10/10 13:37:17 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\ZFExt.dll
[2009/07/30 14:46:11 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2009/01/24 16:17:03 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll
[2009/01/08 16:42:09 | 000,000,035 | ---- | C] () -- C:\WINDOWS\WorldBuilder.INI
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/05/01 14:27:15 | 000,000,125 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/04/15 20:18:18 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTDLG13N.INI
[2008/02/01 09:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2007/09/21 22:42:46 | 000,000,027 | ---- | C] () -- C:\WINDOWS\9DSetup.ini
[2007/07/03 11:51:47 | 000,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/07/03 11:51:47 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/07/03 11:51:40 | 000,437,096 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2007/05/04 19:36:58 | 000,000,029 | ---- | C] () -- C:\WINDOWS\RRK.INI
[2007/04/16 20:51:48 | 000,000,094 | -H-- | C] () -- C:\WINDOWS\System32\tlr_WAasw.ini
[2007/03/17 11:58:27 | 000,000,094 | -H-- | C] () -- C:\WINDOWS\System32\tbd_G1ssg.ini
[2007/03/04 20:04:06 | 000,000,074 | ---- | C] () -- C:\WINDOWS\VSV.INI
[2006/12/05 15:46:06 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/12/05 15:41:30 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2006/12/05 15:40:35 | 000,000,025 | ---- | C] () -- C:\WINDOWS\EP_CX5000.ini
[2006/11/15 20:59:34 | 000,000,349 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/08/28 09:52:52 | 000,000,231 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/07/19 09:58:25 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/07/19 09:58:25 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/07/19 09:58:25 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/07/19 09:54:40 | 000,000,199 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2006/06/26 10:40:14 | 000,000,372 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2006/05/29 07:24:22 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Edofma.INI
[2006/05/04 11:08:36 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/05/04 11:08:09 | 000,003,798 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/03/28 13:18:51 | 000,000,046 | ---- | C] () -- C:\WINDOWS\smsafari.ini
[2006/03/28 12:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/03/13 10:57:46 | 000,000,158 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2006/03/13 10:57:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2006/02/27 10:58:35 | 000,002,213 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/02/21 13:43:02 | 000,000,793 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006/02/06 20:48:33 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/02/04 17:11:01 | 000,000,769 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2006/02/04 16:56:52 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\lxaklcnp.dll
[2005/12/10 04:06:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/12/10 04:06:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/12/10 04:06:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/12/10 04:06:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/12/10 04:06:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/10 04:06:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2000/05/08 11:43:14 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\W007T32W.DLL
[2000/04/12 15:28:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2000/04/12 15:24:10 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1997/06/13 17:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/04/05 09:10:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Ace
[2009/07/09 09:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\AGI
[2010/01/22 13:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\DassaultSystemes
[2010/01/21 22:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\DeepBurner
[2010/03/17 20:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\iBULC
[2009/08/08 15:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\LEGO Media
[2010/02/07 20:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\My Battle for Middle-earth™ II Files
[2009/05/19 13:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\OpenOffice.org
[2009/06/10 19:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\PictureMover
[2009/10/06 16:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\RapidTyping
[2010/05/26 06:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Smilebox
[2009/06/08 15:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Snapfish
[2009/12/05 21:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Stardock
[2009/07/09 09:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Temp
[2009/07/08 18:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Unity
[2009/08/27 17:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\webex
[2009/05/28 10:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Webshots
[2007/11/16 19:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2009/07/09 09:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2007/08/19 15:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aliasworlds
[2010/04/02 18:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/12/14 08:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2009/12/31 17:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ContentWatch
[2010/05/29 19:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2006/12/18 12:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EIDOS
[2010/02/13 14:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2007/11/09 16:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Groove Networks
[2008/01/09 23:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Inspiration Software
[2008/02/15 18:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2007/03/13 19:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2006/10/29 18:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2007/04/18 09:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/10/01 09:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PictureMover
[2009/10/06 16:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidTyping
[2008/08/26 13:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roblox
[2007/06/19 16:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/01/20 07:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra Online
[2009/12/03 23:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2008/04/23 20:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
[2007/12/07 12:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/30 22:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Turbine
[2010/05/29 19:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/12/06 13:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2007/05/04 15:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/12/25 11:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/12/03 22:34:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EA77F737-0FEA-4800-BD99-D6AF1051C7A9}
[2010/05/24 12:20:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/05/26 19:57:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job
[2010/05/29 21:12:05 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/05/26 09:00:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\rpc.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/20 23:34:34 | 000,032,844 | ---- | M] () -- C:\aaw7boot.log
[2007/11/17 11:42:18 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2006/02/03 21:40:33 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/29 21:30:26 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2006/02/06 20:58:44 | 000,007,583 | ---- | M] () -- C:\caavsetup.log
[2009/04/30 21:30:30 | 000,232,214 | ---- | M] () -- C:\ClearLog.txt
[2006/02/03 21:40:33 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/10/22 15:02:30 | 000,000,216 | ---- | M] () -- C:\DebugTrace-RockallDLL.log
[2009/04/20 15:21:17 | 000,000,095 | ---- | M] () -- C:\DownloadLog.txt
[2010/05/29 20:51:21 | 2146,750,464 | -HS- | M] () -- C:\hiberfil.sys
[2006/02/03 21:40:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/01/04 13:15:46 | 000,000,176 | -H-- | M] () -- C:\IPH.PH
[2009/04/20 17:06:01 | 000,132,592 | ---- | M] () -- C:\logfile
[2010/05/26 17:46:21 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2006/02/03 21:40:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/12/24 03:12:40 | 000,231,936 | ---- | M] () -- C:\nowy.avi
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/13 08:08:09 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/29 20:51:20 | 1048,576,000 | -HS- | M] () -- C:\pagefile.sys
[2007/07/09 16:10:34 | 000,009,908 | ---- | M] () -- C:\ptc_proe_wf2.dat

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 17:11:52 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2008/04/13 17:11:52 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/02/03 13:25:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/02/03 13:25:24 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/02/03 13:25:23 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4532973
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AED57DE8
< End of report >

OTL Extras:
TL Extras logfile created on: 5/29/2010 11:11:50 PM - Run 1
OTL by OldTimer - Version 3.2.5.1 Folder = C:\Documents and Settings\admin\Desktop\PC Utilities
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1000 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 11.01 Gb Free Space | 9.85% Space Free | Partition Type: NTFS
Drive D: | 199.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EAGLE
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htafile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\YOP\yop.exe" = C:\Program Files\Yahoo!\YOP\yop.exe:*:Disabled:Dashboard Module -- File not found
"C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat" = C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat:*:Enabled:The Battle for Middle-earth ™ -- File not found
"C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat" = C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:*:Enabled:The Battle for Middle-earth™ II -- (Electronic Arts Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found
"C:\Program Files\EA SPORTS\Madden NFL 07\Updater.exe" = C:\Program Files\EA SPORTS\Madden NFL 07\Updater.exe:*:Enabled:Updater -- File not found
"C:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe" = C:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Enabled:BattlefrontII -- File not found
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3 -- File not found
"C:\My Games\SmallBall Football\jre\bin\javaw.exe" = C:\My Games\SmallBall Football\jre\bin\javaw.exe:*:Disabled:javaw -- ()
"C:\Program Files\Ubisoft\Gearbox Software\BrothersInArmsEiB\System\EiB.exe" = C:\Program Files\Ubisoft\Gearbox Software\BrothersInArmsEiB\System\EiB.exe:*:Enabled:Brothers In Arms Earned In Blood -- File not found
"C:\Program Files\Activision\Empires Dawn of the Modern World\Empires_DMW.exe" = C:\Program Files\Activision\Empires Dawn of the Modern World\Empires_DMW.exe:*:Disabled:Empires_DMW -- File not found
"C:\Program Files\Yahoo! Games\Hamsterball\Hamsterball.exe" = C:\Program Files\Yahoo! Games\Hamsterball\Hamsterball.exe:*:Enabled:Hamsterball -- File not found
"C:\Program Files\Small Rockets\Red Ace Squadron\acenet_client_release.exe" = C:\Program Files\Small Rockets\Red Ace Squadron\acenet_client_release.exe:*:Disabled:acenet_client_release -- File not found
"C:\Program Files\Groove Networks\Groove\Bin\Groove.exe" = C:\Program Files\Groove Networks\Groove\Bin\Groove.exe:*:Enabled:Groove -- (Groove Networks, Inc.)
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD" = C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Age of Mythology\aom.exe" = C:\Program Files\Microsoft Games\Age of Mythology\aom.exe:*:Enabled:Age of Mythology -- (Ensemble Studios)
"C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe" = C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion -- (Ensemble Studios)
"C:\Program Files\Ubisoft\Demo\Gearbox Software\BrothersInArmsEiB\System\EiB.exe" = C:\Program Files\Ubisoft\Demo\Gearbox Software\BrothersInArmsEiB\System\EiB.exe:*:Enabled:Brothers In Arms Earned In Blood -- File not found
"C:\Program Files\Dassault Systemes\B14\intel_a\code\bin\CNEXT.exe" = C:\Program Files\Dassault Systemes\B14\intel_a\code\bin\CNEXT.exe:*:Enabled:CATIA -- File not found
"C:\Program Files\Microsoft Games\Age of Empires III\age3new.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3new.exe:*:Enabled:Age of Empires 3 -- (Ensemble Studios)
"C:\Program Files\Microsoft Games\Age of Empires III\age3old.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3old.exe:*:Enabled:Age of Empires 3 -- (Ensemble Studios)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found
"C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties -- (Microsoft Corporation)
"C:\Program Files\THQ\Company of Heroes\RelicCOH.exe" = C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts -- (THQ Canada Inc.)
"C:\AeriaGames\12Sky\TwelveSky.exe" = C:\AeriaGames\12Sky\TwelveSky.exe:*:Enabled:TwelveSky -- File not found
"C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe" = C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader -- (THQ Canada Inc.)
"C:\Documents and Settings\admin\Local Settings\Temp\f1bec064245246b183fdcc0e53fa3926\RelicDownloader.exe" = C:\Documents and Settings\admin\Local Settings\Temp\f1bec064245246b183fdcc0e53fa3926\RelicDownloader.exe:*:Enabled:Relic Patch Download Manager -- File not found
"C:\Program Files\Microsoft Games\Impossible Creatures\IC.exe" = C:\Program Files\Microsoft Games\Impossible Creatures\IC.exe:*:Disabled:Impossible Creatures -- (Relic Entertainment Inc., Microsoft Corporation)
"C:\Program Files\Stardock Games\Demigod\bin\Demigod.exe" = C:\Program Files\Stardock Games\Demigod\bin\Demigod.exe:*:Enabled:Demigod -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe" = C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient -- (Turbine, Inc.)
"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService -- File not found
"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService -- (Turbine, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\iBULC\iBULC.exe" = C:\Program Files\iBULC\iBULC.exe:*:Enabled:internet Batch Up-Load Component -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{13453DAA-8424-4B9C-844F-FC44C621F9E3}" = OLYMPUS Master 2
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.7.1.213
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth ™ II
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{345112D9-0930-4A68-AB71-A831BA5DE7AA}" = Microsoft IntelliType Pro 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{628C3D50-F524-4C49-A958-672CE7953756}" = The Lord of the Rings - Conquest™
"{647DDE8E-5246-4ED1-B762-B68FF8A0DD9D}" = TazWanted
"{65476290-A39F-4B5A-8C8C-6CDA424274DA}" = OLYMPUS Studio 2
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8D361950-BDB3-40CF-B57C-53F9F4E5048A}" = Cars Demo
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{98BAC573-DBE2-49de-9A23-597CFD95E474}" = PictureMover
"{9901E703-D169-7139-1EA3-11AA788D09E6}" = EA Download Manager UI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A347C572-F7B4-43A3-BD51-FFC99184F70D}" = Jurassic Park Operation Genesis
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AF833FA4-6845-4668-B5EE-AF4FBDAB119D}" = Soccer Mania
"{B0F2127F-BCF3-42F1-808A-1DFB41D6C400}" = Thrustmaster Hotas Cougar Drivers
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{c83b53b8-8da0-32ba-8ccc-6573e8a75a82}" = Webshots Desktop
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{DA52CFD6-183B-4C45-B36F-4A59750427CB}_is1" = Rise of Flight
"{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB0508A0-162A-4996-85A1-00C07D33445A}" = 9Dragons
"{F02D0CB9-C830-4B47-AA88-3125BE5E2E34}" = Groove
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1A3D4B6-B8EB-41DB-0086-D0CE4DCB566C}" = F1 2002
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"1A6754C019F3AE544C346226BB63AC9BC7DACCDE" = Windows Driver Package - OLYMPUS IMAGING CORP. (OlyUsbCam) OlyUsbCam (12/28/2006 1.0.0.0)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"ATT-PRT22" = ATT-PRT22
"avast5" = avast! Free Antivirus
"Canon iP1700 User Registration" = Canon iP1700 User Registration
"ClueFinders 3rd Grade Adventures" = ClueFinders 3rd Grade Adventures
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Company of Heroes" = Company of Heroes
"EA Download Manager" = EA Download Manager
"Electronic Arts Game Updater" = Electronic Arts Game Updater
"ERUNT_is1" = ERUNT 1.1j
"FastStone Capture" = FastStone Capture 4.8
"FMS" = FMS
"Fonts" = Fonts
"Freeze Clip Art" = Freeze Clip Art
"GTR Evolution_1.1.1.2_is1" = GTR Evolution
"HijackThis" = HijackThis 1.99.1
"Impossible Creatures 1.0" = Impossible Creatures
"Impulse" = Impulse
"Insaniquarium Deluxe 1.0" = Insaniquarium Deluxe 1.0
"Inspiration 8" = Inspiration 8
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{A347C572-F7B4-43A3-BD51-FFC99184F70D}" = Jurassic Park Operation Genesis
"InstallShield_{AF833FA4-6845-4668-B5EE-AF4FBDAB119D}" = Soccer Mania
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"JuniorNet Greatest Hits Volume 1" = JuniorNet Greatest Hits, Volume 1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Math Blaster Ages 6-8" = Math Blaster Ages 6-8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MMathDKey" = Awesome Animated Monster Maker Math
"Monopoly Star Wars" = Monopoly Star Wars
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSB Earth" = Magic School Bus - Earth
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Multimedia Spelling 5" = Multimedia Spelling 5
"Multimedia Spelling 6" = Multimedia Spelling 6
"Mystery Club Making of a Mastermind" = Mystery Club Making of a Mastermind
"Need For Speed - Porsche Unleashed" = Need For Speed - Porsche Unleashed
"NVIDIA Drivers" = NVIDIA Drivers
"Office Clip Art" = Office Clip Art
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"RapidTyping" = RapidTyping
"Raster to Vector_is1" = Raster to Vector 7.0
"Reader Rabbit 1st Grade® Capers on Cloud Nine!™" = Reader Rabbit 1st Grade® Capers on Cloud Nine!™
"RealPlayer 12.0" = RealPlayer
"RSX2DeinstKey" = Intel RSX 3D
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"Sandboxie" = Sandboxie 3.45.13
"Startup Optimizer_is1" = Startup Optimizer 1.6
"SystemRequirementsLab" = System Requirements Lab
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TurboTax 2009" = TurboTax 2009
"UnityWebPlayer" = Unity Web Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WildTangent hp Master Uninstall" = My HP Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 4 Free 4.24
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Applications" = AT&T Yahoo! Applications

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for admin
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 3/25/2010 1:50:56 PM | Computer Name = EAGLE | Source = avast! | ID = 33554522
Description =

Error - 3/25/2010 1:52:08 PM | Computer Name = EAGLE | Source = avast! | ID = 33554522
Description =

Error - 3/26/2010 11:14:43 AM | Computer Name = EAGLE | Source = avast! | ID = 33554522
Description =

Error - 3/26/2010 11:14:50 AM | Computer Name = EAGLE | Source = avast! | ID = 33554522
Description =

Error - 3/26/2010 3:52:17 PM | Computer Name = EAGLE | Source = avast! | ID = 33554522
Description =

Error - 3/26/2010 3:52:19 PM | Computer Name = EAGLE | Source = avast! | ID = 33554522
Description =

Error - 3/27/2010 1:49:30 AM | Computer Name = EAGLE | Source = avast! | ID = 33554522
Description =

Error - 3/27/2010 1:49:34 AM | Computer Name = EAGLE | Source = avast! | ID = 33554522
Description =

Error - 3/27/2010 1:49:52 AM | Computer Name = EAGLE | Source = avast! | ID = 33554522
Description =

Error - 3/27/2010 1:49:52 AM | Computer Name = EAGLE | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 5/26/2010 1:03:44 PM | Computer Name = EAGLE | Source = Application Hang | ID = 1002
Description = Hanging application RobloxApp.exe, version 0.22.8.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/26/2010 1:27:56 PM | Computer Name = EAGLE | Source = Application Hang | ID = 1002
Description = Hanging application RobloxApp.exe, version 0.22.8.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/26/2010 7:07:30 PM | Computer Name = EAGLE | Source = Application Hang | ID = 1002
Description = Hanging application RobloxApp.exe, version 0.22.8.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/26/2010 7:58:05 PM | Computer Name = EAGLE | Source = Application Hang | ID = 1002
Description = Hanging application RobloxApp.exe, version 0.22.8.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/26/2010 11:31:35 PM | Computer Name = EAGLE | Source = Application Hang | ID = 1002
Description = Hanging application SDUpdate.exe, version 1.6.0.12, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/27/2010 10:40:14 PM | Computer Name = EAGLE | Source = Application Hang | ID = 1002
Description = Hanging application autorun.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2010 4:05:55 PM | Computer Name = EAGLE | Source = Application Hang | ID = 1002
Description = Hanging application DesktopWeather.exe, version 6.0.0.15, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/29/2010 9:35:48 PM | Computer Name = EAGLE | Source = Application Hang | ID = 1002
Description = Hanging application DesktopWeather.exe, version 6.0.0.15, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/29/2010 10:39:31 PM | Computer Name = EAGLE | Source = Application Hang | ID = 1002
Description = Hanging application xpnetdiag.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/29/2010 11:05:03 PM | Computer Name = EAGLE | Source = Application Hang | ID = 1002
Description = Hanging application DesktopWeather.exe, version 6.0.0.15, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/29/2010 10:33:16 PM | Computer Name = EAGLE | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 5/29/2010 10:33:16 PM | Computer Name = EAGLE | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%2

Error - 5/29/2010 10:33:16 PM | Computer Name = EAGLE | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 5/29/2010 10:33:21 PM | Computer Name = EAGLE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 5/29/2010 11:51:25 PM | Computer Name = EAGLE | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.2 for the Network Card with network address
0024210D4DC6 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
DHCPNACK message).

Error - 5/29/2010 11:51:33 PM | Computer Name = EAGLE | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/29/2010 11:51:33 PM | Computer Name = EAGLE | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 5/29/2010 11:51:33 PM | Computer Name = EAGLE | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%2

Error - 5/29/2010 11:51:33 PM | Computer Name = EAGLE | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 5/29/2010 11:51:37 PM | Computer Name = EAGLE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd


< End of report >



MER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-29 21:58:58
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\admin\LOCALS~1\Temp\uxtdapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB1DE6C56]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB1DE6B12]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB1DE70C6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB1DE6FF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB1DE66E8]
SSDT spfm.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spfm.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB1DE6BEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB1DE6628]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB1DE668C]
SSDT spfm.sys ZwQueryKey [0xB9EC7108]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB1DE6D0C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB1DE7194]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB1DE6CCC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB1DE6E4C]

INT 0x62 ? 8A869BF8
INT 0x63 ? 8A6C6BF8
INT 0x73 ? 8A6C6BF8
INT 0x73 ? 8A6C6BF8
INT 0x82 ? 8A869BF8
INT 0x83 ? 8A869BF8
INT 0x94 ? 8A6C6BF8
INT 0xA4 ? 8A6C6BF8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB1DF34FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB1DF3322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB1DF345C]
Code BA6EAC9C ZwRequestPort
Code BA6EAD3C ZwRequestWaitReplyPort
Code BA6EABFC ZwTraceEvent
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code BA6EAC9B NtRequestPort
Code BA6EAD3B NtRequestWaitReplyPort
Code BA6EABFB NtTraceEvent
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 247C 80501CB4 4 Bytes CALL 6301FB1F
.text ntkrnlpa.exe!NtTraceEvent 80531840 5 Bytes JMP BA6EAC00
PAGE ntkrnlpa.exe!ZwLoadDriver 805795FA 7 Bytes JMP B1DF3460 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtRequestPort 80597DD4 5 Bytes JMP BA6EACA0
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort 80598100 5 Bytes JMP BA6EAD40
PAGE ntkrnlpa.exe!NtCreateSection 805A075C 7 Bytes JMP B1DF3326 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CE0 5 Bytes JMP B1DEF4BA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8B58 5 Bytes JMP B1DF0972 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73EA 7 Bytes JMP B1DF3502 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? spfm.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB503E360, 0x35483F, 0xE8000020]
.text USBPORT.SYS!DllUnload B4FDE8AC 5 Bytes JMP 8A6C61D8
.text win32k.sys!EngAcquireSemaphore + 20E2 BF8082E1 5 Bytes JMP BA6EA480
.text win32k.sys!EngFreeUserMem + 5BD2 BF80EE68 5 Bytes JMP BA6EA3E0
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E77A 5 Bytes JMP BA6EAA20
.text win32k.sys!EngSetLastError + 768F BF8286CB 5 Bytes JMP BA6EA5C0
.text win32k.sys!EngLockSurface + 148C BF834FEB 5 Bytes JMP BA6EA700
.text win32k.sys!EngCreateBitmap + DDB2 BF845CCB 5 Bytes JMP BA6EA660
.text win32k.sys!EngMultiByteToWideChar + 2F32 BF852C47 5 Bytes JMP BA6EA8E0
.text win32k.sys!XLATEOBJ_iXlate + 3A50 BF86368D 5 Bytes JMP BA6EA520
.text win32k.sys!FONTOBJ_pxoGetXform + CC3E BF8C31D6 5 Bytes JMP BA6EA7A0
.text win32k.sys!PATHOBJ_vGetBounds + 74EE BF8F00FB 5 Bytes JMP BA6EA980
.text win32k.sys!EngCreateClip + 19C1 BF91313E 5 Bytes JMP BA6EAAC0
.text win32k.sys!EngCreateClip + 1F51 BF9136CE 5 Bytes JMP BA6EAB60
.text win32k.sys!EngCreateClip + 2597 BF913D14 5 Bytes JMP BA6EA840

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3344] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs 8A8681F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{F6EE8B2D-4B11-4B56-91F6-6758CCF25BC7} 89E751F8

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBPDO-0 8A6C51F8
Device \Driver\usbohci \Device\USBPDO-1 8A6C51F8
Device \Driver\usbohci \Device\USBPDO-2 8A6C51F8
Device \Driver\usbohci \Device\USBPDO-3 8A6C51F8
Device \Driver\usbohci \Device\USBPDO-4 8A6C51F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbehci \Device\USBPDO-5 8A68D1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A8D71F8
Device \Driver\Cdrom \Device\CdRom0 8A7151F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetBt_Wins_Export 89E751F8
Device \Driver\NetBT \Device\NetbiosSmb 89E751F8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBFDO-0 8A6C51F8
Device \Driver\usbohci \Device\USBFDO-1 8A6C51F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89DB81F8
Device \Driver\usbohci \Device\USBFDO-2 8A6C51F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89DB81F8
Device \Driver\usbohci \Device\USBFDO-3 8A6C51F8
Device \Driver\usbohci \Device\USBFDO-4 8A6C51F8
Device \Driver\Ftdisk \Device\FtControl 8A8D71F8
Device \Driver\usbehci \Device\USBFDO-5 8A68D1F8
Device \FileSystem\Cdfs \Cdfs 89E0F1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
Reg HKLM\SOFTWARE\Classes\CLSID\{10697BB5-4A86-CCEC-25AD-FA328049EAE7}\[email protected] %SystemRoot%\system32\shell32.dll,-23
Reg HKLM\SOFTWARE\Classes\CLSID\{10697BB5-4A86-CCEC-25AD-FA328049EAE7}\[email protected] %SystemRoot%\system32\shdocvw.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{10697BB5-4A86-CCEC-25AD-FA328049EAE7}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{10697BB5-4A86-CCEC-25AD-FA328049EAE7}\[email protected] {3f454f0e-42ae-4d7c-8ea3-328250d6e272}
Reg HKLM\SOFTWARE\Classes\CLSID\{10697BB5-4A86-CCEC-25AD-FA328049EAE7}\Instance\InitPropertyBag
Reg HKLM\SOFTWARE\Classes\CLSID\{10697BB5-4A86-CCEC-25AD-FA328049EAE7}\Instance\[email protected] {13709620-C279-11CE-A49E-444553540000}
Reg HKLM\SOFTWARE\Classes\CLSID\{10697BB5-4A86-CCEC-25AD-FA328049EAE7}\Instance\[email protected] @shell32.dll,-12708
Reg HKLM\SOFTWARE\Classes\CLSID\{10697BB5-4A86-CCEC-25AD-FA328049EAE7}\Instance\[email protected] FindFiles
Reg HKLM\SOFTWARE\Classes\CLSID\{10697BB5-4A86-CCEC-25AD-FA328049EAE7}\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\CLSID\{10697BB5-4A86-CCEC-25AD-FA328049EAE7}\shellex\ContextMenuHandlers\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}
Reg HKLM\SOFTWARE\Classes\CLSID\{10697BB5-4A86-CCEC-25AD-FA328049EAE7}\shellex\ContextMenuHandlers\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}@
Reg HKLM\SOFTWARE\Classes\CLSID\{10697BB5-4A86-CCEC-25AD-FA328049EAE7}\shellex\MayChangeDefaultMenu
Reg HKLM\SOFTWARE\Classes\CLSID\{10697BB5-4A86-CCEC-25AD-FA328049EAE7}\shellex\[email protected]
Reg HKLM\SOFTWARE\Classes\CLSID\{10697BB5-4A86-CCEC-25AD-FA328049EAE7}\[email protected] 0
Reg HKLM\SOFTWARE\Classes\CLSID\{597A904F-6F0C-9543-3D71-FE42F09970ED}\[email protected] %ProgramFiles%\Outlook Express\msoe.dll,2
Reg HKLM\SOFTWARE\Classes\CLSID\{597A904F-6F0C-9543-3D71-FE42F09970ED}\Implemented Categories\{40FC6ED3-2438-11CF-A3DB-080036F12502}
Reg HKLM\SOFTWARE\Classes\CLSID\{597A904F-6F0C-9543-3D71-FE42F09970ED}\Implemented Categories\{40FC6ED3-2438-11CF-A3DB-080036F12502}@
Reg HKLM\SOFTWARE\Classes\CLSID\{597A904F-6F0C-9543-3D71-FE42F09970ED}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}
Reg HKLM\SOFTWARE\Classes\CLSID\{597A904F-6F0C-9543-3D71-FE42F09970ED}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}@
Reg HKLM\SOFTWARE\Classes\CLSID\{597A904F-6F0C-9543-3D71-FE42F09970ED}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{597A904F-6F0C-9543-3D71-FE42F09970ED}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}@
Reg HKLM\SOFTWARE\Classes\CLSID\{597A904F-6F0C-9543-3D71-FE42F09970ED}\[email protected] %ProgramFiles%\Outlook Express\msoe.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{597A904F-6F0C-9543-3D71-FE42F09970ED}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{597A904F-6F0C-9543-3D71-FE42F09970ED}\[email protected] 0
Reg HKLM\SOFTWARE\Classes\CLSID\{597A904F-6F0C-9543-3D71-FE42F09970ED}\MiscStatus\1
Reg HKLM\SOFTWARE\Classes\CLSID\{597A904F-6F0C-9543-3D71-FE42F09970ED}\MiscStatus\[email protected] 131473
Reg HKLM\SOFTWARE\Classes\CLSID\{597A904F-6F0C-9543-3D71-FE42F09970ED}\[email protected]
Reg HKLM\SOFTWARE\Classes\CLSID\{597A904F-6F0C-9543-3D71-FE42F09970ED}\[email protected] OutlookExpress.MessageList.1
Reg HKLM\SOFTWARE\Classes\CLSID\{597A904F-6F0C-9543-3D71-FE42F09970ED}\[email protected]
Reg HKLM\SOFTWARE\Classes\CLSID\{597A904F-6F0C-9543-3D71-FE42F09970ED}\[email protected] 1.0
Reg HKLM\SOFTWARE\Classes\CLSID\{597A904F-6F0C-9543-3D71-FE42F09970ED}\[email protected] OutlookExpress.MessageList

---- EOF - GMER 1.0.15 ----

Here is my Malbyeware log:

alwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

5/27/2010 5:21:22 PM
mbam-log-2010-05-27 (17-21-22).txt

Scan type: Quick scan
Objects scanned: 149767
Time elapsed: 10 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected

Thanks in advance. I will check in the morning to see if you guys can help.

Edited by pnzr993, 30 May 2010 - 10:07 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP