Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan or adware, cant remove or find

Started by Derobmai41 , Jun 06 2010 08:49 PM

  • Please log in to reply

#1
Derobmai41
Posted 06 June 2010 - 08:49 PM

Derobmai41

    Member

  • Member
  • PipPip
  • 51 posts
I have gotten some sort of virus in my computer, i have ran MBAM and removed some viruses from my computer but my computer does freeze up when im running scans or restarts on me. it took me a long time to obtain the OTL and GMER logs as the computer kept restarting midway. i also got a virus in the sd card on my phone which AVG on my dads computer removed but my access is denied to it, but that can wait for now. I will post the MBAM OTL and GMER logs once i get a chance to to the site in my computer.
  • 0

Advertisements

#2
Derobmai41
Posted 06 June 2010 - 08:52 PM

Derobmai41

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

6/6/2010 11:29:26
mbam-log-2010-06-06 (11-29-26).txt

Scan type: Quick scan
Objects scanned: 151428
Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#3
Derobmai41
Posted 06 June 2010 - 08:53 PM

Derobmai41

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-06 12:23:39
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\C4BOMB~1\LOCALS~1\Temp\kftoruow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9859000, 0x1C5D38, 0xE8000020]
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xAD4ABA00]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHChangeNotify + 7E5 7C9F8BFE 1 Byte [85]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHChangeNotify + 7ED 7C9F8C06 1 Byte [3B]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHChangeNotify + 805 7C9F8C1E 1 Byte [89]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHChangeNotify + 855 7C9F8C6E 1 Byte [8B]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHChangeNotify + 85D 7C9F8C76 1 Byte [CC] {INT 3 }
.text ...
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHCreatePropSheetExtArray + 93 7CA77BE6 1 Byte [7C]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHCreatePropSheetExtArray + AB 7CA77BFE 1 Byte [4B]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHCreatePropSheetExtArray + B3 7CA77C06 1 Byte [08]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHCreatePropSheetExtArray + CB 7CA77C1E 1 Byte [08]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHCreatePropSheetExtArray + 113 7CA77C66 1 Byte [56]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!DragQueryPoint + 2E 7CA77CF6 1 Byte [39]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!DragQueryPoint + 46 7CA77D0E 1 Byte [0F]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!DragQueryFile + 30 7CA77D66 1 Byte [E0]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!DragQueryFile + 38 7CA77D6E 1 Byte [90]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!DragQueryFile + 40 7CA77D76 1 Byte [59]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!DragQueryFile + 48 7CA77D7E 1 Byte [04]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!DragQueryFile + B0 7CA77DE6 1 Byte [89]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!RestartDialogEx + 41 7CA784E6 1 Byte [FF]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!RestartDialogEx + 69 7CA7850E 1 Byte [90]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!RestartDialogEx + D1 7CA78576 1 Byte [F0]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!RestartDialogEx + D9 7CA7857E 1 Byte [FD]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!RestartDialogEx + E9 7CA7858E 1 Byte [01]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHDoDragDrop + 2F09 7CAB1BE6 1 Byte [FF]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHDoDragDrop + 2F11 7CAB1BEE 1 Byte [85]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHDoDragDrop + 2F19 7CAB1BF6 1 Byte [BD]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHDoDragDrop + 2F29 7CAB1C06 1 Byte [85]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!SHDoDragDrop + 2F39 7CAB1C16 1 Byte [FF]
.text ...
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!DllInstall + 3A 7CAB1CE6 1 Byte [FF]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!DllInstall + 4A 7CAB1CF6 1 Byte [FF]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!DllInstall + 62 7CAB1D0E 1 Byte [74]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!DllInstall + 6A 7CAB1D16 1 Byte [FF]
.text C:\WINDOWS\system32\winlogon.exe[900] SHELL32.dll!DllInstall + 72 7CAB1D1E 1 Byte [89]
.text ...
.text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[2528] SHELL32.dll!SHCreateLocalServerRunDll + 8469 7CB66BE6 1 Byte [FF]
.text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[2528] SHELL32.dll!SHCreateLocalServerRunDll + 8479 7CB66BF6 1 Byte [0C]
.text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[2528] SHELL32.dll!SHCreateLocalServerRunDll + 8481 7CB66BFE 1 Byte [FF]
.text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[2528] SHELL32.dll!SHCreateLocalServerRunDll + 8489 7CB66C06 1 Byte [A0]
.text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[2528] SHELL32.dll!SHCreateLocalServerRunDll + 84A1 7CB66C1E 1 Byte [10]
.text ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-10 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\JRAID \Device\Scsi\JRAID1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9696329040411C843B061BA14856950A@A76E0F7639E8C2C42BD9744C282637A8 C:\Program Files\Adobe\Adobe Device Central CS4\adobe_epic\eula\hu_HU\

---- EOF - GMER 1.0.15 ----
  • 0

#4
Derobmai41
Posted 06 June 2010 - 08:54 PM

Derobmai41

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
OTL logfile created on: 6/6/2010 12:54:54 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 29.86 Gb Free Space | 50.96% Space Free | Partition Type: NTFS
Drive D: | 43.95 Gb Total Space | 40.23 Gb Free Space | 91.55% Space Free | Partition Type: NTFS
Drive E: | 46.50 Gb Total Space | 10.59 Gb Free Space | 22.78% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESTRUCTOR
Current User Name: C4 BOMB
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/06 11:40:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/06/06 11:40:23 | 000,571,904 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/03/06 20:00:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/06/29 12:02:46 | 000,651,268 | ---- | M] (NCH Software) [Disabled | Stopped] -- C:\Program Files\NCH Swift Sound\VRS\vrs.exe -- (VRSService)
SRV - [2008/06/24 19:56:38 | 000,431,384 | ---- | M] (Seagate) [Auto | Stopped] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2008/06/21 22:00:00 | 000,425,988 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NCH Software\Eyeline\eyeline.exe -- (EyelineService)
SRV - [2008/06/21 21:59:57 | 000,368,644 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NCH Software\BroadCam\broadCam.exe -- (BroadCamService)
SRV - [2007/11/06 16:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [Disabled | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/06/29 18:54:16 | 000,073,728 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2007/06/25 08:47:12 | 001,552,680 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2010/05/12 19:51:58 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/05/12 19:51:58 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/05/12 19:51:42 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/05/12 19:51:39 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/07/21 12:30:48 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/02/05 20:16:25 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2008/11/02 04:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/06 16:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/07/26 10:25:12 | 000,039,808 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV - [2007/07/03 19:59:10 | 000,086,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2007/07/03 19:58:20 | 000,106,792 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 19:57:24 | 000,011,944 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 19:54:24 | 000,080,552 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/06/25 08:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/06/25 08:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/06/25 08:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/06/12 12:27:00 | 000,011,776 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pdiddcci.sys -- (pdiddcci)
DRV - [2007/04/25 21:19:54 | 000,169,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2007/02/09 13:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007/02/09 13:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2007/02/02 04:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 04:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/11/16 18:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2006/08/14 14:09:48 | 000,083,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/08/04 04:29:24 | 000,043,904 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/05/02 13:12:06 | 000,229,376 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/03/17 14:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/02/07 07:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/12/21 22:22:20 | 000,005,685 | R--- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2005/08/10 10:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/08/10 08:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/20 16:01:32 | 000,025,600 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2005/05/20 16:01:26 | 000,068,352 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2005/05/20 16:00:48 | 000,054,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2005/05/20 16:00:36 | 000,013,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2005/05/16 09:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/09/24 14:02:58 | 000,213,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/09/24 14:02:58 | 000,146,560 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2003/09/24 14:02:56 | 000,260,224 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2003/09/24 14:02:56 | 000,118,409 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2003/09/24 14:02:56 | 000,022,777 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/09/24 14:02:56 | 000,021,993 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2001/09/04 06:10:10 | 000,036,356 | ---- | M] (Siemens) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SS1020N5.sys -- (SS1020)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ondemand5.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:0.5.7
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20080616
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: ""


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/16 21:44:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/19 10:42:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2009/05/14 18:41:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2010/05/19 10:17:27 | 000,000,000 | ---D | M]

[2009/02/26 23:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Mozilla\Extensions
[2009/02/26 23:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Mozilla\Extensions\[email protected]
[2009/12/02 21:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Mozilla\Firefox\Profiles\dwkh1mpg.default\extensions
[2009/07/01 23:04:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\C4 BOMB\Application Data\Mozilla\Firefox\Profiles\dwkh1mpg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/06/19 21:52:34 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\C4 BOMB\Application Data\Mozilla\Firefox\Profiles\dwkh1mpg.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009/02/14 23:27:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\C4 BOMB\Application Data\Mozilla\Firefox\Profiles\dwkh1mpg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/06/19 21:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Mozilla\Firefox\Profiles\dwkh1mpg.default\extensions\[email protected]
[2009/05/14 18:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Mozilla\Sunbird\Profiles\gy63u0dv.default\extensions
[2009/12/22 16:58:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/07/31 16:23:00 | 000,399,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npagent.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/03/06 20:51:36 | 000,000,509 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMax] C:\Program Files\Analog Devices\SoundMAX\smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2007/02/16 21:27:41 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2007/02/16 21:27:41 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2007/02/16 21:27:41 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2007/02/16 21:27:41 | 000,000,000 | ---D | M]
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://a516.g.akamai...cat-no-eula.cab (Citrix ICA Client)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1171077850125 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\bw+0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw+0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0 {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0s {9666d999-019d-4f23-9aee-e13299c948b9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (D:\Glacial Inferno 1024x768.exe) - D:\Glacial Inferno 1024x768.exe (OmegaSistem)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\C4 BOMB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\C4 BOMB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/09 23:03:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{345057cf-b883-11db-b332-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{345057cf-b883-11db-b332-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{345057cf-b883-11db-b332-806d6172696f}\Shell\AutoRun\command - "" = F:\ASUSACPI.exe -- File not found
O33 - MountPoints2\{a683220f-223c-11de-bb02-0030f11ef50f}\Shell\AutoRun\command - "" = G:\WDSetup.exe -- File not found
O33 - MountPoints2\{f6a15473-00fd-11de-ac76-0030f11ef50f}\Shell - "" = AutoRun
O33 - MountPoints2\{f6a15473-00fd-11de-ac76-0030f11ef50f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\AUTORUN.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/02/09 23:03:03 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 90 Days ==========

[2010/05/19 11:45:33 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\WINDOWS\System32\KeyHelp.ocx
[2010/05/19 11:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2010/05/19 11:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/05/19 11:24:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/19 11:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/19 11:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\C4 BOMB\Desktop\New Folder
[2010/05/19 10:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\C4 BOMB\DoctorWeb
[2010/05/19 10:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/19 10:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\123Movies2PSP
[2010/05/19 10:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\C4 BOMB\.limewire
[2010/05/19 10:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010/05/19 00:36:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CA(2)
[2010/05/14 20:11:01 | 000,000,000 | ---D | C] -- C:\divx
[2010/05/14 19:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 7
[2010/05/14 19:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/05/12 21:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/05/12 19:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/05/12 19:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2010/05/12 19:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Seagate
[2010/04/16 18:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\C4 BOMB\Local Settings\Application Data\IsolatedStorage
[2010/03/18 16:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\C4 BOMB\Application Data\Facebook

========== Files - Modified Within 90 Days ==========

[2010/06/06 12:49:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/06 12:48:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/06 12:47:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/06 12:47:30 | 009,342,976 | ---- | M] () -- C:\Documents and Settings\C4 BOMB\ntuser.dat
[2010/06/06 12:47:30 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\C4 BOMB\ntuser.ini
[2010/06/06 12:47:16 | 000,000,812 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/06 12:47:16 | 000,000,229 | -HS- | M] () -- C:\boot.ini
[2010/06/06 12:47:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/19 12:09:48 | 000,094,208 | ---- | M] () -- C:\Documents and Settings\C4 BOMB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/19 12:04:52 | 000,000,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/05/19 12:04:52 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/05/19 12:04:52 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/05/19 12:04:52 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/05/19 12:04:52 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/05/19 12:04:52 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/05/19 12:04:52 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/05/19 12:04:52 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/05/19 12:04:52 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2010/05/19 12:04:52 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2010/05/19 12:04:52 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2010/05/19 12:04:52 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2010/05/19 12:04:52 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2010/05/19 12:04:52 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2010/05/19 12:04:52 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2010/05/19 12:04:52 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2010/05/19 12:04:47 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\C4 BOMB\ntuser.bak
[2010/05/19 11:24:48 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/19 11:23:52 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\C4 BOMB\Desktop\NTREGOPT.lnk
[2010/05/19 11:23:52 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\C4 BOMB\Desktop\ERUNT.lnk
[2010/05/19 11:05:25 | 000,000,098 | ---- | M] () -- C:\Documents and Settings\C4 BOMB\default.pls
[2010/05/19 11:05:23 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/17 11:52:34 | 000,000,995 | ---- | M] () -- C:\Documents and Settings\C4 BOMB\My Documents\Playlist1.wpl
[2010/05/16 20:29:39 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/05/12 19:51:37 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Seagate DiscWizard.lnk
[2010/05/12 19:39:40 | 000,097,120 | ---- | M] () -- C:\Documents and Settings\C4 BOMB\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/12 19:36:43 | 002,235,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/12 17:18:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/12 14:19:25 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/09 18:58:27 | 000,000,596 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/05/09 18:58:11 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\C4 BOMB\Application Data\mcs.rma
[2010/05/09 18:58:11 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\C4 BOMB\Application Data\B30D64
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/16 19:21:24 | 001,383,912 | ---- | M] () -- C:\Unfiled Notes.one
[2010/04/16 19:21:05 | 000,529,008 | ---- | M] () -- C:\2009 Nowak J Form 1040 Individual Tax Return.tax2009
[2010/04/16 19:17:30 | 000,055,603 | ---- | M] () -- C:\2009_temp_pdf_file.pdf
[2010/04/16 19:15:49 | 000,072,638 | ---- | M] () -- C:\2009 Nowak J Form 1040 Individual Tax Return.tax2009.pdf
[2010/04/16 18:58:05 | 000,037,116 | ---- | M] () -- C:\...hi.pdf
[2010/04/16 18:14:49 | 000,001,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/04/03 20:47:36 | 000,455,204 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/03 20:47:36 | 000,077,548 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/03 20:47:36 | 000,004,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2010/05/19 12:04:52 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/05/19 12:04:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/05/19 12:04:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/05/19 12:04:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/05/19 12:04:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/05/19 12:04:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/05/19 12:04:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/05/19 12:04:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/05/19 12:04:52 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2010/05/19 12:04:52 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2010/05/19 12:04:52 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2010/05/19 12:04:52 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2010/05/19 12:04:52 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2010/05/19 12:04:52 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2010/05/19 12:04:52 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2010/05/19 12:04:52 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2010/05/19 12:04:32 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\C4 BOMB\ntuser.tmp.LOG
[2010/05/19 11:23:52 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\C4 BOMB\Desktop\NTREGOPT.lnk
[2010/05/19 11:23:52 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\C4 BOMB\Desktop\ERUNT.lnk
[2010/05/12 21:30:25 | 009,437,184 | ---- | C] () -- C:\Documents and Settings\C4 BOMB\ntuser.bak
[2010/05/12 21:30:25 | 009,342,976 | ---- | C] () -- C:\Documents and Settings\C4 BOMB\ntuser.dat
[2010/05/12 19:51:37 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Seagate DiscWizard.lnk
[2010/05/12 14:19:25 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/09 18:58:18 | 000,000,596 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/04/17 00:58:06 | 000,229,176 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/16 19:21:24 | 001,383,912 | ---- | C] () -- C:\Unfiled Notes.one
[2010/04/16 19:17:30 | 000,055,603 | ---- | C] () -- C:\2009_temp_pdf_file.pdf
[2010/04/16 19:15:49 | 000,072,638 | ---- | C] () -- C:\2009 Nowak J Form 1040 Individual Tax Return.tax2009.pdf
[2010/04/16 19:15:21 | 000,529,008 | ---- | C] () -- C:\2009 Nowak J Form 1040 Individual Tax Return.tax2009
[2010/04/16 18:58:05 | 000,037,116 | ---- | C] () -- C:\...hi.pdf
[2010/04/16 18:14:49 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2009/10/11 20:02:50 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2009/10/09 16:45:01 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/01/12 01:21:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/01/11 16:56:50 | 000,000,391 | ---- | C] () -- C:\WINDOWS\COVERE~1.INI
[2008/12/30 11:18:53 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/25 10:05:25 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2008/12/18 18:24:58 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/06/16 19:49:06 | 000,034,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamcatchme.sys
[2008/05/23 09:36:44 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/04/22 20:15:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2008/04/12 09:49:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/02/20 19:21:54 | 000,047,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys
[2008/02/20 19:21:54 | 000,047,104 | R--- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2008/02/20 19:21:54 | 000,042,112 | R--- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys
[2008/02/20 19:21:54 | 000,039,808 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys
[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/09/15 13:25:15 | 000,017,768 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/09/10 18:42:59 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2007/09/10 18:42:59 | 000,005,685 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2007/09/10 18:42:56 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2007/09/10 18:42:56 | 000,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2007/08/24 23:52:22 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/06/19 09:59:36 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/06/18 16:37:27 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/04/20 08:57:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/20 08:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/04/04 14:07:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI
[2007/02/10 13:46:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/10 01:06:31 | 000,019,400 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2007/02/10 01:03:49 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/02/10 01:03:44 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/04/27 14:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 14:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/08/04 08:00:00 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\syscvchk.dll
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2008/12/18 18:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/12/02 20:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/05/19 11:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/05/19 10:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA(2)
[2008/12/27 16:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/02/05 20:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/05/12 21:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/05/12 19:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2007/09/06 17:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008/02/20 19:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRS Labs
[2008/07/04 13:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/06/15 13:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/01/11 19:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2008/12/18 18:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\acccore
[2007/02/10 00:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Aim
[2009/10/09 16:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/12/25 12:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\DisplayTune
[2010/03/18 16:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Facebook
[2009/02/01 23:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\FileSubmit
[2009/03/08 20:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\GARMIN
[2008/01/25 15:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\ICAClient
[2009/12/24 13:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\NCH Swift Sound
[2009/10/09 16:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\PrimoPDF
[2008/04/28 16:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Recordpad
[2007/02/18 00:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Simple Star
[2009/03/17 20:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Smith Micro
[2007/02/18 00:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Snapfish
[2007/09/06 17:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Sony
[2007/08/22 01:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\SoundSpectrum
[2010/05/19 10:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\uTorrent
[2007/02/13 15:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Viewpoint
[2010/05/14 19:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\Vso
[2007/02/28 15:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\C4 BOMB\Application Data\WNR

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/04/16 18:58:05 | 000,037,116 | ---- | M] () -- C:\...hi.pdf
[2009/07/27 11:32:56 | 000,383,460 | ---- | M] () -- C:\0727090732.jpg
[2009/07/28 21:35:54 | 000,309,759 | ---- | M] () -- C:\0728091735.jpg
[2009/07/30 00:19:22 | 000,457,918 | ---- | M] () -- C:\0729092019.jpg
[2010/04/16 19:21:05 | 000,529,008 | ---- | M] () -- C:\2009 Nowak J Form 1040 Individual Tax Return.tax2009
[2010/04/16 19:15:49 | 000,072,638 | ---- | M] () -- C:\2009 Nowak J Form 1040 Individual Tax Return.tax2009.pdf
[2010/04/16 19:17:30 | 000,055,603 | ---- | M] () -- C:\2009_temp_pdf_file.pdf
[2007/02/09 23:03:26 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/06 12:47:16 | 000,000,229 | -HS- | M] () -- C:\boot.ini
[2010/05/19 12:09:22 | 002,115,183 | ---- | M] () -- C:\caisslog.txt
[2007/02/09 23:03:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/02/09 23:03:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/12/02 20:15:34 | 000,001,971 | -H-- | M] () -- C:\IPH.PH
[2009/03/01 14:22:01 | 000,000,964 | ---- | M] () -- C:\moduleName.txt
[2007/02/09 23:03:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/20 21:23:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/06 12:48:22 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2008/12/25 10:06:04 | 000,000,173 | ---- | M] () -- C:\pdisdk.log
[2008/12/25 10:05:28 | 000,000,184 | ---- | M] () -- C:\pivot.log
[2008/06/15 17:24:21 | 000,081,920 | -HS- | M] () -- C:\Thumbs.db
[2010/04/16 19:21:24 | 001,383,912 | ---- | M] () -- C:\Unfiled Notes.one

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\config\*.sav >
[2007/02/09 17:49:22 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/02/09 17:49:22 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/02/09 17:49:22 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

========== Files - Unicode (All) ==========
[2007/08/03 23:10:31 | 000,019,968 | ---- | M] ()(C:\Documents and Settings\C4 BOMB\My Documents\?.doc) -- C:\Documents and Settings\C4 BOMB\My Documents\陳.doc
[2007/08/03 23:10:31 | 000,019,968 | ---- | C] ()(C:\Documents and Settings\C4 BOMB\My Documents\?.doc) -- C:\Documents and Settings\C4 BOMB\My Documents\陳.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AEE100C
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94A19129
< End of report >
  • 0

#5
Derobmai41
Posted 06 June 2010 - 08:54 PM

Derobmai41

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
OTL Extras logfile created on: 6/6/2010 12:54:54 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 29.86 Gb Free Space | 50.96% Space Free | Partition Type: NTFS
Drive D: | 43.95 Gb Total Space | 40.23 Gb Free Space | 91.55% Space Free | Partition Type: NTFS
Drive E: | 46.50 Gb Total Space | 10.59 Gb Free Space | 22.78% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESTRUCTOR
Current User Name: C4 BOMB
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"86:TCP" = 86:TCP:*:Enabled:BroadCam Web Server
"94:TCP" = 94:TCP:*:Enabled:VRS Recording System Web Control Panel
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"D:\StubInstaller.exe" = D:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- File not found
"C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.)
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe" = C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault -- (Electronic Arts Inc.)
"C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe" = C:\Program Files\EA GAMES\MOHAA\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault™ Spearhead -- (Electronic Arts Inc.)
"C:\Program Files\EA GAMES\MOHAA\fpupdate.exe" = C:\Program Files\EA GAMES\MOHAA\fpupdate.exe:*:Enabled:fpupdate -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe" = C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe:*:Enabled:Proxy Switcher -- File not found
"C:\Program Files\EA GAMES\MOHAA\moh_breakthrough.exe" = C:\Program Files\EA GAMES\MOHAA\moh_breakthrough.exe:*:Enabled:Medal of Honor Allied Assault™ Breakthrough -- (Electronic Arts Inc.)
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\GRAW.exe" = C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\GRAW.exe:*:Enabled:GRAW -- File not found
"C:\Program Files\EA GAMES\Medal of Honor Pacific Assault™\mohpa.exe" = C:\Program Files\EA GAMES\Medal of Honor Pacific Assault™\mohpa.exe:*:Disabled:Medal of Honor Pacific Assault™ -- (Electronic Arts Inc.)
"C:\Program Files\Sony\Media Manager for PSP 2.0\MediaManager.exe" = C:\Program Files\Sony\Media Manager for PSP 2.0\MediaManager.exe:*:Enabled:Media Manager for PSP 2.0 -- (Sony Media Software, Inc.)
"C:\Program Files\EA GAMES\Medal of Honor Pacific Assault™\mohpa_server.exe" = C:\Program Files\EA GAMES\Medal of Honor Pacific Assault™\mohpa_server.exe:*:Enabled:Medal of Honor Pacific Assault™ -- (Electronic Arts Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA 02173)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"F:\Installation\Setupx.exe" = F:\Installation\Setupx.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe" = C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Enabled:MediaManager9 Module -- (Sonic Solutions)
"C:\Program Files\Ubisoft\Gearbox Software\BrothersInArmsEiB\System\EiB.exe" = C:\Program Files\Ubisoft\Gearbox Software\BrothersInArmsEiB\System\EiB.exe:*:Enabled:Brothers In Arms Earned In Blood -- File not found
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05861C9A-98C0-4A8F-9A36-EB2F7E0FA2D1}" = Sony Media Manager for PSP 2.0
"{0893078B-8A9A-84D6-D393-119B9B0B033A}" = CCC Help French
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0A4065B8-44BF-4B34-A71D-CC5FA82E9480}" = 20081
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{0E2A60F7-2907-5718-FF16-7D8FAF70051E}" = CCC Help Chinese Standard
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14FAE013-AE19-4FC9-B5BF-E56ADC01ECE6}" = CCC Help Turkish
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17BB2784-6EE4-D7FF-FE63-58A3AD2B3708}" = CCC Help Russian
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18EF2DEE-DCB0-466A-ABA5-4C73E508530A}" = Medal of Honor Allied Assault™ Spearhead Patch 2.15
"{2000BE04-8B25-4776-93FC-830959521033}" = Nero 7 Essentials
"{233588CF-96D5-46AF-EF74-7EC382662791}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3260ECBC-9DDF-E7A3-0863-449473BC7BD5}" = CCC Help Chinese Traditional
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{39C6C229-CFFD-639E-229A-E463FCD87478}" = CCC Help German
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JRAID
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B8186F0-EAA2-012B-AE69-000000000000}" = TurboTax 2009 wnyiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{428102E6-8A39-48B9-8389-847F5A44A600}" = MSXML 4.0
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{48AFBB60-8CF5-4605-BB04-704DD8702B80}" = VZAccess Manager for RIM
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4F11FC80-CE8C-1BD4-5C39-EBE5744E5135}" = CCC Help Portuguese
"{4FAB2BA7-E16C-95D2-F326-60A68409373F}" = Catalyst Control Center HydraVision Full
"{529AA9A8-5020-6CFB-A809-BC5943C87077}" = CCC Help Thai
"{52C8FAA0-68CA-4AF9-8A7A-92CF3174CC77}" = Windows Media Player 9 Series Winter Fun Pack
"{53604297-26FD-516D-6FF7-1063BA64A0A4}" = Catalyst Control Center Graphics Light
"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55BD3B0B-F054-9341-514F-295A5F7EA450}" = CCC Help Spanish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault™
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = AsusUpdate
"{5A4FA9C8-ED56-08C3-153B-FC5C19256290}" = CCC Help Dutch
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = Roxio Media Manager
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}" = Easy CD & DVD Creator 6
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6C390D51-E5F0-4FCD-24C4-731ACAF34571}" = CCC Help Japanese
"{6E868E3B-94AF-4C8B-A5A7-304B8E723B2C}" = 28224
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7914BE1E-F186-4790-B8F4-9F63C52A41C1}" = Medal of Honor Allied Assault™ Spearhead
"{7AA8FA9A-1656-7DBD-633B-FE7A62BBED0C}" = CCC Help Czech
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D0C553E-4D2B-442F-8617-665F22B10B6E}" = 18026
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}" = Medal of Honor Allied Assault™ Breakthrough
"{824539D7-D27E-4CC3-B36F-6404B5EB726B}" = Medal of Honor Pacific Assault™ Patch2
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86B879A5-927E-4536-B5FC-17CA96B60078}" = Garmin Communicator Plugin
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8833B3BE-3422-41A9-A52D-CCAB3CB159CA}" = Prepware 8
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C22131B-8634-CECF-F0D1-A2ECC160B450}" = CCC Help Norwegian
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90274E54-11AD-4ECA-8704-0DCF1B9B334E}" = 180964
"{90FBE4D0-2ACA-A8A8-2CC4-CFFBAE528504}" = CCC Help Finnish
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9AC8A085-6644-4430-BD4F-C546E45239B8}" = 21666
"{9D74375E-3012-E7D2-9229-B220C91F326A}" = Catalyst Control Center Core Implementation
"{9EE8BDCA-7505-4895-D91E-8108DD16292E}" = CCC Help English
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8AF8BD3-61B5-7945-4D1B-217421F604FC}" = CCC Help Hungarian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA46E1C5-A709-6D9B-D99D-92E4C6E042A9}" = CCC Help Korean
"{AA62A33C-9E5E-3913-7D88-7E58A8CB1493}" = CCC Help Greek
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_931" = Adobe Acrobat 9.3.1 - CPSID_50570
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B653F643-A1B4-9936-2DB6-FEA9A3110D8D}" = ccc-core-preinstall
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B71C4637-0247-78CE-6A3D-D61645CB8921}" = ccc-utility
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC2E7C0B-1AC6-5F6C-F31D-E1E72D8E0B5C}" = CCC Help Danish
"{BE699EDC-9E58-4671-A23E-9CDF7F6F42F2}" = Medal of Honor Allied Assault™ Spearhead
"{BF8C7DA7-2DE6-ED67-6C82-6BE82F8BA8D3}" = Catalyst Control Center Graphics Full New
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3DE07CB-036F-45BC-85BD-D6FFC5D33603}" = TurboTax 2008 wnyiper
"{C409F338-BB20-6C4A-F40D-20CA07AF714C}" = CCC Help Polish
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4B7B2DC-E688-A9D6-6EC0-56AE540E074C}" = Catalyst Control Center Localization All
"{D9CD701B-3F04-FC69-D974-F3A7F5E9BA30}" = CCC Help Swedish
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{DF9046D6-5F1F-40B6-9782-3DC2D902D391}" = Medal of Honor Allied Assault™ Breakthrough Patch v2.40
"{E213321B-1E88-B38D-DAB2-D8CB9355984A}" = Skins
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E486A342-E322-455D-99D4-660D96DD0CEA}" = 33775
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F4148D8F-ED3A-3097-509C-04D5560220F9}" = ccc-core-static
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F7E68997-E626-952B-A7BF-F72066CD5D77}" = Catalyst Control Center Graphics Previews Common
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA36C82B-464D-51F2-A6A1-0BC9140BE067}" = CCC Help Italian
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AIM_7" = AIM 7
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"AutoRun Pro Enterprise_is1" = AutoRun Pro Enterprise version 12.0.4.132
"AviSynth" = AviSynth 2.5
"BroadCam" = BroadCam
"Citrix ICA Web Client" = MetaFrame Presentation Server Web Client for Win32
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Debut" = Debut Video Recorder
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
"DVDFab Platinum_is1" = DVDFab Platinum 4.1.1.6 Beta by Team RES
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ExpressBurn" = Express Burn
"Eyeline" = Eyeline
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"LimeWire" = LimeWire PRO 5.4.6
"Logon Loader" = Logon Loader 3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"MP3 Stream Editor_is1" = MP3 Stream Editor 3.4.4.1808
"mpegable DS" = mpegable DS decoder
"MSNINST" = MSN
"Nero PhotoShow Express" = Nero PhotoShow Express
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NYR - Madison Square Garden" = NYR - Madison Square Garden Screen Saver
"PCFriendly" = PCFriendly
"PowerISO" = PowerISO
"RealPlayer 6.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SoundTap" = SoundTap Streaming Audio Recorder
"Switch" = Switch
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"VCast Music Essentials Manager" = V CAST Music Manager
"ViewpointMediaPlayer" = Viewpoint Media Player
"VRS" = VRS Recording System
"VX2" = VX2 Screen Saver
"WavePad" = WavePad Sound Editor
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/20/2010 00:49:11 | Computer Name = DESTRUCTOR | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shell32.dll, version 6.0.2900.5622, fault address 0x00057054.

Error - 5/20/2010 00:52:41 | Computer Name = DESTRUCTOR | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shell32.dll, version 6.0.2900.5622, fault address 0x00057054.

Error - 5/20/2010 00:53:06 | Computer Name = DESTRUCTOR | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shell32.dll, version 6.0.2900.5622, fault address 0x00057054.

Error - 5/20/2010 00:54:49 | Computer Name = DESTRUCTOR | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shell32.dll, version 6.0.2900.5622, fault address 0x00057054.

Error - 5/20/2010 00:55:54 | Computer Name = DESTRUCTOR | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shell32.dll, version 6.0.2900.5622, fault address 0x00057054.

Error - 5/28/2010 23:07:22 | Computer Name = DESTRUCTOR | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module ole32.dll,
version 5.1.2600.5512, fault address 0x00030f56.

Error - 6/6/2010 11:06:50 | Computer Name = DESTRUCTOR | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
ole32.dll, version 5.1.2600.5512, fault address 0x00030f56.

Error - 6/6/2010 11:15:14 | Computer Name = DESTRUCTOR | Source = MsiInstaller | ID = 1013
Description = Internal MSI error. Installer terminated prematurely.

Error - 6/6/2010 11:18:41 | Computer Name = DESTRUCTOR | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.46.0.1, faulting module mbam.dll,
version 1.46.0.0, fault address 0x00001990.

Error - 6/6/2010 11:23:44 | Computer Name = DESTRUCTOR | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.46.0.1, faulting module mbam.dll,
version 1.46.0.0, fault address 0x00001990.

[ System Events ]
Error - 6/6/2010 12:48:59 | Computer Name = DESTRUCTOR | Source = sfsync02 | ID = 262156
Description =

Error - 6/6/2010 12:49:31 | Computer Name = DESTRUCTOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/6/2010 12:49:46 | Computer Name = DESTRUCTOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 6/6/2010 12:49:59 | Computer Name = DESTRUCTOR | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 6/6/2010 12:49:59 | Computer Name = DESTRUCTOR | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 6/6/2010 12:49:59 | Computer Name = DESTRUCTOR | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 6/6/2010 12:49:59 | Computer Name = DESTRUCTOR | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 6/6/2010 12:49:59 | Computer Name = DESTRUCTOR | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AsIO cdudf_xp Fips intelppm IPSec MRxSmb NetBIOS NetBT Pivot RasAcd Rdbss SCDEmu Tcpip

Error - 6/6/2010 12:50:11 | Computer Name = DESTRUCTOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 6/6/2010 12:50:14 | Computer Name = DESTRUCTOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP