Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

OLT Old Timer

Started by cradlefatal , Jun 27 2010 09:09 PM

  • Please log in to reply

#1
cradlefatal
Posted 27 June 2010 - 09:09 PM

cradlefatal

    New Member

  • Member
  • Pip
  • 4 posts
OTL logfile created on: 6/27/2010 10:00:05 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Fatal_Cradle\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 84.00 Mb Available Physical Memory | 16.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 14.61 Gb Free Space | 37.39% Space Free | Partition Type: NTFS
Drive D: | 109.99 Gb Total Space | 85.63 Gb Free Space | 77.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 74.51 Gb Total Space | 43.98 Gb Free Space | 59.03% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WILSONGURLS
Current User Name: Fatal_Cradle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/27 20:04:59 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fatal_Cradle\Desktop\OTL.exe
PRC - [2010/04/09 01:57:57 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/06/27 20:04:59 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fatal_Cradle\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MSCamSvc)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2010/06/25 21:33:33 | 002,561,624 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3725.dll -- (Akamai)
SRV - [2010/06/16 13:59:06 | 001,352,832 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- G:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- G:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Stopped] -- G:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/17 06:21:00 | 003,532,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)


========== Driver Services (SafeList) ==========

DRV - [2010/06/05 13:59:04 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/06 15:39:24 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 15:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 15:34:28 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 15:34:00 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 15:33:48 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 15:33:30 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/01/26 17:13:41 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/01/26 17:13:39 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/05/24 12:49:26 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/10/12 02:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/12 01:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2006/10/13 17:04:28 | 001,966,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2005/01/03 19:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/13 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 01:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 01:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 01:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 03:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/07/14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/03/24 09:12:44 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/24 00:16:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/18 12:21:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/03 18:26:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/06 19:44:27 | 000,000,000 | ---D | M]

[2009/07/18 02:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fatal_Cradle\Application Data\Mozilla\Extensions
[2009/07/18 02:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fatal_Cradle\Application Data\Mozilla\Extensions\[email protected]
[2010/06/27 18:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fatal_Cradle\Application Data\Mozilla\Firefox\Profiles\827a91k1.default\extensions
[2009/12/15 17:08:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Fatal_Cradle\Application Data\Mozilla\Firefox\Profiles\827a91k1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/09 14:56:20 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Fatal_Cradle\Application Data\Mozilla\Firefox\Profiles\827a91k1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/08/18 14:44:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fatal_Cradle\Application Data\Mozilla\Firefox\Profiles\827a91k1.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2009/09/21 12:42:17 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Application Data\Mozilla\Firefox\Profiles\827a91k1.default\searchplugins\ask.xml
[2009/09/21 13:22:33 | 000,000,239 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Application Data\Mozilla\Firefox\Profiles\827a91k1.default\searchplugins\Search.xml
[2010/06/27 18:13:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/24 10:34:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/09/23 14:57:58 | 000,001,982 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AIM Search.xml
[2009/09/21 13:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2009/08/18 14:44:30 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/08/18 14:44:31 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml

O1 HOSTS File: ([2010/06/23 11:12:43 | 000,409,241 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 14153 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - D:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll File not found
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (Free TV Bar Toolbar) - {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files\Free_TV_Bar\tbFre0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Free TV Bar Toolbar) - {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files\Free_TV_Bar\tbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9C04E102-77FE-4B89-8B8E-FCFF3DCDE6C8} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Free TV Bar Toolbar) - {A0729639-D831-46C9-811B-9B0AA79FB45A} - C:\Program Files\Free_TV_Bar\tbFre0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe File not found
O4 - HKLM..\Run: [FamilyCyberAlert] C:\WINDOWS\System32\FCA\Syslogin.exe File not found
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Fatal_Cradle\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = D:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Krystal\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} http://www.worldwinn...ealornodeal.cab (DealOrNoDeal Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Diner%20Dash%20-%20Flo%20on%20the%20Go/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://gsn.worldwinn...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinn...ersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1211618462622 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1211618566590 (MUWebControl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} http://www.worldwinn...8/clue/clue.cab (Clue Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinn...man/hangman.cab (Hangman Control)
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinn...ly/monopoly.cab (Monopoly Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinn...i/mysterypi.cab (MysteryPI Control)
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://javadl-esd.su...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_07)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Diner%20Dash%20-%20Flo%20on%20the%20Go/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://l.yimg.com/jh...outLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\Schedule: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Fatal_Cradle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Fatal_Cradle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/23 14:48:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/27 20:05:02 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fatal_Cradle\Desktop\OTL.exe
[2010/06/27 20:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fatal_Cradle\Desktop\gmer
[2010/06/27 19:59:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/27 19:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/27 19:59:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/27 19:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/27 19:58:22 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Fatal_Cradle\Desktop\random name.exe
[2010/06/27 19:55:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/27 19:54:57 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Fatal_Cradle\Desktop\erunt_setup.exe
[2010/06/27 19:43:08 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fatal_Cradle\Desktop\TFC.exe
[2010/06/27 19:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fatal_Cradle\Application Data\HP
[2010/06/27 19:26:38 | 001,145,080 | ---- | C] (PlaySushi LLC) -- C:\Documents and Settings\Fatal_Cradle\Desktop\SetupPlaySushi.exe
[2010/06/27 18:04:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2010/06/26 21:53:05 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/26 21:53:04 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/26 21:53:04 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/26 21:53:03 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/26 21:53:02 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/26 21:53:02 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/26 21:53:02 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/26 21:52:20 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/26 21:52:20 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/06/26 14:22:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Fatal_Cradle\Recent
[2010/06/24 23:49:03 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2010/06/24 23:49:03 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2010/06/24 23:49:03 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2010/06/24 23:49:03 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2010/06/24 23:49:03 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2010/06/24 23:49:03 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2010/06/24 23:49:02 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2010/06/24 23:49:02 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2010/06/24 23:49:02 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2010/06/24 23:49:02 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2010/06/24 23:49:02 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2010/06/23 20:22:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Fatal_Cradle\Cookies
[2010/06/20 14:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fatal_Cradle\Application Data\DivX
[2010/06/19 10:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fatal_Cradle\Application Data\HPAppData
[2010/06/18 14:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2010/06/18 12:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2010/06/18 12:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations
[2010/06/18 12:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/06/18 12:20:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/06/18 12:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/06/18 12:19:24 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/06/17 18:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\RebirthRO
[2010/06/15 13:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2010/06/04 13:57:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fatal_Cradle\My Documents\Downloads
[2010/05/26 15:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Line Detect
[2010/05/26 15:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2010/05/26 15:20:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Dell
[2010/05/26 15:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/05/26 00:25:05 | 003,532,120 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des
[2010/05/26 00:23:54 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys
[2010/05/26 00:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2010/05/25 22:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/05/18 21:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/05/15 00:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2010/05/13 12:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fatal_Cradle\Desktop\mj 101
[2010/05/07 18:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2010/05/06 19:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/05/06 19:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/05/05 21:08:35 | 000,413,696 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/05/05 21:08:35 | 000,110,592 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010/05/05 21:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2010/04/26 17:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/24 00:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/04/24 00:14:27 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/04/23 22:38:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/04/18 13:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/04/17 10:52:30 | 000,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe
[2010/04/17 10:50:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010/04/17 10:49:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2010/04/14 08:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\Disney
[2010/04/13 18:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo! Games
[2010/04/12 16:50:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fatal_Cradle\Local Settings\Application Data\Free_TV_Bar
[2010/04/09 16:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/04/09 16:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\Free_TV_Bar

========== Files - Modified Within 90 Days ==========

[2010/06/27 21:31:43 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Fatal_Cradle\ntuser.dat
[2010/06/27 20:04:59 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fatal_Cradle\Desktop\OTL.exe
[2010/06/27 20:02:23 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\gmer.zip
[2010/06/27 20:00:56 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/27 19:59:03 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Fatal_Cradle\Desktop\random name.exe
[2010/06/27 19:55:31 | 000,000,659 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/27 19:55:24 | 000,000,515 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\NTREGOPT.lnk
[2010/06/27 19:55:24 | 000,000,502 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\ERUNT.lnk
[2010/06/27 19:54:58 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Fatal_Cradle\Desktop\erunt_setup.exe
[2010/06/27 19:43:09 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fatal_Cradle\Desktop\TFC.exe
[2010/06/27 19:26:49 | 001,145,080 | ---- | M] (PlaySushi LLC) -- C:\Documents and Settings\Fatal_Cradle\Desktop\SetupPlaySushi.exe
[2010/06/27 18:16:21 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\jagex_runescape_preferences2.dat
[2010/06/27 18:15:59 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\jagex_runescape_preferences.dat
[2010/06/27 18:06:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\jagex__preferences3.dat
[2010/06/27 18:03:19 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RebirthRO.lnk
[2010/06/27 18:01:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/27 18:00:13 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1390067357-682003330-1003.job
[2010/06/27 18:00:13 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1390067357-682003330-1003.job
[2010/06/27 11:55:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Fatal_Cradle\ntuser.ini
[2010/06/26 21:53:05 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/06/26 21:53:03 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/26 21:46:09 | 052,566,928 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\setup_av_free.exe
[2010/06/26 14:21:42 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/24 15:18:17 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/24 12:59:13 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/06/23 11:12:43 | 000,409,241 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/22 20:34:15 | 000,002,406 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/06/22 20:34:09 | 000,404,228 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100623-111243.backup
[2010/06/22 13:16:57 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1390067357-682003330-1010.job
[2010/06/22 13:16:57 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1390067357-682003330-1010.job
[2010/06/21 23:11:49 | 000,000,444 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/21 21:55:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/21 21:45:09 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/21 19:21:11 | 000,005,093 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/06/21 14:51:20 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1390067357-682003330-1009.job
[2010/06/21 14:51:20 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1390067357-682003330-1009.job
[2010/06/21 14:45:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/21 09:32:02 | 004,816,674 | -H-- | M] () -- C:\Documents and Settings\Fatal_Cradle\Local Settings\Application Data\IconCache.db
[2010/06/20 09:08:08 | 000,106,688 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\0822102705.jpg
[2010/06/19 15:12:01 | 000,073,800 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/19 14:01:44 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/19 13:04:59 | 000,000,096 | -H-- | M] () -- C:\WINDOWS\System32\HsInfo.dat
[2010/06/19 10:43:53 | 000,146,215 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\My Documents\lll.xps
[2010/06/19 10:37:42 | 000,146,207 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\My Documents\iii.xps
[2010/06/19 10:37:32 | 000,233,586 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\My Documents\uu.xps
[2010/06/19 10:34:33 | 000,233,587 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\My Documents\hhh.xps
[2010/06/19 02:37:07 | 000,286,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/18 14:05:22 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\WebReg HP Deskjet D1600 series.job
[2010/06/18 14:02:10 | 000,168,516 | ---- | M] () -- C:\WINDOWS\hphins33.dat
[2010/06/18 12:21:53 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
[2010/06/18 12:21:02 | 000,000,888 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/06/18 12:20:39 | 000,001,666 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
[2010/06/11 15:45:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/11 15:36:28 | 000,501,230 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/11 15:36:28 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/11 15:36:28 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/05 13:59:04 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/06/03 22:31:30 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/02 23:26:02 | 000,019,485 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\Mcgee.jpg
[2010/06/02 23:25:32 | 000,037,851 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\Schitzo.jpg
[2010/06/02 23:25:04 | 000,021,561 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\Joe3.jpg
[2010/06/02 23:24:13 | 000,067,557 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\Joe2.jpg
[2010/06/02 23:23:13 | 000,042,128 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\Joe1.jpg
[2010/06/02 10:44:42 | 000,110,498 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\2591f5ef11.jpg
[2010/05/26 15:32:29 | 000,000,493 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2010/05/23 11:09:59 | 000,395,882 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100606-112258.backup
[2010/05/22 00:47:12 | 000,000,683 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/16 13:57:31 | 000,395,882 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100523-110959.backup
[2010/05/10 15:32:14 | 000,393,750 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100516-135731.backup
[2010/05/06 15:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 15:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 15:39:24 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 15:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 15:34:28 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 15:34:00 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 15:33:56 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 15:33:48 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 15:33:30 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/05 21:08:35 | 000,413,696 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/05/05 21:08:35 | 000,110,592 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010/05/04 18:12:06 | 000,393,750 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100510-153214.backup
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 11:52:11 | 000,393,390 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100504-181206.backup
[2010/04/26 17:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/24 00:21:13 | 000,870,128 | ---- | M] () -- C:\WINDOWS\System32\mcs.rma
[2010/04/24 00:21:13 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\BB42EB
[2010/04/24 00:18:20 | 000,010,895 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/04/24 00:14:27 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/04/23 22:40:14 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/23 22:40:11 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/17 14:22:46 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/04/10 14:41:15 | 000,386,588 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100427-115211.backup
[2010/04/08 14:08:32 | 000,000,543 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\World of Warcraft.lnk
[2010/03/30 02:03:42 | 000,001,213 | ---- | M] () -- C:\WINDOWS\ARCADE2.INI

========== Files Created - No Company Name ==========

[2010/06/27 20:02:24 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\gmer.zip
[2010/06/27 19:59:41 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/27 19:55:31 | 000,000,659 | ---- | C] () -- C:\Documents and Settings\Fatal_Cradle\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/27 19:55:24 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\NTREGOPT.lnk
[2010/06/27 19:55:24 | 000,000,502 | ---- | C] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\ERUNT.lnk
[2010/06/27 18:06:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Fatal_Cradle\jagex__preferences3.dat
[2010/06/27 18:06:18 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Fatal_Cradle\jagex_runescape_preferences2.dat
[2010/06/27 18:04:52 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Fatal_Cradle\jagex_runescape_preferences.dat
[2010/06/26 21:53:05 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/06/26 21:43:17 | 052,566,928 | ---- | C] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\setup_av_free.exe
[2010/06/24 23:49:03 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2010/06/24 23:49:02 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2010/06/24 23:49:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2010/06/24 12:59:13 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/06/24 12:59:13 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/06/22 20:21:18 | 000,002,406 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/06/21 23:11:49 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/21 13:47:30 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1390067357-682003330-1003.job
[2010/06/21 13:47:30 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1390067357-682003330-1003.job
[2010/06/20 09:08:06 | 000,106,688 | ---- | C] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\0822102705.jpg
[2010/06/19 10:46:58 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat
[2010/06/19 10:37:41 | 000,146,207 | ---- | C] () -- C:\Documents and Settings\Fatal_Cradle\My Documents\iii.xps
[2010/06/19 10:37:30 | 000,233,586 | ---- | C] () -- C:\Documents and Settings\Fatal_Cradle\My Documents\uu.xps
[2010/06/19 10:36:52 | 000,146,215 | ---- | C] () -- C:\Documents and Settings\Fatal_Cradle\My Documents\lll.xps
[2010/06/19 10:34:28 | 000,233,587 | ---- | C] () -- C:\Documents and Settings\Fatal_Cradle\My Documents\hhh.xps
[2010/06/19 00:50:25 | 000,166,352 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/18 14:05:21 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\WebReg HP Deskjet D1600 series.job
[2010/06/18 13:58:39 | 000,000,512 | ---- | C] () -- C:\WINDOWS\hphmdl33.dat.temp
[2010/06/18 12:21:53 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
[2010/06/18 12:21:02 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/06/18 12:20:39 | 000,001,666 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
[2010/06/18 12:13:48 | 000,168,516 | ---- | C] () -- C:\WINDOWS\hphins33.dat
[2010/06/18 12:13:48 | 000,001,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/06/18 12:13:48 | 000,000,512 | ---- | C] () -- C:\WINDOWS\hphmdl33.dat
[2010/06/17 18:09:44 | 000,002,337 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RebirthRO.lnk
[2010/06/08 23:44:37 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1390067357-682003330-1009.job
[2010/06/08 23:44:36 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1390067357-682003330-1009.job
[2010/06/02 23:26:02 | 000,019,485 | ---- | C] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\Mcgee.jpg
[2010/06/02 23:25:32 | 000,037,851 | ---- | C] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\Schitzo.jpg
[2010/06/02 23:25:04 | 000,021,561 | ---- | C] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\Joe3.jpg
[2010/06/02 23:24:13 | 000,067,557 | ---- | C] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\Joe2.jpg
[2010/06/02 23:23:02 | 000,042,128 | ---- | C] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\Joe1.jpg
[2010/06/02 10:44:39 | 000,110,498 | ---- | C] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\2591f5ef11.jpg
[2010/05/26 15:32:28 | 000,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2010/05/26 00:23:54 | 000,005,174 | ---- | C] () -- C:\WINDOWS\System32\nppt9x.vxd
[2010/05/16 13:54:39 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Fatal_Cradle\ntuser.dat.LOG
[2010/05/08 01:15:44 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1390067357-682003330-1010.job
[2010/05/08 01:15:39 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1390067357-682003330-1010.job
[2010/04/20 14:03:20 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/08 14:35:43 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/05 10:52:02 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2009/12/24 17:58:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2009/08/10 20:06:13 | 000,000,026 | ---- | C] () -- C:\WINDOWS\ulead32.ini
[2009/08/10 19:36:44 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2009/08/03 10:23:28 | 000,005,093 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/02 19:17:45 | 000,001,213 | ---- | C] () -- C:\WINDOWS\ARCADE2.INI
[2008/07/18 16:50:30 | 000,010,895 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/10 15:37:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2008/06/02 12:36:29 | 000,000,699 | ---- | C] () -- C:\WINDOWS\PSTUDIO.INI
[2008/05/25 09:21:01 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/05/24 01:48:30 | 000,000,018 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2008/05/24 01:48:26 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/05/24 01:04:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/23 22:29:28 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/10/12 01:11:58 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/03/23 01:23:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\mslscnoud.dll
[2006/04/27 05:19:01 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2006/04/05 22:19:56 | 000,009,845 | ---- | C] () -- C:\WINDOWS\System32\mswsnnoue.dll
[2005/04/27 13:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2004/09/22 13:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2010/06/26 21:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/14 23:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/05/07 10:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/23 22:38:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/06/05 14:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fatal_Cradle\Application Data\LimeWire
[2009/11/20 11:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fatal_Cradle\Application Data\The Labyrinth Plus! Edition
[2009/05/30 01:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fatal_Cradle\Application Data\Webshots
[2010/06/19 14:01:44 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/06/21 16:41:11 | 000,022,844 | ---- | M] () -- C:\aaw7boot.log
[2008/05/23 14:48:18 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/05/23 14:43:41 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008/05/23 14:48:18 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/05/23 14:48:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/05/23 14:48:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/12 09:02:33 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/23 18:25:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/27 18:01:03 | 1258,291,200 | -HS- | M] () -- C:\pagefile.sys
[2010/06/24 23:49:28 | 000,000,330 | ---- | M] () -- C:\rapport.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009/04/16 14:08:20 | 000,312,832 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp70v.dll
[2005/04/08 19:43:36 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll

< %systemroot%\*./mp /s >

< CREATERSTOREPOINT >

< %systemroot%\system32\*.dll/lockedfiles >
Invalid Switch: lockedfiles

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/05/23 09:36:45 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/05/23 09:36:45 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/05/23 09:36:45 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 19:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 183 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8927A071
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5BB3657
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D6686D8
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF2E2F0E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:399EDB8F
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDD9C638
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BF08751
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD3C973
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4712EE9

< End of report >
[2010/06/27 22:04:12 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Fatal_Cradle\ntuser.dat.LOG
[2010/06/27 22:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fatal_Cradle\Desktop
[2010/06/27 22:03:50 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Akamai
[2010/06/27 21:31:43 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Fatal_Cradle\ntuser.dat
[2010/06/27 21:28:48 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Fatal_Cradle\Recent
[2010/06/27 20:04:59 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fatal_Cradle\Desktop\OTL.exe
[2010/06/27 20:02:23 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\gmer.zip
[2010/06/27 20:00:56 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/27 20:00:56 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/27 20:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop
[2010/06/27 19:59:37 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2010/06/27 19:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/27 19:59:03 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Fatal_Cradle\Desktop\random name.exe
[2010/06/27 19:55:31 | 000,000,659 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/27 19:55:24 | 000,000,515 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\NTREGOPT.lnk
[2010/06/27 19:55:24 | 000,000,502 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\ERUNT.lnk
[2010/06/27 19:54:58 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Fatal_Cradle\Desktop\erunt_setup.exe
[2010/06/27 19:47:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/06/27 19:43:09 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fatal_Cradle\Desktop\TFC.exe
[2010/06/27 19:28:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Fatal_Cradle\Application Data
[2010/06/27 19:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fatal_Cradle\Application Data\HP
[2010/06/27 19:26:49 | 001,145,080 | ---- | M] (PlaySushi LLC) -- C:\Documents and Settings\Fatal_Cradle\Desktop\SetupPlaySushi.exe
[2010/06/27 18:16:21 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\jagex_runescape_preferences2.dat
[2010/06/27 18:15:59 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\jagex_runescape_preferences.dat
[2010/06/27 18:06:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\jagex__preferences3.dat
[2010/06/27 18:03:19 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RebirthRO.lnk
[2010/06/27 18:01:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/27 18:00:13 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1390067357-682003330-1003.job
[2010/06/27 18:00:13 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1390067357-682003330-1003.job
[2010/06/27 17:19:46 | 000,000,000 | ---D | M] -- C:\Program Files\RebirthRO
[2010/06/27 11:55:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Fatal_Cradle\ntuser.ini
[2010/06/26 21:53:05 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/06/26 21:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/26 21:46:09 | 052,566,928 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\setup_av_free.exe
[2010/06/26 14:21:42 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/24 15:18:17 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/24 12:59:13 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/06/23 20:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fatal_Cradle\Local Settings\Application Data\Microsoft
[2010/06/23 20:22:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Fatal_Cradle\Cookies
[2010/06/23 20:21:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Fatal_Cradle\Local Settings
[2010/06/22 22:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fatal_Cradle\Local Settings\Application Data\Google
[2010/06/22 20:34:15 | 000,002,406 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/06/22 13:58:29 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/06/22 13:16:57 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1390067357-682003330-1010.job
[2010/06/22 13:16:57 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1390067357-682003330-1010.job
[2010/06/21 21:55:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/21 21:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/06/21 21:53:10 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/06/21 21:51:48 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2010/06/21 21:48:59 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/06/21 21:45:09 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/21 19:21:11 | 000,005,093 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/06/21 16:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fatal_Cradle\Application Data\HPAppData
[2010/06/21 14:51:20 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1390067357-682003330-1009.job
[2010/06/21 14:51:20 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1390067357-682003330-1009.job
[2010/06/21 14:45:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/21 09:32:02 | 004,816,674 | -H-- | M] () -- C:\Documents and Settings\Fatal_Cradle\Local Settings\Application Data\IconCache.db
[2010/06/20 14:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/06/20 14:01:15 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/06/20 14:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fatal_Cradle\Application Data\DivX
[2010/06/20 13:57:44 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\DivX Shared
[2010/06/20 09:08:08 | 000,106,688 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\0822102705.jpg
[2010/06/19 15:12:01 | 000,073,800 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/19 14:01:44 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/19 10:43:53 | 000,146,215 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\My Documents\lll.xps
[2010/06/19 10:43:51 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Fatal_Cradle\My Documents
[2010/06/19 10:37:42 | 000,146,207 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\My Documents\iii.xps
[2010/06/19 10:37:32 | 000,233,586 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\My Documents\uu.xps
[2010/06/19 10:34:33 | 000,233,587 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\My Documents\hhh.xps
[2010/06/19 00:50:25 | 000,166,352 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/18 14:05:22 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\WebReg HP Deskjet D1600 series.job
[2010/06/18 14:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/06/18 14:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2010/06/18 14:02:13 | 000,001,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/06/18 14:02:10 | 000,168,516 | ---- | M] () -- C:\WINDOWS\hphins33.dat
[2010/06/18 12:21:53 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
[2010/06/18 12:21:53 | 000,000,000 | ---D | M] -- C:\Program Files\HP Photo Creations
[2010/06/18 12:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations
[2010/06/18 12:21:43 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/06/18 12:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/06/18 12:21:02 | 000,000,888 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/06/18 12:21:02 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu
[2010/06/18 12:20:39 | 000,001,666 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
[2010/06/18 12:20:20 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/06/18 12:20:20 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/06/11 15:45:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/11 15:36:28 | 000,501,230 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/11 15:36:28 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/11 15:36:28 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/05 14:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fatal_Cradle\Application Data\LimeWire
[2010/06/04 18:03:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/06/03 22:31:30 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/02 23:26:02 | 000,019,485 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\Mcgee.jpg
[2010/06/02 23:25:32 | 000,037,851 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\Schitzo.jpg
[2010/06/02 23:25:04 | 000,021,561 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\Joe3.jpg
[2010/06/02 23:24:13 | 000,067,557 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\Joe2.jpg
[2010/06/02 23:23:13 | 000,042,128 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\Joe1.jpg
[2010/06/02 10:44:42 | 000,110,498 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\2591f5ef11.jpg
[2010/05/26 15:32:29 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2010/05/26 15:32:28 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/05/26 15:20:59 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2010/05/26 15:10:59 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2010/05/26 00:23:48 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\INCA Shared
[2010/05/25 22:39:29 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2010/05/23 16:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fatal_Cradle\Local Settings\Application Data\Temp
[2010/05/15 00:09:46 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\SWF Studio
[2010/05/14 23:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/05/12 22:57:59 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/05/07 10:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/06 19:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/05/06 19:44:19 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2010/05/06 17:36:26 | 000,000,000 | ---D | M] -- C:\Program Files\RealArcade
[2010/05/06 09:35:13 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo! Games
[2010/05/05 21:08:35 | 000,000,000 | ---D | M] -- C:\Program Files\OpenAL
[2010/04/29 20:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fatal_Cradle\Application Data\Adobe
[2010/04/29 10:42:14 | 000,000,000 | ---D | M] -- C:\Program Files\Free_TV_Bar
[2010/04/24 00:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/04/24 00:16:41 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Real
[2010/04/24 00:16:04 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/04/24 00:15:34 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\xing shared
[2010/04/23 22:38:45 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2010/04/23 22:38:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/04/17 14:22:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Fatal_Cradle\Application Data\Microsoft
[2010/04/17 10:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2010/04/14 08:12:18 | 000,000,000 | ---D | M] -- C:\Program Files\Disney
[2010/04/12 16:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fatal_Cradle\Local Settings\Application Data\Free_TV_Bar
[2010/04/09 16:34:56 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2010/04/09 15:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fatal_Cradle\Application Data\Mozilla
[2010/04/09 14:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/04/09 02:32:11 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/04/09 02:20:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/05 10:52:03 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper

========== Files - Modified Within 90 Days ==========

[2010/06/27 21:31:43 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Fatal_Cradle\ntuser.dat
[2010/06/27 20:04:59 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fatal_Cradle\Desktop\OTL.exe
[2010/06/27 20:02:23 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\gmer.zip
[2010/06/27 20:00:56 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/27 19:59:03 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Fatal_Cradle\Desktop\random name.exe
[2010/06/27 19:55:31 | 000,000,659 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/27 19:55:24 | 000,000,515 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\NTREGOPT.lnk
[2010/06/27 19:55:24 | 000,000,502 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\ERUNT.lnk
[2010/06/27 19:54:58 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Fatal_Cradle\Desktop\erunt_setup.exe
[2010/06/27 19:43:09 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fatal_Cradle\Desktop\TFC.exe
[2010/06/27 19:26:49 | 001,145,080 | ---- | M] (PlaySushi LLC) -- C:\Documents and Settings\Fatal_Cradle\Desktop\SetupPlaySushi.exe
[2010/06/27 18:16:21 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\jagex_runescape_preferences2.dat
[2010/06/27 18:15:59 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\jagex_runescape_preferences.dat
[2010/06/27 18:06:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\jagex__preferences3.dat
[2010/06/27 18:03:19 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RebirthRO.lnk
[2010/06/27 18:01:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/27 18:00:13 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1390067357-682003330-1003.job
[2010/06/27 18:00:13 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1390067357-682003330-1003.job
[2010/06/27 11:55:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Fatal_Cradle\ntuser.ini
[2010/06/26 21:53:05 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/06/26 21:53:03 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/26 21:46:09 | 052,566,928 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\setup_av_free.exe
[2010/06/26 14:21:42 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/24 15:18:17 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/24 12:59:13 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/06/23 11:12:43 | 000,409,241 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/22 20:34:15 | 000,002,406 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/06/22 20:34:09 | 000,404,228 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100623-111243.backup
[2010/06/22 13:16:57 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1390067357-682003330-1010.job
[2010/06/22 13:16:57 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1390067357-682003330-1010.job
[2010/06/21 23:11:49 | 000,000,444 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/21 21:55:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/21 21:45:09 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/21 19:21:11 | 000,005,093 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/06/21 14:51:20 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-1390067357-682003330-1009.job
[2010/06/21 14:51:20 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-1390067357-682003330-1009.job
[2010/06/21 14:45:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/21 09:32:02 | 004,816,674 | -H-- | M] () -- C:\Documents and Settings\Fatal_Cradle\Local Settings\Application Data\IconCache.db
[2010/06/20 09:08:08 | 000,106,688 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\0822102705.jpg
[2010/06/19 15:12:01 | 000,073,800 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/19 14:01:44 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/19 13:04:59 | 000,000,096 | -H-- | M] () -- C:\WINDOWS\System32\HsInfo.dat
[2010/06/19 10:43:53 | 000,146,215 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\My Documents\lll.xps
[2010/06/19 10:37:42 | 000,146,207 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\My Documents\iii.xps
[2010/06/19 10:37:32 | 000,233,586 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\My Documents\uu.xps
[2010/06/19 10:34:33 | 000,233,587 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\My Documents\hhh.xps
[2010/06/19 02:37:07 | 000,286,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/18 14:05:22 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\WebReg HP Deskjet D1600 series.job
[2010/06/18 14:02:10 | 000,168,516 | ---- | M] () -- C:\WINDOWS\hphins33.dat
[2010/06/18 12:21:53 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
[2010/06/18 12:21:02 | 000,000,888 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/06/18 12:20:39 | 000,001,666 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
[2010/06/11 15:45:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/11 15:36:28 | 000,501,230 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/11 15:36:28 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/11 15:36:28 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/05 13:59:04 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/06/03 22:31:30 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/02 23:26:02 | 000,019,485 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\Mcgee.jpg
[2010/06/02 23:25:32 | 000,037,851 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\Schitzo.jpg
[2010/06/02 23:25:04 | 000,021,561 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\Joe3.jpg
[2010/06/02 23:24:13 | 000,067,557 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\Joe2.jpg
[2010/06/02 23:23:13 | 000,042,128 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\Joe1.jpg
[2010/06/02 10:44:42 | 000,110,498 | ---- | M] () -- C:\Documents and Settings\Fatal_Cradle\Desktop\2591f5ef11.jpg

========== LOP Check ==========

[2010/06/26 21:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/14 23:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/05/07 10:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/23 22:38:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/06/05 14:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fatal_Cradle\Application Data\LimeWire
[2009/11/20 11:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fatal_Cradle\Application Data\The Labyrinth Plus! Edition
[2009/05/30 01:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fatal_Cradle\Application Data\Webshots
[2010/06/19 14:01:44 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/06/21 16:41:11 | 000,022,844 | ---- | M] () -- C:\aaw7boot.log
[2008/05/23 14:48:18 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/05/23 14:43:41 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008/05/23 14:48:18 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/05/23 14:48:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/05/23 14:48:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/12 09:02:33 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/23 18:25:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/27 18:01:03 | 1258,291,200 | -HS- | M] () -- C:\pagefile.sys
[2010/06/24 23:49:28 | 000,000,330 | ---- | M] () -- C:\rapport.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009/04/16 14:08:20 | 000,312,832 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp70v.dll
[2005/04/08 19:43:36 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll

< %systemroot%\*./mp /s >

< CREATERSTOREPOINT >

< %systemroot%\system32\*.dll/lockedfiles >
Invalid Switch: lockedfiles


< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/05/23 09:36:45 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/05/23 09:36:45 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/05/23 09:36:45 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 19:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 183 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8927A071
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5BB3657
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D6686D8
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF2E2F0E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:399EDB8F
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDD9C638
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BF08751
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD3C973
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4712EE9

< End of report >

OTL Extras logfile created on: 6/27/2010 10:00:05 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Fatal_Cradle\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 84.00 Mb Available Physical Memory | 16.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 14.61 Gb Free Space | 37.39% Space Free | Partition Type: NTFS
Drive D: | 109.99 Gb Total Space | 85.63 Gb Free Space | 77.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 74.51 Gb Total Space | 43.98 Gb Free Space | 59.03% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WILSONGURLS
Current User Name: Fatal_Cradle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\MICROS~4\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\PROGRA~1\MICROS~4\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"1034:TCP" = 1034:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = D:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\HP Software Update\hpwucli.exe" = D:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"D:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = D:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"G:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = G:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"G:\Program Files\Yahoo!\Messenger\YServer.exe" = G:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Documents and Settings\Owner\Application Data\Thinstall\Adobe Photoshop CS3\4000005700003h\mDNSResponder.exe" = C:\Documents and Settings\Owner\Application Data\Thinstall\Adobe Photoshop CS3\4000005700003h\mDNSResponder.exe:*:Enabled:mDNSResponder -- File not found
"G:\World of Warcraft\BackgroundDownloader.exe" = G:\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"G:\Program Files\Curse\CurseClient.exe" = G:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- ()
"C:\Program Files\SoftActivity\Activity Monitor\swatcher.exe" = C:\Program Files\SoftActivity\Activity Monitor\swatcher.exe:*:Enabled:Activity Monitor -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- ()
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Infogrames Interactive\Master of Orion 3\moo3.exe" = C:\Program Files\Infogrames Interactive\Master of Orion 3\moo3.exe:*:Enabled:MOO3_D -- (INFOGRAMES & QUICKSILVER SOFTWARE)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"D:\World of Warcraft\Launcher.exe" = D:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"D:\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe" = D:\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"G:\LimeWire\LimeWire.exe" = G:\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"D:\World of Warcraft\BackgroundDownloader.exe" = D:\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = D:\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = D:\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"D:\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = D:\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Documents and Settings\Owner\Desktop\AtulosOnline1_21\csao.exe" = C:\Documents and Settings\Owner\Desktop\AtulosOnline1_21\csao.exe:*:Enabled:Multimedia Fusion Stand Alone Application -- File not found
"D:\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = D:\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"G:\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = G:\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\GameHouse\Collapse II\Relapse.exe" = C:\Program Files\GameHouse\Collapse II\Relapse.exe:*:Enabled:Super Collapse! II -- (GameHouse, Inc.)
"C:\Program Files\Turbine\Dungeons and Dragons Online - Eberron Unlimited\dndclient.exe" = C:\Program Files\Turbine\Dungeons and Dragons Online - Eberron Unlimited\dndclient.exe:*:Enabled:dndclient -- File not found
"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService -- File not found
"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService -- File not found
"D:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = D:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\HP Software Update\hpwucli.exe" = D:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"D:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = D:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{178BAABD-0C95-4EB6-9E12-29A039EA27F6}" = Qwest eChat Support Tools
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{343A1706-26A4-45EA-88CF-37CA172B0F27}" = D1600
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BE6E1C1-177C-28C5-BAB5-D003609D4F1C}" = 7 Wonders of the Ancient World
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58762801-BA53-42B3-890B-C6B9CC8CFE26}" = QuickConnect
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81BD0427-6B0A-5725-8944-6A428CE8B642}" = Nanny Mania
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8A80F5D5-E45B-4097-8F55-39B5477FA4C9}" = RebirthRO
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver Software 14.0 Rel. 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C04E102-77FE-4B89-8B8E-FCFF3DCDE6C8}" = Mirar
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
"{CABAEEF9-DB89-9ACB-97E0-44D156FAC6AD}" = Diner Dash
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"7 Wonders of the Ancient World" = 7 Wonders of the Ancient World (remove only)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATT-HSI" = ATT-HSI
"ATT-PRT22" = ATT-PRT22
"avast5" = avast! Free Antivirus
"BFGC" = Big Fish Games Client
"BroadJump Client Foundation" = BroadJump Client Foundation
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CurseClient" = Curse Client
"Diner Dash" = Diner Dash (remove only)
"DivX Setup.divx.com" = DivX Setup
"ERUNT_is1" = ERUNT 1.1j
"Free_TV_Bar Toolbar" = Free_TV_Bar Toolbar
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"LimeWire" = LimeWire 5.2.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Master of Orion 3" = Master of Orion 3
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Mystery Case Files - Ravenhearst" = Mystery Case Files - Ravenhearst (remove only)
"Nanny Mania" = Nanny Mania (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenAL" = OpenAL
"Privacy Guardian_is1" = Privacy Guardian 4.1
"PROSet" = Intel® PRO Network Adapters and Drivers
"QuickTime" = QuickTime
"RealPlayer 12.0" = RealPlayer
"Return of Arcade 2.0" = Return of Arcade Anniversary Edition
"SBC.MCCInstall" = AT&T Self Support Tool
"Shockwave" = Shockwave
"Slingo Quest" = Slingo Quest (remove only)
"Solitaire_is1" = Solitaire
"Super Collapse! II" = Super Collapse! II
"Super Solitaire_is1" = Super Solitaire 1.07
"Switch" = Switch Sound File Converter
"Webshots Desktop_is1" = Webshots Desktop
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2004Setup" = Microsoft Works 2004 Setup Launcher
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/22/2010 1:19:29 PM | Computer Name = WILSONGURLS | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 800706ba: InitEventCollector fail

Error - 6/22/2010 1:19:41 PM | Computer Name = WILSONGURLS | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 800706ba: InitEventCollector fail

Error - 6/22/2010 2:26:32 PM | Computer Name = WILSONGURLS | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 6/22/2010 2:27:15 PM | Computer Name = WILSONGURLS | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 6/22/2010 11:15:56 PM | Computer Name = WILSONGURLS | Source = Application Error | ID = 1000
Description = Faulting application xpsviewer.exe, version 3.0.6920.1427, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 6/23/2010 12:13:09 PM | Computer Name = WILSONGURLS | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 6/23/2010 12:13:51 PM | Computer Name = WILSONGURLS | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 6/23/2010 8:52:35 PM | Computer Name = WILSONGURLS | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 6/21/2010 10:53:20 PM | Computer Name = WILSONGURLS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/21/2010 10:53:20 PM | Computer Name = WILSONGURLS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/21/2010 10:53:21 PM | Computer Name = WILSONGURLS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/21/2010 10:53:21 PM | Computer Name = WILSONGURLS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/21/2010 10:53:21 PM | Computer Name = WILSONGURLS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/21/2010 10:53:21 PM | Computer Name = WILSONGURLS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/22/2010 1:58:31 PM | Computer Name = WILSONGURLS | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 6/22/2010 1:58:31 PM | Computer Name = WILSONGURLS | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/25/2010 1:06:33 AM | Computer Name = WILSONGURLS | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 7130 minutes. NtpClient has no source of accurate
time.

Error - 6/25/2010 1:06:56 AM | Computer Name = WILSONGURLS | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 7129 minutes. NtpClient has no source of accurate
time.


< End of report >
  • 0

Advertisements

#2
RKinner
Posted 28 June 2010 - 12:45 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c
********************************************************************************

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll File not found
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9C04E102-77FE-4B89-8B8E-FCFF3DCDE6C8} - No CLSID value found.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_07)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O20 - Winlogon\Notify\Schedule: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]

*******************************************************************

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.




Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:

OTL Log
MBAM log
Combofix log

Ron

Edited by RKinner, 28 June 2010 - 12:45 AM.

  • 0

#3
cradlefatal
Posted 28 June 2010 - 01:26 PM

cradlefatal

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
only one problem can't copy and paste the virus messed that up too
  • 0

#4
cradlefatal
Posted 28 June 2010 - 02:44 PM

cradlefatal

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
All processes killed
Error: Unable to interpret <:OLT> in the current context!
Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1> in the current context!
Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http+127.0.0.1:5555> in the current context!
Error: Unable to interpret <02 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.> in the current context!
Error: Unable to interpret <02 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.> in the current context!
Error: Unable to interpret <02 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4F37-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll File not found> in the current context!
Error: Unable to interpret <02-BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.> in the current context!
Error: Unable to interpret <02 - BHO: (no name) - {AA58ED58ED58-O1DD-4d91-8333-CF10577473F7} - No CLSID value found.> in the current context!
Error: Unable to interpret <02 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.> in the current context!
Error: Unable to interpret <02 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.> in the current context!
Error: Unable to interpret <03 - HKLM\. .\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-00927A5CD4F} - No CLSID value found.> in the current context!
Error: Unable to interpret <03 - HKLM\. .\Toolbar\WebBrowser: (no name) {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.> in the current context!
Error: Unable to interpret <03 - HKLM\. .\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.> in the current context!
Error: Unable to interpret <03 - HKLM\ . .\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44EO-B742-2D9B88305F98} - No CLSID value found.> in the current context!
Error: Unable to interpret <03 - HKLM\. .\Toolbar\WebBrowser: (no name) - {9C04E102-77FE-4B89-8B8E-FCFF3DCDE6C8} - No CLSID value found.> in the current context!
Error: Unable to interpret <016 - DPF: {30528230-99f7-4bb4-88d8-fa 1d4f56a2ab} Reg Error: Value error. (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <016 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} Reg Error: Value error. (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <016 - DPF: {C8AEB218-8B7A-4E15-AC17-O338D99B80EB} Reg Error: Value error. (Reg error: Key error.)> in the current context!
Error: Unable to interpret <016 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_07)> in the current context!
Error: Unable to interpret <016- DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <016 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <020 - \Winlogon\Notify\Schedule: DllName - Reg Error: Value error. - Reg Error: Value error. File not found> in the current context!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default User

User: Fatal_Cradle
->Temp folder emptied: 640421 bytes
->Temporary Internet Files folder emptied: 65336 bytes
->Java cache emptied: 5343 bytes
->FireFox cache emptied: 51336495 bytes
->Flash cache emptied: 2120 bytes

User: Katie_Cody
->Temp folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 208 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 29788261 bytes
->Flash cache emptied: 572 bytes

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 78.00 mb

Error: Unable to interpret <[Reboot} > in the current context!

OTL by OldTimer - Version 3.2.7.0 log created on 06282010_153613

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_1b8.dat not found!

Registry entries deleted on Reboot...
  • 0

#5
RKinner
Posted 28 June 2010 - 06:34 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
You hit the Quick Scan button instead of RUN FIX. Please try the OTL script again and make sure you hit the Run Fix button.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP