Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected? Certain websites not working

Started by Sedg , Jul 05 2010 07:49 PM

  • Please log in to reply

#1
Sedg
Posted 05 July 2010 - 07:49 PM

Sedg

    New Member

  • Member
  • Pip
  • 2 posts
For a few days now I've been experiencing problems with certain websites. A few select websites that I normally visit will not load at all. I'll jsut get the message "Address can't be found", but the websites work perfectly on the PC in the other room. Also, the majority of the time when I click links, I'll get the very same error! This error will normally go away when I press the 'try again' button in Firefox or simply refresh..although sometimes it can take up to seven refresh attempts. It's a little irritating because I can't browse some of my favourite websites anymore. Any help would be greatly appreciated.

I've been unable to run Gmer, it just crashes my computer. I've managed to run OTL and the results are below.

OTL Log:


OTL logfile created on: 06/07/2010 02:37:26 - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Sedg\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 320.03 Gb Free Space | 68.71% Space Free | Partition Type: NTFS
Drive D: | 279.46 Gb Total Space | 257.11 Gb Free Space | 92.00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CRAIG
Current User Name: Sedg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/06 02:36:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sedg\Desktop\OTL.exe
PRC - [2010/03/31 17:02:08 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/19 15:03:36 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2010/03/01 17:13:44 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/01 17:13:31 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/08/22 10:53:39 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/22 10:53:39 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/22 10:53:37 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/22 10:53:33 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/22 10:53:31 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/14 15:01:21 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\aol\1218615864\ee\aolsoftware.exe
PRC - [2006/10/23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2005/10/08 16:27:48 | 000,155,648 | ---- | M] () -- C:\Program Files\Razer\Copperhead\razerhid.exe
PRC - [2005/07/22 15:02:46 | 000,159,744 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Copperhead\razerofa.exe
PRC - [2003/01/07 17:28:44 | 000,046,080 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE


========== Modules (SafeList) ==========

MOD - [2010/07/06 02:36:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sedg\Desktop\OTL.exe
MOD - [2008/04/14 13:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - File not found [Auto | Stopped] -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\Sedg\Desktop\my wow server\repack\AC Web Ultimate Repack\Server\apache\bin\apache.exe -- (Apache2.2)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/01 17:13:31 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/08/22 10:53:33 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/22 10:53:31 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2003/01/07 17:28:44 | 000,046,080 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE -- (C-DillaSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva280.sys -- (XDva280)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\gwausb.sys -- (wanusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\PPPoEWin.SYS -- (PPPoEWin)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Sedg\Desktop\pb\pbfilter.sys -- (pbfilter)
DRV - [2009/08/22 10:53:39 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/22 10:53:39 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/16 18:41:15 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/05/11 15:01:29 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/04/24 16:13:14 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/04/14 16:09:56 | 005,069,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/01/15 08:19:00 | 006,301,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/11/01 13:31:08 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/08/13 12:31:03 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/14 13:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2007/12/05 14:45:30 | 000,104,064 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/01/29 21:20:04 | 000,361,728 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/01/29 21:19:48 | 000,039,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/08/12 10:11:10 | 000,019,020 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Razerlow.sys -- (Razerlow)
DRV - [2004/07/09 04:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2003/01/10 22:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2003/01/07 17:28:44 | 000,058,160 | ---- | M] (Macrovision) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CDANT.SYS -- (C-Dilla)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...romesbox-en-us"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...en-GB:official"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..keyword.URL: "http://slirsredirect...b-en-us&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 12:08:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/05/14 16:06:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/16 18:46:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 17:02:14 | 000,000,000 | ---D | M]

[2009/04/08 17:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Mozilla\Extensions
[2009/04/08 17:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Mozilla\Extensions\[email protected]
[2010/07/05 18:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Mozilla\Firefox\Profiles\cgjmpeyl.default\extensions
[2009/09/02 15:34:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sedg\Application Data\Mozilla\Firefox\Profiles\cgjmpeyl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/12 20:14:54 | 000,004,546 | ---- | M] () -- C:\Documents and Settings\Sedg\Application Data\Mozilla\Firefox\Profiles\cgjmpeyl.default\searchplugins\aim-search.xml
[2009/10/29 15:44:10 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Sedg\Application Data\Mozilla\Firefox\Profiles\cgjmpeyl.default\searchplugins\askcom.xml
[2008/08/17 18:27:02 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\Sedg\Application Data\Mozilla\Firefox\Profiles\cgjmpeyl.default\searchplugins\daemon-search.xml
[2010/07/05 18:01:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/02/09 20:17:19 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/02/09 20:17:19 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/02/09 20:17:19 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/02/09 20:17:19 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [4oD] C:\Program Files\Kontiki\KHost.exe File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe File not found
O4 - HKCU..\Run: [AOL Dialer] C:\Program Files\Common Files\aol\acs\AOLDial.exe (AOL LLC)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe File not found
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\Sedg\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.63,93.188.161.203
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\RelevantKnowledge: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Sedg\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sedg\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/12 11:48:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co....hors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/06 02:36:04 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sedg\Desktop\OTL.exe
[2010/07/06 01:33:52 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sedg\Desktop\TFC.exe
[2010/07/05 22:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/05 22:19:06 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/07/05 20:31:14 | 000,322,352 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\Sedg\Desktop\utorrent.exe
[2010/07/05 19:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\SquareEnix
[2010/07/05 19:28:07 | 123,225,432 | ---- | C] (SQUARE ENIX CO., LTD.) -- C:\Documents and Settings\Sedg\Desktop\ffxivsetup(2).exe
[2010/07/05 19:16:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/07/05 18:02:01 | 000,567,624 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Sedg\Desktop\ChromeSetup.exe
[2010/07/05 15:39:00 | 010,341,832 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Sedg\Desktop\windows-kb890830-v3.8.exe
[2010/06/30 18:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Memories of Magic
[2010/06/30 17:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Enterbrain
[2010/06/30 17:48:23 | 000,000,000 | ---D | C] -- C:\Program Files\Enterbrain
[2010/06/30 17:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\Desktop\rpgmaker
[2010/06/29 16:36:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\Desktop\gaming
[2010/06/29 16:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\Local Settings\Application Data\gctmp
[2010/06/29 16:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\Local Settings\Application Data\Xenocode
[2010/06/29 16:33:13 | 000,000,000 | ---D | C] -- C:\Program Files\Game Cam V2
[2010/06/13 18:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\Desktop\stuff
[2010/06/10 19:21:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\Desktop\supernatural
[2010/06/10 02:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\Desktop\women
[2010/06/07 22:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\My Documents\SimCity 4
[2010/06/07 22:15:33 | 000,000,000 | ---D | C] -- C:\Program Files\Maxis
[2010/06/07 22:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\Desktop\sim city 4

========== Files - Modified Within 30 Days ==========

[2010/07/06 02:36:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sedg\Desktop\OTL.exe
[2010/07/06 02:20:00 | 000,000,244 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/07/06 02:17:03 | 000,199,974 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/06 02:16:21 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\38c2adc5.job
[2010/07/06 02:16:20 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/07/06 02:15:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/06 02:15:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/06 02:04:03 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Sedg\Desktop\e73mxb44.exe
[2010/07/06 01:38:38 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\Sedg\ntuser.dat
[2010/07/06 01:33:58 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sedg\Desktop\TFC.exe
[2010/07/05 22:42:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/05 22:35:54 | 000,001,982 | ---- | M] () -- C:\Documents and Settings\Sedg\Desktop\HiJackThis.lnk
[2010/07/05 22:35:32 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Sedg\Desktop\HiJackThis.msi
[2010/07/05 21:53:08 | 003,170,682 | -H-- | M] () -- C:\Documents and Settings\Sedg\Local Settings\Application Data\IconCache.db
[2010/07/05 20:31:47 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Sedg\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/05 20:31:47 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/07/05 20:31:15 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Sedg\Desktop\utorrent.exe
[2010/07/05 19:37:29 | 000,001,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FINAL FANTASY XIV Beta Version.lnk
[2010/07/05 19:34:55 | 123,225,432 | ---- | M] (SQUARE ENIX CO., LTD.) -- C:\Documents and Settings\Sedg\Desktop\ffxivsetup(2).exe
[2010/07/05 19:20:12 | 000,001,048 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/05 19:20:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/05 19:20:12 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/07/05 18:02:01 | 000,567,624 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Sedg\Desktop\ChromeSetup.exe
[2010/07/05 16:13:04 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/05 15:39:24 | 010,341,832 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Sedg\Desktop\windows-kb890830-v3.8.exe
[2010/07/05 15:32:48 | 000,116,500 | ---- | M] () -- C:\Documents and Settings\Sedg\Desktop\bookmarks-2010-07-05.json
[2010/07/05 12:03:32 | 061,657,218 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/05 03:10:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Sedg\ntuser.ini
[2010/07/04 20:41:12 | 000,094,208 | ---- | M] () -- C:\Documents and Settings\Sedg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/01 13:24:33 | 000,000,587 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/07/01 12:26:06 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/30 22:51:54 | 000,001,056 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/06/30 22:51:54 | 000,000,088 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\0AE755E16E.sys
[2010/06/28 16:05:29 | 001,008,560 | ---- | M] () -- C:\Documents and Settings\Sedg\Desktop\AmazonMP3Installer-en_uk.exe
[2010/06/23 23:37:56 | 001,531,523 | ---- | M] () -- C:\Documents and Settings\Sedg\Desktop\765269o.gif
[2010/06/14 21:28:00 | 000,084,936 | ---- | M] () -- C:\Documents and Settings\Sedg\Desktop\wildthings2.jpg
[2010/06/14 21:04:10 | 000,000,219 | ---- | M] () -- C:\Documents and Settings\Sedg\Desktop\jobseeker site id.rtf
[2010/06/12 21:26:23 | 000,114,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 20:46:22 | 000,660,917 | ---- | M] () -- C:\Documents and Settings\Sedg\Desktop\paramore8hayleyjr0.gif
[2010/06/11 14:56:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/11 14:51:36 | 000,626,346 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/11 14:51:36 | 000,533,198 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/11 14:51:36 | 000,100,422 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/07 22:15:38 | 000,000,528 | ---- | M] () -- C:\WINDOWS\eReg.dat

========== Files Created - No Company Name ==========

[2010/07/06 02:04:02 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Sedg\Desktop\e73mxb44.exe
[2010/07/05 22:35:54 | 000,001,982 | ---- | C] () -- C:\Documents and Settings\Sedg\Desktop\HiJackThis.lnk
[2010/07/05 22:35:28 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Sedg\Desktop\HiJackThis.msi
[2010/07/05 20:31:47 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Sedg\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/05 20:31:47 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/07/05 19:37:29 | 000,001,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FINAL FANTASY XIV Beta Version.lnk
[2010/07/05 15:32:48 | 000,116,500 | ---- | C] () -- C:\Documents and Settings\Sedg\Desktop\bookmarks-2010-07-05.json
[2010/06/30 17:51:31 | 000,001,056 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/06/30 17:51:31 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0AE755E16E.sys
[2010/06/29 16:28:40 | 000,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/06/29 16:28:35 | 000,000,244 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/06/29 16:28:30 | 000,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\38c2adc5.job
[2010/06/28 16:05:28 | 001,008,560 | ---- | C] () -- C:\Documents and Settings\Sedg\Desktop\AmazonMP3Installer-en_uk.exe
[2010/06/23 23:37:56 | 001,531,523 | ---- | C] () -- C:\Documents and Settings\Sedg\Desktop\765269o.gif
[2010/06/18 17:42:02 | 000,015,947 | ---- | C] () -- C:\Documents and Settings\Sedg\hs_err_pid2884.log
[2010/06/14 21:28:00 | 000,084,936 | ---- | C] () -- C:\Documents and Settings\Sedg\Desktop\wildthings2.jpg
[2010/06/13 19:43:11 | 000,000,219 | ---- | C] () -- C:\Documents and Settings\Sedg\Desktop\jobseeker site id.rtf
[2010/06/11 20:46:21 | 000,660,917 | ---- | C] () -- C:\Documents and Settings\Sedg\Desktop\paramore8hayleyjr0.gif
[2010/06/07 22:15:38 | 000,000,528 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009/12/17 06:36:48 | 000,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2009/12/17 06:36:39 | 000,000,006 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2009/12/17 06:36:24 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2009/08/25 20:17:49 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/08/25 20:17:48 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/08/25 20:17:47 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/08/25 20:17:47 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/25 20:17:47 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/25 20:17:46 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/08/25 20:17:45 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/07/09 18:14:05 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/07/02 16:11:08 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/07/02 16:11:08 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2009/06/21 16:52:50 | 000,000,355 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2009/04/17 15:47:35 | 000,000,439 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/27 15:29:54 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/08/22 20:13:14 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/08/20 01:58:47 | 000,000,171 | ---- | C] () -- C:\WINDOWS\icecast2.ini
[2008/08/17 18:17:29 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/08/15 18:40:04 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/08/14 14:03:56 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008/08/13 10:01:12 | 000,000,540 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2008/08/12 19:37:19 | 000,000,532 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/08/12 12:12:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/08/12 12:08:55 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/08/12 12:08:55 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/08/12 12:08:55 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/08/12 12:08:55 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/08/12 12:08:55 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

========== LOP Check ==========

[2009/11/12 20:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2008/10/08 13:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/04/11 20:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2008/10/07 15:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2009/09/19 12:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/10/14 19:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2010/06/29 16:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/08/13 09:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/07/26 20:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Webyog
[2008/12/20 15:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/04/17 16:11:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/11/12 20:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\acccore
[2009/02/09 01:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Amazon
[2009/07/09 18:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Atari
[2009/08/07 16:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\avidemux
[2008/10/31 04:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Azureus
[2009/05/10 17:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Canneverbe_Limited
[2009/07/27 15:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
[2008/08/17 18:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\DAEMON Tools
[2009/10/15 22:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Damdai
[2010/06/03 17:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Doctor Who
[2009/07/16 18:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\fltk.org
[2009/09/03 20:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\GeoVid
[2009/07/09 18:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Leadertech
[2010/06/05 17:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\LimeWire
[2009/02/13 15:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\MPEG Streamclip
[2008/09/01 19:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Opera
[2009/09/03 10:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Red Kawa
[2009/11/15 18:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\runic games
[2009/11/07 02:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Sports Interactive
[2010/04/07 19:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Supercade
[2010/06/05 16:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\SystemRequirementsLab
[2010/06/05 20:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Turbine
[2010/07/05 22:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\uTorrent
[2008/08/21 12:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Viewpoint
[2010/07/06 02:16:21 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\Tasks\38c2adc5.job
[2010/07/05 16:13:04 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/07/06 02:20:00 | 000,000,244 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/07/06 02:16:20 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/07/06 02:15:29 | 000,125,645 | ---- | M] () -- C:\aaw7boot.log
[2008/08/12 11:48:07 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/05 19:20:12 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2008/08/12 11:48:07 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2008/08/12 11:48:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/08/12 11:48:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/08/25 20:00:55 | 000,010,240 | ---- | M] () -- C:\My_capture_Graph.grf
[2009/08/25 20:01:58 | 000,008,192 | ---- | M] () -- C:\My_Preview_Graph.grf
[2008/04/14 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 13:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/06 02:15:30 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008/08/12 20:31:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/09/10 23:10:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/09/10 23:18:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/10/25 00:40:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/11/08 19:26:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/02/04 20:59:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/02/07 23:17:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/02/08 15:48:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/02/08 16:16:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/02/08 17:20:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/02/08 19:39:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/08/12 20:31:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/09/10 23:10:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/09/10 23:18:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/10/25 00:40:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/11/08 19:26:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/02/04 20:59:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/02/07 23:17:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/02/08 15:48:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/02/08 16:16:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/02/08 17:20:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/02/08 19:39:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/08/12 12:40:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/08/12 12:40:46 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/08/12 12:40:46 | 000,921,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 13:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-06 00:48:38

========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >




OTL EXTRA Log:


OTL Extras logfile created on: 06/07/2010 02:37:26 - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Sedg\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 320.03 Gb Free Space | 68.71% Space Free | Partition Type: NTFS
Drive D: | 279.46 Gb Total Space | 257.11 Gb Free Space | 92.00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CRAIG
Current User Name: Sedg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Value error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.reg [@ = regfile] -- Reg Error: Value error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- Reg Error: Value error.
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [open] -- Reg Error: Value error.
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"6881:TCP" = 6881:TCP:*:Enabled:torrent1
"6882:TCP" = 6882:TCP:*:Enabled:torrent2
"6883:TCP" = 6883:TCP:*:Enabled:torrent3
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"60009:TCP" = 60009:TCP:*:Enabled:ggpo
"27886:TCP" = 27886:TCP:*:Enabled:3s
"27886:UDP" = 27886:UDP:*:Enabled:3s

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\World of Warcraft\WoW-1.12.0-enGB-downloader.exe" = D:\World of Warcraft\WoW-1.12.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"D:\World of Warcraft\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe" = D:\World of Warcraft\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Documents and Settings\Sedg\Desktop\WoW-BurningCrusade-enGB-Installer-downloader.exe" = C:\Documents and Settings\Sedg\Desktop\WoW-BurningCrusade-enGB-Installer-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\Common Files\aol\acs\AOLDial.exe" = C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialler -- (AOL LLC)
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe" = C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Services -- (AOL LLC)
"C:\Program Files\AOL 9.0 VR\waol.exe" = C:\Program Files\AOL 9.0 VR\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Program Files\Common Files\aol\1218615864\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1218615864\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (America Online, Inc.)
"D:\Warcraft III\Warcraft III.exe" = D:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Icecast2 Win32\Icecast2win.exe" = C:\Program Files\Icecast2 Win32\Icecast2win.exe:*:Enabled:Icecast2win -- File not found
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\DOCUME~1\Sedg\LOCALS~1\Temp\mW5Tgp\BOTBINARY.EXE" = C:\DOCUME~1\Sedg\LOCALS~1\Temp\mW5Tgp\BOTBINARY.EXE:*:Enabled:Control -- File not found
"C:\Program Files\Hamachi\hamachi.exe" = C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- File not found
"D:\Wrath of the Lich King Beta\WoW-3.0.1.8820-to-3.0.2.8885-enGB-downloader.exe" = D:\Wrath of the Lich King Beta\WoW-3.0.1.8820-to-3.0.2.8885-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"D:\World of Warcraft\BackgroundDownloader.exe" = D:\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Steam\steamapps\bladeshock\counter-strike source\hl2.exe" = C:\Program Files\Steam\steamapps\bladeshock\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Disabled:Azureus -- File not found
"C:\Documents and Settings\Sedg\Desktop\ps\New Folder\Database\bin\mysqld-nt.exe" = C:\Documents and Settings\Sedg\Desktop\ps\New Folder\Database\bin\mysqld-nt.exe:*:Disabled:mysqld-nt -- File not found
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver -- File not found
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Disabled:SopCast Main Application -- File not found
"C:\Documents and Settings\Sedg\Desktop\ps\New Folder\ascent-logonserver.exe" = C:\Documents and Settings\Sedg\Desktop\ps\New Folder\ascent-logonserver.exe:*:Disabled:ascent-logonserver -- File not found
"C:\Documents and Settings\Sedg\Desktop\ps\New Folder\ascent-world.exe" = C:\Documents and Settings\Sedg\Desktop\ps\New Folder\ascent-world.exe:*:Disabled:ascent-world -- File not found
"D:\World of Warcraft\Launcher.exe" = D:\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft -- (Blizzard Entertainment)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- File not found
"C:\Documents and Settings\Sedg\Local Settings\Temp\~os128.tmp\ossproxy.exe" = C:\Documents and Settings\Sedg\Local Settings\Temp\~os128.tmp\ossproxy.exe:*:Enabled:ossproxy.exe -- File not found
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Documents and Settings\Sedg\Desktop\utorrent.exe" = C:\Documents and Settings\Sedg\Desktop\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe" = C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Game -- (BioWare)
"C:\Program Files\Mass Effect 2\MassEffect2Launcher.exe" = C:\Program Files\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Launcher -- (BioWare)
"C:\Documents and Settings\Sedg\Local Settings\Apps\2.0\NBHVQXWE.B55\9QM7BTMN.32Q\supe..tion_d6c7c0f5010e61b8_0001.0000_542a4564840c1043\SupercadeClient.exe" = C:\Documents and Settings\Sedg\Local Settings\Apps\2.0\NBHVQXWE.B55\9QM7BTMN.32Q\supe..tion_d6c7c0f5010e61b8_0001.0000_542a4564840c1043\SupercadeClient.exe:*:Enabled:Supercade -- (Damdai)
"C:\Program Files\GGPO\ggpo.exe" = C:\Program Files\GGPO\ggpo.exe:*:Enabled:ggpo -- ()
"C:\Program Files\GGPO\ggpofba.exe" = C:\Program Files\GGPO\ggpofba.exe:*:Enabled:Emulator for MC68000/Z80 based arcade games -- (Team FB Alpha)
"C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe" = C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient -- (Turbine, Inc.)
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008 -- File not found
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Disabled:Football Manager 2009 -- File not found
"C:\Program Files\SquareEnix\FINAL FANTASY XIV Beta Version\ffxivboot.exe" = C:\Program Files\SquareEnix\FINAL FANTASY XIV Beta Version\ffxivboot.exe:*:Enabled:FINAL FANTASY XIV Beta Version BOOT -- (SQUARE ENIX CO., LTD.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E981E45-833E-44C4-AB75-3668AA77F8EC}" = Adobe Flash Media Live Encoder 3
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{68BD9036-0952-4849-AE7A-963BB53EDB71}" = GGPO
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77A1C7DD-E4F6-4057-92FC-710219215987}" = Logitech G11 Keyboard Software 1.03
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A001E33-CA55-4013-BFCE-5BDD056EF0BA}" = 3ds max 5.1
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C1BB613-F398-49B7-B346-5DEBA8ABBF38}" = FINAL FANTASY XIV Beta Version
"{9F73FDEF-DDC1-4307-9D96-13AB3254641A}_is1" = Doctor Who: The Adventure Games
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BCC5DC79-2275-4171-8CEA-39F0DD9ADF58}" = USB TV Device Driver
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6D5CFB3-7095-4073-B6B7-B7E909838C57}" = Razer Copperhead
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™: Siege of Mirkwood™ v03.01.00.802
"AC3Filter" = AC3Filter (remove only)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AIM_7" = AIM 7
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Apophysis 2.0" = Apophysis 2.0
"AVG8Uninstall" = AVG Free 8.5
"backburner 2.1" = backburner 2.1
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"ffdshow" = ffdshow (remove only)
"Football Manager 2009 Demo" = Football Manager 2009 Demo
"Football Manager 2010" = Football Manager 2010
"Fraps" = Fraps
"free-downloads.net Toolbar" = free-downloads.net Toolbar
"InstallShield_{BCC5DC79-2275-4171-8CEA-39F0DD9ADF58}" = USB TV Device Driver
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.0.5
"LMS" = C-Dilla Licence Management System
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MaNGOS 3.1.3 noobpack by 711" = MaNGOS 3.1.3 noobpack by 711
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPG Maker VX_is1" = RPG Maker VX
"Runic Games Torchlight" = Torchlight
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 17500" = Zombie Panic! Source
"Steam App 240" = Counter-Strike: Source
"SystemRequirementsLab" = System Requirements Lab
"TEW2005" = TEW2005
"Theme Park_is1" = Theme Park
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.17
"Videora iPod Converter" = Videora iPod Converter 4.08
"VidSplitter_is1" = VidSplitter
"ViewpointMediaPlayer" = Viewpoint Media Player
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Memories of Magic" = Memories of Magic
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/07/2010 14:55:11 | Computer Name = CRAIG | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 05/07/2010 14:55:11 | Computer Name = CRAIG | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 05/07/2010 14:55:11 | Computer Name = CRAIG | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 05/07/2010 14:55:11 | Computer Name = CRAIG | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 05/07/2010 14:55:12 | Computer Name = CRAIG | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 05/07/2010 14:55:12 | Computer Name = CRAIG | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 05/07/2010 14:55:12 | Computer Name = CRAIG | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 05/07/2010 14:55:12 | Computer Name = CRAIG | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 05/07/2010 14:55:13 | Computer Name = CRAIG | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 05/07/2010 14:55:13 | Computer Name = CRAIG | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 05/07/2010 20:40:56 | Computer Name = CRAIG | Source = Service Control Manager | ID = 7000
Description = The Apache2.2 service failed to start due to the following error:
%%3

Error - 05/07/2010 20:40:56 | Computer Name = CRAIG | Source = Service Control Manager | ID = 7000
Description = The DU Meter Service service failed to start due to the following
error: %%2

Error - 05/07/2010 20:40:56 | Computer Name = CRAIG | Source = Service Control Manager | ID = 7000
Description = The NMSAccessU service failed to start due to the following error:
%%2

Error - 05/07/2010 20:48:42 | Computer Name = CRAIG | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Internet Explorer 8 for Windows XP.

Error - 05/07/2010 21:11:53 | Computer Name = CRAIG | Source = Service Control Manager | ID = 7000
Description = The Apache2.2 service failed to start due to the following error:
%%3

Error - 05/07/2010 21:11:53 | Computer Name = CRAIG | Source = Service Control Manager | ID = 7000
Description = The DU Meter Service service failed to start due to the following
error: %%2

Error - 05/07/2010 21:11:53 | Computer Name = CRAIG | Source = Service Control Manager | ID = 7000
Description = The NMSAccessU service failed to start due to the following error:
%%2

Error - 05/07/2010 21:16:26 | Computer Name = CRAIG | Source = Service Control Manager | ID = 7000
Description = The Apache2.2 service failed to start due to the following error:
%%3

Error - 05/07/2010 21:16:26 | Computer Name = CRAIG | Source = Service Control Manager | ID = 7000
Description = The DU Meter Service service failed to start due to the following
error: %%2

Error - 05/07/2010 21:16:26 | Computer Name = CRAIG | Source = Service Control Manager | ID = 7000
Description = The NMSAccessU service failed to start due to the following error:
%%2


< End of report >
  • 0

Advertisements

#2
RKinner
Posted 06 July 2010 - 01:21 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 

:OTL
[2010/07/06 02:20:00 | 000,000,244 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/07/06 02:17:03 | 000,199,974 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/06 02:16:21 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\38c2adc5.job
[2010/07/06 02:16:20 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/07/06 02:04:03 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Sedg\Desktop\e73mxb44.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O4 - HKLM..\Run: [4oD] C:\Program Files\Kontiki\KHost.exe File not found
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe File not found
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.63,93.188.161.203
O20 - Winlogon\Notify\RelevantKnowledge: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

:Commands
[purity]
[emptytemp]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Post the log.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:

OTL Log x 2

Combofix log

Ron
  • 0

#3
Sedg
Posted 06 July 2010 - 02:41 AM

Sedg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
All processes killed
========== OTL ==========
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\WINDOWS\system32\nvapps.xml moved successfully.
C:\WINDOWS\tasks\38c2adc5.job moved successfully.
C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job moved successfully.
File C:\Documents and Settings\Sedg\Desktop\e73mxb44.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\4oD deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent DNA deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\kdx deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RelevantKnowledge\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Sedg
->Temp folder emptied: 480586396 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 5045 bytes
->FireFox cache emptied: 71994404 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1541 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 212004687 bytes

Total Files Cleaned = 729.00 mb


OTL by OldTimer - Version 3.2.7.1 log created on 07062010_085438

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Sedg\Local Settings\Temp\etilqs_1FyNLL9CibhbCCOLVEMh not found!

Registry entries deleted on Reboot...





OTL logfile created on: 06/07/2010 09:07:17 - Run 2
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Sedg\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 320.33 Gb Free Space | 68.78% Space Free | Partition Type: NTFS
Drive D: | 279.46 Gb Total Space | 257.11 Gb Free Space | 92.00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CRAIG
Current User Name: Sedg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/06 02:36:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sedg\Desktop\OTL.exe
PRC - [2010/03/31 17:02:08 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/19 15:03:36 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2010/03/01 17:13:31 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/08/22 10:53:39 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/22 10:53:39 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/22 10:53:37 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/22 10:53:33 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/22 10:53:31 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/07 16:30:37 | 000,071,008 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLDial.exe
PRC - [2006/11/14 15:01:21 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\aol\1218615864\ee\aolsoftware.exe
PRC - [2006/10/23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2005/10/08 16:27:48 | 000,155,648 | ---- | M] () -- C:\Program Files\Razer\Copperhead\razerhid.exe
PRC - [2005/07/22 15:02:46 | 000,159,744 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Copperhead\razerofa.exe
PRC - [2003/01/07 17:28:44 | 000,046,080 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE


========== Modules (SafeList) ==========

MOD - [2010/07/06 02:36:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sedg\Desktop\OTL.exe
MOD - [2008/04/14 13:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/11/30 15:50:22 | 000,010,288 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\WLHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - File not found [Auto | Stopped] -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\Sedg\Desktop\my wow server\repack\AC Web Ultimate Repack\Server\apache\bin\apache.exe -- (Apache2.2)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/01 17:13:31 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/08/22 10:53:33 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/22 10:53:31 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2003/01/07 17:28:44 | 000,046,080 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE -- (C-DillaSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva280.sys -- (XDva280)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\gwausb.sys -- (wanusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\PPPoEWin.SYS -- (PPPoEWin)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Sedg\Desktop\pb\pbfilter.sys -- (pbfilter)
DRV - File not found [Kernel | Disabled | Running] -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir)
DRV - File not found [Kernel | Disabled | Running] -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys -- (ehdrv)
DRV - File not found [File_System | Disabled | Running] -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon)
DRV - [2009/08/22 10:53:39 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/22 10:53:39 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/16 18:41:15 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/05/11 15:01:29 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/04/24 16:13:14 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/04/14 16:09:56 | 005,069,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/01/15 08:19:00 | 006,301,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/11/01 13:31:08 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/08/13 12:31:03 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/14 13:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2007/12/05 14:45:30 | 000,104,064 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/01/29 21:20:04 | 000,361,728 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/01/29 21:19:48 | 000,039,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/08/12 10:11:10 | 000,019,020 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Razerlow.sys -- (Razerlow)
DRV - [2004/07/09 04:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2003/01/10 22:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2003/01/07 17:28:44 | 000,058,160 | ---- | M] (Macrovision) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CDANT.SYS -- (C-Dilla)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...romesbox-en-us"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...en-GB:official"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..keyword.URL: "http://slirsredirect...b-en-us&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 12:08:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/05/14 16:06:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/16 18:46:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 17:02:14 | 000,000,000 | ---D | M]

[2009/04/08 17:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Mozilla\Extensions
[2009/04/08 17:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Mozilla\Extensions\[email protected]
[2010/07/06 03:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Mozilla\Firefox\Profiles\extensions
[2010/07/06 03:09:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sedg\Application Data\Mozilla\Firefox\Profiles\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/06 03:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Mozilla\Firefox\Profiles\extensions\staged-xpis
[2010/07/05 18:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Mozilla\Firefox\Profiles\cgjmpeyl.default\extensions
[2009/09/02 15:34:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sedg\Application Data\Mozilla\Firefox\Profiles\cgjmpeyl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/12 20:14:54 | 000,004,546 | ---- | M] () -- C:\Documents and Settings\Sedg\Application Data\Mozilla\Firefox\Profiles\cgjmpeyl.default\searchplugins\aim-search.xml
[2009/10/29 15:44:10 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Sedg\Application Data\Mozilla\Firefox\Profiles\cgjmpeyl.default\searchplugins\askcom.xml
[2008/08/17 18:27:02 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\Sedg\Application Data\Mozilla\Firefox\Profiles\cgjmpeyl.default\searchplugins\daemon-search.xml
[2010/07/05 18:01:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/02/09 20:17:19 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/02/09 20:17:19 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/02/09 20:17:19 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/02/09 20:17:19 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe File not found
O4 - HKCU..\Run: [AOL Dialer] C:\Program Files\Common Files\aol\acs\AOLDial.exe (AOL LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\Sedg\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\RelevantKnowledge: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Sedg\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sedg\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/12 11:48:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/06 09:05:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/07/06 09:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\Desktop\geeks logs
[2010/07/06 08:54:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/06 07:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\Local Settings\Application Data\ESET
[2010/07/06 07:31:56 | 000,532,480 | ---- | C] (Trend Micro Incorporated) -- C:\Documents and Settings\Sedg\Desktop\cwshredder.exe
[2010/07/06 02:36:04 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sedg\Desktop\OTL.exe
[2010/07/06 01:33:52 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sedg\Desktop\TFC.exe
[2010/07/05 22:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/05 22:19:06 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/07/05 19:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\SquareEnix
[2010/07/05 19:28:07 | 123,225,432 | ---- | C] (SQUARE ENIX CO., LTD.) -- C:\Documents and Settings\Sedg\Desktop\ffxivsetup(2).exe
[2010/07/05 19:16:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/06/30 18:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Memories of Magic
[2010/06/30 17:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Enterbrain
[2010/06/30 17:48:23 | 000,000,000 | ---D | C] -- C:\Program Files\Enterbrain
[2010/06/30 17:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\Desktop\rpgmaker
[2010/06/29 16:36:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\Desktop\gaming
[2010/06/29 16:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\Local Settings\Application Data\gctmp
[2010/06/29 16:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\Local Settings\Application Data\Xenocode
[2010/06/29 16:33:13 | 000,000,000 | ---D | C] -- C:\Program Files\Game Cam V2
[2010/06/13 18:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\Desktop\stuff
[2010/06/10 19:21:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\Desktop\supernatural
[2010/06/10 02:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\Desktop\women
[2010/06/07 22:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\My Documents\SimCity 4
[2010/06/07 22:15:33 | 000,000,000 | ---D | C] -- C:\Program Files\Maxis
[2010/06/07 22:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\Desktop\sim city 4
[2010/06/05 20:48:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\My Documents\The Lord of the Rings Online
[2010/06/05 20:48:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\Local Settings\Application Data\The Lord of the Rings Online
[2010/06/05 20:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\Application Data\Turbine
[2010/06/05 20:41:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\Local Settings\Application Data\Turbine
[2010/06/05 20:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\Turbine
[2010/06/05 15:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\Desktop\lotr
[2010/06/05 15:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/06/03 17:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\Application Data\Doctor Who
[2010/06/03 17:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\Local Settings\Application Data\Doctor Who
[2010/06/03 17:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\Doctor Who - The Adventure Games
[2010/05/30 00:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Apophysis 2.0
[2010/05/27 20:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/05/26 09:47:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010/05/18 01:00:10 | 000,086,016 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2010/05/18 01:00:03 | 000,000,000 | -H-D | C] -- C:\C_DILLA
[2010/05/18 00:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2010/05/18 00:57:43 | 000,000,000 | ---D | C] -- C:\3dsmax5
[2010/05/14 19:30:59 | 000,000,000 | ---D | C] -- C:\New Folder
[2010/05/12 00:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\Desktop\dr who
[2010/04/28 17:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/07 19:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sedg\Application Data\Supercade

========== Files - Modified Within 90 Days ==========

[2010/07/06 09:09:45 | 003,728,053 | ---- | M] () -- C:\Documents and Settings\Sedg\Desktop\george.exe.exe
[2010/07/06 09:03:38 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\Sedg\ntuser.dat
[2010/07/06 08:57:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/06 08:57:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/06 08:38:48 | 061,665,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/06 07:34:08 | 039,261,696 | ---- | M] () -- C:\Documents and Settings\Sedg\Desktop\eav_nt32_enu.msi
[2010/07/06 07:31:57 | 000,532,480 | ---- | M] (Trend Micro Incorporated) -- C:\Documents and Settings\Sedg\Desktop\cwshredder.exe
[2010/07/06 02:36:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sedg\Desktop\OTL.exe
[2010/07/06 01:33:58 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sedg\Desktop\TFC.exe
[2010/07/05 22:42:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/05 22:35:54 | 000,001,982 | ---- | M] () -- C:\Documents and Settings\Sedg\Desktop\HiJackThis.lnk
[2010/07/05 22:35:32 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Sedg\Desktop\HiJackThis.msi
[2010/07/05 21:53:08 | 003,170,682 | -H-- | M] () -- C:\Documents and Settings\Sedg\Local Settings\Application Data\IconCache.db
[2010/07/05 20:31:47 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Sedg\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/05 19:37:29 | 000,001,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FINAL FANTASY XIV Beta Version.lnk
[2010/07/05 19:34:55 | 123,225,432 | ---- | M] (SQUARE ENIX CO., LTD.) -- C:\Documents and Settings\Sedg\Desktop\ffxivsetup(2).exe
[2010/07/05 19:20:12 | 000,001,048 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/05 19:20:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/05 19:20:12 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/07/05 16:13:04 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/05 15:32:48 | 000,116,500 | ---- | M] () -- C:\Documents and Settings\Sedg\Desktop\bookmarks-2010-07-05.json
[2010/07/05 03:10:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Sedg\ntuser.ini
[2010/07/04 20:41:12 | 000,094,208 | ---- | M] () -- C:\Documents and Settings\Sedg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/01 12:26:06 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/30 22:51:54 | 000,001,056 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/06/30 22:51:54 | 000,000,088 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\0AE755E16E.sys
[2010/06/28 16:05:29 | 001,008,560 | ---- | M] () -- C:\Documents and Settings\Sedg\Desktop\AmazonMP3Installer-en_uk.exe
[2010/06/23 23:37:56 | 001,531,523 | ---- | M] () -- C:\Documents and Settings\Sedg\Desktop\765269o.gif
[2010/06/14 21:28:00 | 000,084,936 | ---- | M] () -- C:\Documents and Settings\Sedg\Desktop\wildthings2.jpg
[2010/06/14 21:04:10 | 000,000,219 | ---- | M] () -- C:\Documents and Settings\Sedg\Desktop\jobseeker site id.rtf
[2010/06/12 21:26:23 | 000,114,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 20:46:22 | 000,660,917 | ---- | M] () -- C:\Documents and Settings\Sedg\Desktop\paramore8hayleyjr0.gif
[2010/06/11 14:56:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/11 14:51:36 | 000,626,346 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/11 14:51:36 | 000,533,198 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/11 14:51:36 | 000,100,422 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/07 22:15:38 | 000,000,528 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2010/06/03 17:21:32 | 000,000,865 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Doctor Who - The Adventure Games.lnk
[2010/05/30 00:34:05 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Sedg\Desktop\Apophysis 2.02.lnk
[2010/04/08 09:47:52 | 000,038,340 | ---- | M] () -- C:\Documents and Settings\Sedg\Desktop\26987_1172061882087_1844220471_3113.jpg

========== Files Created - No Company Name ==========

[2010/07/06 09:09:36 | 003,728,053 | ---- | C] () -- C:\Documents and Settings\Sedg\Desktop\ComboFix.exe
[2010/07/06 07:32:11 | 039,261,696 | ---- | C] () -- C:\Documents and Settings\Sedg\Desktop\eav_nt32_enu.msi
[2010/07/05 22:35:54 | 000,001,982 | ---- | C] () -- C:\Documents and Settings\Sedg\Desktop\HiJackThis.lnk
[2010/07/05 22:35:28 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Sedg\Desktop\HiJackThis.msi
[2010/07/05 20:31:47 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Sedg\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/05 19:37:29 | 000,001,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FINAL FANTASY XIV Beta Version.lnk
[2010/07/05 15:32:48 | 000,116,500 | ---- | C] () -- C:\Documents and Settings\Sedg\Desktop\bookmarks-2010-07-05.json
[2010/06/30 17:51:31 | 000,001,056 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/06/30 17:51:31 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0AE755E16E.sys
[2010/06/28 16:05:28 | 001,008,560 | ---- | C] () -- C:\Documents and Settings\Sedg\Desktop\AmazonMP3Installer-en_uk.exe
[2010/06/23 23:37:56 | 001,531,523 | ---- | C] () -- C:\Documents and Settings\Sedg\Desktop\765269o.gif
[2010/06/18 17:42:02 | 000,015,947 | ---- | C] () -- C:\Documents and Settings\Sedg\hs_err_pid2884.log
[2010/06/14 21:28:00 | 000,084,936 | ---- | C] () -- C:\Documents and Settings\Sedg\Desktop\wildthings2.jpg
[2010/06/13 19:43:11 | 000,000,219 | ---- | C] () -- C:\Documents and Settings\Sedg\Desktop\jobseeker site id.rtf
[2010/06/11 20:46:21 | 000,660,917 | ---- | C] () -- C:\Documents and Settings\Sedg\Desktop\paramore8hayleyjr0.gif
[2010/06/07 22:15:38 | 000,000,528 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/06/03 17:21:32 | 000,000,865 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Doctor Who - The Adventure Games.lnk
[2010/05/30 00:34:05 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Sedg\Desktop\Apophysis 2.02.lnk
[2010/05/28 16:53:11 | 000,014,857 | ---- | C] () -- C:\Documents and Settings\Sedg\hs_err_pid1992.log
[2010/04/08 09:47:51 | 000,038,340 | ---- | C] () -- C:\Documents and Settings\Sedg\Desktop\26987_1172061882087_1844220471_3113.jpg
[2009/12/17 06:36:48 | 000,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2009/12/17 06:36:39 | 000,000,006 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2009/12/17 06:36:24 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2009/08/25 20:17:49 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/08/25 20:17:48 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/08/25 20:17:47 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/08/25 20:17:47 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/25 20:17:47 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/25 20:17:46 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/08/25 20:17:45 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/07/09 18:14:05 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/07/02 16:11:08 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/07/02 16:11:08 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2009/06/21 16:52:50 | 000,000,355 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2009/04/17 15:47:35 | 000,000,439 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/27 15:29:54 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/08/22 20:13:14 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/08/20 01:58:47 | 000,000,171 | ---- | C] () -- C:\WINDOWS\icecast2.ini
[2008/08/17 18:17:29 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/08/15 18:40:04 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/08/14 14:03:56 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008/08/13 10:01:12 | 000,000,540 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2008/08/12 19:37:19 | 000,000,532 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/08/12 12:12:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/08/12 12:08:55 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/08/12 12:08:55 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/08/12 12:08:55 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/08/12 12:08:55 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/08/12 12:08:55 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

========== LOP Check ==========

[2009/11/12 20:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2008/10/08 13:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/04/11 20:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2008/10/07 15:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2009/09/19 12:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/10/14 19:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2010/06/29 16:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/08/13 09:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/07/26 20:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Webyog
[2008/12/20 15:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/04/17 16:11:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/11/12 20:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\acccore
[2009/02/09 01:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Amazon
[2009/07/09 18:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Atari
[2009/08/07 16:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\avidemux
[2008/10/31 04:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Azureus
[2009/05/10 17:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Canneverbe_Limited
[2009/07/27 15:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
[2008/08/17 18:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\DAEMON Tools
[2009/10/15 22:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Damdai
[2010/06/03 17:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Doctor Who
[2009/07/16 18:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\fltk.org
[2009/09/03 20:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\GeoVid
[2009/07/09 18:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Leadertech
[2010/06/05 17:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\LimeWire
[2009/02/13 15:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\MPEG Streamclip
[2008/09/01 19:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Opera
[2009/09/03 10:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Red Kawa
[2009/11/15 18:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\runic games
[2009/11/07 02:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Sports Interactive
[2010/04/07 19:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Supercade
[2010/06/05 16:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\SystemRequirementsLab
[2010/06/05 20:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Turbine
[2010/07/05 22:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\uTorrent
[2008/08/21 12:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sedg\Application Data\Viewpoint
[2010/07/05 16:13:04 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >



ComboFix 10-07-05.02 - Sedg 06/07/2010 9:22.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.2844 [GMT 1:00]
Running from: c:\documents and settings\Sedg\Desktop\george.exe.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://oemsrv:8530
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NTNDIS


((((((((((((((((((((((((( Files Created from 2010-06-06 to 2010-07-06 )))))))))))))))))))))))))))))))
.

2010-07-06 07:54 . 2010-07-06 07:54 -------- d-----w- C:\_OTL
2010-07-06 06:41 . 2010-07-06 06:41 -------- d-----w- c:\documents and settings\Sedg\Local Settings\Application Data\ESET
2010-07-05 21:35 . 2010-07-05 21:35 -------- d-----w- c:\program files\Trend Micro
2010-07-05 21:19 . 2010-07-05 21:19 -------- d-----w- c:\program files\uTorrent
2010-07-05 18:36 . 2010-07-05 18:36 -------- d-----w- c:\program files\SquareEnix
2010-06-30 17:42 . 2010-06-30 17:42 -------- d-----w- c:\program files\Memories of Magic
2010-06-30 16:51 . 2010-06-30 16:51 -------- d-----w- c:\program files\Common Files\Enterbrain
2010-06-30 16:48 . 2010-06-30 16:48 -------- d-----w- c:\program files\Enterbrain
2010-06-29 15:33 . 2010-06-29 15:35 -------- d-----w- c:\documents and settings\Sedg\Local Settings\Application Data\gctmp
2010-06-29 15:33 . 2010-06-29 15:33 -------- d-----w- c:\documents and settings\Sedg\Local Settings\Application Data\Xenocode
2010-06-29 15:33 . 2010-06-29 15:40 -------- d-----w- c:\program files\Game Cam V2
2010-06-07 21:15 . 2010-06-07 21:15 528 ----a-w- c:\windows\eReg.dat
2010-06-07 21:15 . 2010-06-07 21:15 -------- d-----w- c:\program files\Maxis

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 06:40 . 2009-08-27 15:02 -------- d-----w- c:\program files\Project64 1.6
2010-07-05 21:18 . 2008-08-12 11:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-05 21:17 . 2010-01-27 19:57 -------- d-----w- c:\documents and settings\Sedg\Application Data\uTorrent
2010-07-05 20:26 . 2010-07-05 20:40 183102 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2010-07-05 11:02 . 2008-10-16 22:58 -------- d-----w- c:\program files\Steam
2010-06-30 21:51 . 2010-06-30 16:51 88 --sh--r- c:\documents and settings\All Users\Application Data\0AE755E16E.sys
2010-06-30 21:51 . 2010-06-30 16:51 1056 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-06-29 15:41 . 2008-08-26 15:05 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-25 07:27 . 2010-01-27 19:47 -------- d-----w- c:\program files\PeerGuardian2
2010-06-25 07:27 . 2008-09-15 12:27 -------- d-----w- c:\program files\LimeWire
2010-06-25 07:19 . 2009-02-13 00:31 -------- d-----w- c:\program files\DScaler
2010-06-06 12:59 . 2008-11-10 15:50 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-05 19:42 . 2010-06-05 19:42 -------- d-----w- c:\documents and settings\Sedg\Application Data\Turbine
2010-06-05 19:08 . 2010-06-05 19:08 -------- d-----w- c:\program files\Turbine
2010-06-05 16:45 . 2008-09-15 12:30 -------- d-----w- c:\documents and settings\Sedg\Application Data\LimeWire
2010-06-05 15:09 . 2008-11-12 07:57 -------- d-----w- c:\program files\SystemRequirementsLab
2010-06-05 15:08 . 2008-11-12 07:57 -------- d-----w- c:\documents and settings\Sedg\Application Data\SystemRequirementsLab
2010-06-05 14:17 . 2010-06-05 14:17 -------- d-----w- c:\program files\Pando Networks
2010-06-03 16:23 . 2010-06-03 16:23 -------- d-----w- c:\documents and settings\Sedg\Application Data\Doctor Who
2010-06-03 16:21 . 2010-06-03 16:19 -------- d-----w- c:\program files\Doctor Who - The Adventure Games
2010-05-30 17:16 . 2010-05-29 23:33 -------- d-----w- c:\program files\Apophysis 2.0
2010-05-27 19:41 . 2010-05-27 19:41 -------- d-----w- c:\program files\Microsoft.NET
2010-05-26 08:47 . 2010-05-26 08:47 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-05-17 23:59 . 2010-05-17 23:59 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-05-02 05:22 . 2008-08-12 18:37 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2008-08-12 18:37 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2008-08-12 18:37 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2008-08-12 18:37 81920 ----a-w- c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2010-06-29 2515552]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2010-06-29 16:21 2515552 ----a-w- c:\program files\free-downloads.net\tbfre0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2010-06-29 2515552]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2010-06-29 2515552]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Dialer"="c:\program files\Common Files\AOL\ACS\AOlDial.exe" [2007-12-07 71008]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-10-08 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-10 17879552]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Sedg\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-22 09:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Sedg^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\documents and settings\Sedg\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Sedg^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\documents and settings\Sedg\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Sedg^Start Menu^Programs^Startup^RollerCoaster Tycoon 3_ Wild Registration.lnk]
path=c:\documents and settings\Sedg\Start Menu\Programs\Startup\RollerCoaster Tycoon 3_ Wild Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3_ Wild Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-01 16:13 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 13:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 04:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-07 09:48 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\aol\\1218615864\\ee\\aolsoftware.exe"=
"d:\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Steam\\steamapps\\bladeshock\\counter-strike source\\hl2.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"d:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Documents and Settings\\Sedg\\Local Settings\\Apps\\2.0\\NBHVQXWE.B55\\9QM7BTMN.32Q\\supe..tion_d6c7c0f5010e61b8_0001.0000_542a4564840c1043\\SupercadeClient.exe"=
"c:\\Program Files\\GGPO\\ggpo.exe"=
"c:\\Program Files\\GGPO\\ggpofba.exe"=
"c:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\SquareEnix\\FINAL FANTASY XIV Beta Version\\ffxivboot.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP"= 6881:TCP:torrent1
"6882:TCP"= 6882:TCP:torrent2
"6883:TCP"= 6883:TCP:torrent3
"60009:TCP"= 60009:TCP:ggpo
"27886:TCP"= 27886:TCP:3s
"27886:UDP"= 27886:UDP:3s

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [17/04/2009 16:13 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [26/10/2008 16:26 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [26/10/2008 16:26 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [26/10/2008 16:26 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [26/10/2008 16:26 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 20:06 1029456]
S2 Apache2.2;Apache2.2;"c:\documents and settings\Sedg\Desktop\my wow server\repack\AC Web Ultimate Repack\Server\apache\bin\apache.exe" -k runservice --> c:\documents and settings\Sedg\Desktop\my wow server\repack\AC Web Ultimate Repack\Server\apache\bin\apache.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService --> c:\program files\DU Meter\DUMeterSvc.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [04/05/2009 17:02 1684736]
S3 pbfilter;pbfilter;\??\c:\documents and settings\Sedg\Desktop\pb\pbfilter.sys --> c:\documents and settings\Sedg\Desktop\pb\pbfilter.sys [?]
S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [12/08/2008 17:35 19020]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S3 XDva280;XDva280;\??\c:\windows\system32\XDva280.sys --> c:\windows\system32\XDva280.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/08/2008 18:17 721904]
.
Contents of the 'Scheduled Tasks' folder

2010-07-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 16:14]

2010-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
FF - ProfilePath - c:\documents and settings\Sedg\Application Data\Mozilla\Firefox\Profiles\cgjmpeyl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-TkBellExe - c:\program files\K-Lite Codec Pack\Real\Update_OB\realsched.exe
Notify-RelevantKnowledge - (no file)
MSConfigStartUp-bnhwxwlf - c:\documents and settings\Sedg\Local Settings\Application Data\ncwsoq\tfbosysguard.exe
MSConfigStartUp-DU Meter - c:\program files\DU Meter\DUMeter.exe
MSConfigStartUp-WAB - c:\documents and settings\Sedg\Application Data\Macromedia\Common\e13000ea19.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-Football Manager 2009 Demo - c:\program files\Sports Interactive\Football Manager 2009 Demo\Uninstall_Football Manager 2009 Demo\Uninstall Football Manager 2009 Demo.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-06 09:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1366484870-1399300304-3539019154-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3896)
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\DRIVERS\CDANTSRV.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\AOL\1218615864\ee\aolsoftware.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
.
**************************************************************************
.
Completion time: 2010-07-06 09:36:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-06 08:36

Pre-Run: 343,872,991,232 bytes free
Post-Run: 343,771,054,080 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 4C3660E9E19B7C273F65FA6877CC811A




Ron: I can now view the websites which were being affected.
  • 0

#4
RKinner
Posted 06 July 2010 - 09:07 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Copy the text in the code box by highlighting and Ctrl + c 

:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - File not found [Auto | Stopped] -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\Sedg\Desktop\my wow server\repack\AC Web Ultimate Repack\Server\apache\bin\apache.exe -- (Apache2.2)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva280.sys -- (XDva280)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\gwausb.sys -- (wanusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\PPPoEWin.SYS -- (PPPoEWin)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Sedg\Desktop\pb\pbfilter.sys -- (pbfilter)
DRV - File not found [Kernel | Disabled | Running] -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir)
DRV - File not found [Kernel | Disabled | Running] -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys -- (ehdrv)
DRV - File not found [File_System | Disabled | Running] -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon)
IE - HKCU\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O20 - Winlogon\Notify\RelevantKnowledge: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

:Commands
[purity]
[emptytemp]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

DirLook::
C:\Program Files\Common
%user%\library

File::


RenV::

Driver::
DUMeterSvc
pbfilter
XDva280


Folder::
c:\program files\DU Meter
c:\program files\free-downloads.net
C:\Documents and Settings\All Users\Application Data\Kontiki


RootKit::
c:\program files\DU Meter\DUMeterSvc.exe
c:\windows\system32\XDva280.sys

RegLock::
[HKEY_USERS\S-1-5-21-1366484870-1399300304-3539019154-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"=-
[-HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"=-

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.


  • Go to this page and Download TDSSKiller.zip to your Desktop.
  • Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
  • Vista Start logo >All Programs> Accessories> RIGHT-click on Command Prompt and Select Run As Administrator. Copy/paste the following bolded command and hit Enter.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If TDSSKiller alerts you that the system needs to reboot, please consent.
  • When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Ron

Edited by RKinner, 06 July 2010 - 09:08 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP