Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browser redirects, trojan alerts from Avast [Solved]


  • This topic is locked This topic is locked

#1
Cheap-o

Cheap-o

    Member

  • Member
  • PipPip
  • 33 posts
The infection regenerates it's files and creates constant trojan warnings from avast, even after a startup scan and fixes from Avast, it remains active. I tried running GMER 3 separate times (with restarts between) and it froze my computer outright every time, forcing me to shut off the computer with the power button. I tried letting it sit for a good 15 minutes thinking it might just be eating a lot of resources during the scan, and that did nothing. It automatically began the scan when I ran it, wouldn't let me cancel, or adjust any settings, so that may be part of the problem. Here are my logs from MBAM and OTL:

Every time I tried to post the topic with all 3 logs in it, or even just the ones from OTL, I got an error, so I have attached them to this post.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4300

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/07/2010 5:07:55 PM
mbam-log-2010-07-10 (17-07-55).txt

Scan type: Quick scan
Objects scanned: 137248
Time elapsed: 6 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 16
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\kbduql.dll (Trojan.Agent.Gen) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15651c7c-e812-44a2-a9ac-b467a2233e7d} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{622cc208-b014-4fe0-801b-874a5e5e403a} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63f7460b-c831-4142-a4aa-5ec303ec4343} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000250-0320-4dd4-be4f-7566d2314352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{13197ace-6851-45c3-a7ff-c281324d5489} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e1075f4-eec4-4a86-add7-cd5f52858c31} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5dafd089-24b1-4c5e-bd42-8ca72550717b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5fa6752a-c4a0-4222-88c2-928ae5ab4966} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8674aea0-9d3d-11d9-99dc-00600f9a01f1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{965a592f-8efa-4250-8630-7960230792f1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9c5b2f29-1f46-4639-a6b4-828942301d3e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cf021f40-3e14-23a5-cba2-717765728274} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fc3a74e5-f281-4f10-ae1e-733078684f3c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ffff0001-0002-101a-a3c9-08002b2f49fb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\idopogo (Trojan.Agent.Gen) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\kbduql.dll (Trojan.Agent.Gen) -> Delete on reboot.

Thank you!



OTL logfile created on: 10/07/2010 6:05:31 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Bradley\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 85.80 Gb Free Space | 36.84% Space Free | Partition Type: NTFS
Drive D: | 625.15 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1397.26 Gb Total Space | 318.45 Gb Free Space | 22.79% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 1397.26 Gb Total Space | 788.05 Gb Free Space | 56.40% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 578.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BRAD
Current User Name: Bradley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/10 17:34:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bradley\Desktop\OTL.exe
PRC - [2010/07/02 00:26:55 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/02 00:26:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/24 08:41:38 | 000,092,008 | ---- | M] (TomTom) -- E:\Nicole\TV shows\Ghost Whisperer\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/06/24 08:41:34 | 000,247,144 | ---- | M] (TomTom) -- E:\Nicole\TV shows\Ghost Whisperer\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/26 17:50:28 | 000,087,384 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Bradley\Application Data\mjusbsp\st00000\mjsetup.exe
PRC - [2010/02/26 17:46:32 | 012,526,424 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Bradley\Application Data\mjusbsp\magicJack.exe
PRC - [2009/11/24 17:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 17:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 17:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 17:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 17:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/11/13 05:26:49 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/04/23 06:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 06:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/04/02 13:47:04 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2009/04/02 13:47:02 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/08/14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 17:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/22 12:28:40 | 001,310,720 | ---- | M] () -- C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe
PRC - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2006/11/09 16:37:26 | 001,056,768 | ---- | M] (Systerac) -- C:\Program Files\Systerac XP Tools 4\memoryo.exe
PRC - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe
PRC - [2004/08/22 17:05:02 | 000,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe


========== Modules (SafeList) ==========

MOD - [2010/07/10 17:34:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bradley\Desktop\OTL.exe
MOD - [2009/11/24 17:50:32 | 000,139,264 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll
MOD - [2008/07/26 08:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll
MOD - [1999/03/29 07:34:06 | 000,110,595 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Msscript1.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/24 08:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- E:\Nicole\TV shows\Ghost Whisperer\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/24 17:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 17:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 17:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 17:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/04/02 13:47:04 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 13:47:02 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/01/22 12:28:40 | 001,310,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe -- (57xx SteelVine Manager)
SRV - [2007/05/30 06:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [Disabled | Stopped] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)
SRV - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2005/10/06 19:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/11 01:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/11/24 17:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 17:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 17:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 17:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 17:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 17:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/07/17 01:59:02 | 000,138,520 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/07/26 09:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 09:25:46 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 09:22:32 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/26 09:22:20 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 12:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 12:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/06 21:40:20 | 000,169,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2007/05/30 06:10:42 | 000,011,000 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver)
DRV - [2007/05/30 06:10:42 | 000,010,872 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)
DRV - [2006/05/05 12:53:43 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINDOWS\system32\STEC3.sys -- (STEC3)
DRV - [2005/11/01 21:02:54 | 000,166,400 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinevxx.sys -- (atinevxx)
DRV - [2005/11/01 21:01:50 | 000,015,360 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2005/09/19 09:41:00 | 000,241,280 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/06/08 02:22:20 | 003,160,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2005/03/09 00:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/07 18:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004/08/04 06:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/05 03:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/11/08 18:56:28 | 000,238,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpp106.sys -- (SNPP106) PC Camera (6029 CIF)
DRV - [2001/08/17 08:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.21.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.5
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.1

FF - HKLM\software\mozilla\Firefox\extensions\\{92228C97-ABD6-43C5-96DC-2BADB4590D00}: C:\Documents and Settings\Bradley\Local Settings\Application Data\{92228C97-ABD6-43C5-96DC-2BADB4590D00} [2010/06/22 23:48:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/02 00:26:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/02 21:17:41 | 000,000,000 | ---D | M]

[2010/07/01 15:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Extensions
[2010/07/01 15:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Extensions\[email protected]
[2010/01/06 17:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Firefox\Profiles\7200ieve.default\extensions
[2008/04/27 19:44:02 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Firefox\Profiles\7200ieve.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2)
[2009/07/17 01:09:07 | 000,000,000 | ---D | M] (IE View) -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Firefox\Profiles\7200ieve.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2009/07/17 01:09:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Firefox\Profiles\7200ieve.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008/04/27 19:44:02 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Firefox\Profiles\7200ieve.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(2)
[2010/01/06 17:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Firefox\Profiles\7200ieve.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/07/17 01:09:08 | 000,000,000 | ---D | M] (Text-to-Image) -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Firefox\Profiles\7200ieve.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
[2009/07/17 00:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Firefox\Profiles\7200ieve.default\extensions\[email protected]
[2008/04/12 13:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Firefox\Profiles\7200ieve.default\extensions\[email protected]
[2007/09/19 03:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Firefox\Profiles\7200ieve.default\extensions\[email protected]
[2010/07/08 19:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Firefox\Profiles\wrjbr3mn.Brad\extensions
[2009/09/27 22:58:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Firefox\Profiles\wrjbr3mn.Brad\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/02 13:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Firefox\Profiles\wrjbr3mn.Brad\extensions\[email protected]
[2010/07/08 19:46:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/16 14:32:51 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/23 18:50:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/08/16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2008/08/16 17:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2008/08/16 17:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2008/05/21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2008/05/21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2008/05/21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/08/16 17:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2007/07/02 15:20:46 | 000,069,632 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2009/05/07 02:24:18 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
[2008/08/16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2009/08/10 03:28:06 | 000,000,748 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 174.123.245.98
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [laim] C:\Program Files\AIM Lite\aimlite.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Memory Optimizer] C:\Program Files\Systerac XP Tools 4\memoryo.exe (Systerac)
O4 - HKLM..\Run: [Obohigusu] C:\WINDOWS\ufeyidad.DLL File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Bradley\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [TomTomHOME.exe] E:\Nicole\TV shows\Ghost Whisperer\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to autostartgui.bat.lnk = F:\RECYCLER\HatH\autostartgui.bat File not found
O4 - Startup: C:\Documents and Settings\Bradley\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Bradley\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...er_4.0.21.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Bradley\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bradley\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/01 11:39:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/07/03 16:32:17 | 000,427,008 | R--- | M] () - J:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/07/03 16:32:18 | 000,000,178 | R--- | M] () - J:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - F:\FLASHA~1\FLASHC~1\iac25_32.ax File not found
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (61375155674284032)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/10 17:34:31 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bradley\Desktop\OTL.exe
[2010/07/10 16:13:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/10 16:13:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/10 16:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/10 16:11:58 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/10 15:34:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/10 15:33:18 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bradley\Desktop\mbam-setup.exe
[2010/07/10 15:30:45 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Bradley\Desktop\erunt_setup.exe
[2010/07/10 15:29:50 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bradley\Desktop\TFC.exe
[2010/07/05 19:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2010/07/05 04:34:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/02 21:17:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/07/01 15:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bradley\My Documents\TomTom
[2010/07/01 15:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bradley\Local Settings\Application Data\TomTom
[2010/07/01 15:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bradley\Application Data\TomTom
[2010/07/01 15:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2010/06/25 19:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\DCoder Image Source
[2010/06/25 19:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\FFMPEG Core Files
[2010/06/25 19:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\SHOUTcast Source
[2010/06/25 19:38:15 | 000,000,000 | ---D | C] -- C:\Program Files\MONOGRAM AMR SplitterDecoder
[2010/06/25 19:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\CD Audio Reader Filter
[2010/06/25 19:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource AVI Splitter
[2010/06/25 19:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest MPEG Splitter
[2010/06/25 19:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource DTSAC3DD+ Source Filter
[2010/06/25 19:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\RealMedia
[2010/06/25 19:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\DScaler5
[2010/06/25 19:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter
[2010/06/25 19:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource Flash Video Splitter
[2010/06/25 19:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\DirectVobSub
[2010/06/25 19:37:32 | 000,000,000 | ---D | C] -- C:\Program Files\Haali
[2010/06/25 19:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bass Audio Decoder
[2010/06/25 19:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\Zoom Player
[2010/06/24 00:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bradley\Desktop\_Crack_
[2010/06/24 00:16:18 | 000,000,000 | ---D | C] -- C:\NeverwinterNights
[2010/06/23 22:55:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bradley\Recent
[2010/06/23 22:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/06/23 20:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bradley\Application Data\InstallShield Installation Information
[2010/06/23 18:59:52 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2010/06/23 18:59:52 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2010/06/23 18:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\D-Tools
[2010/06/23 12:39:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bradley\My Documents\New Folder
[2010/06/23 01:13:36 | 000,808,944 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Bradley\Desktop\sptd2.sys
[2010/06/23 00:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/23 00:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/06/23 00:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bradley\Local Settings\Application Data\ppdbvrdlf
[2010/06/23 00:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/22 23:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/06/21 20:29:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/21 20:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bradley\Local Settings\Application Data\tjnet
[2010/06/19 20:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/06/19 19:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/19 18:52:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bradley\Local Settings\Application Data\{92228C97-ABD6-43C5-96DC-2BADB4590D00}
[2010/06/14 20:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bradley\Application Data\mjusbsp
[2010/06/05 18:29:52 | 000,000,000 | ---D | C] -- C:\Program Files\iLike
[2010/06/02 15:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\mkv2vob
[2010/06/02 15:05:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010/06/01 01:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bradley\Desktop\ORGANIZE
[2010/05/20 17:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/20 17:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/20 17:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/16 14:36:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bradley\Application Data\skypePM
[2010/05/16 14:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bradley\Application Data\Skype
[2010/05/16 14:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/05/16 14:32:35 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/05/16 14:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/04/26 11:38:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bradley\Application Data\Amazon
[2010/04/26 11:38:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bradley\My Documents\My Kindle Content
[2010/04/26 11:38:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bradley\Local Settings\Application Data\Amazon
[2010/04/26 11:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2010/04/22 16:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\GURPS
[2010/04/16 01:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bradley\My Documents\‚u‚‚Ž‚‚„‚‰‚“

========== Files - Modified Within 90 Days ==========

[2010/07/10 18:01:18 | 000,001,006 | ---- | M] () -- C:\Documents and Settings\Bradley\Desktop\magicJack.lnk
[2010/07/10 17:58:59 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/10 17:58:57 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/10 17:57:23 | 000,039,936 | ---- | M] () -- C:\WINDOWS\System32\SV_SQL3_Events.db
[2010/07/10 17:57:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/10 17:56:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/10 17:34:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bradley\Desktop\OTL.exe
[2010/07/10 17:18:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/10 17:08:35 | 013,631,488 | ---- | M] () -- C:\Documents and Settings\Bradley\ntuser.dat
[2010/07/10 17:08:35 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Bradley\ntuser.ini
[2010/07/10 16:13:34 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/10 16:11:59 | 000,000,621 | ---- | M] () -- C:\Documents and Settings\Bradley\Desktop\NTREGOPT.lnk
[2010/07/10 16:11:59 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Bradley\Desktop\ERUNT.lnk
[2010/07/10 15:59:54 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/10 15:59:39 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Bradley\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/10 15:33:27 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bradley\Desktop\mbam-setup.exe
[2010/07/10 15:31:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Hzenaxiti.dat
[2010/07/10 15:30:46 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Bradley\Desktop\erunt_setup.exe
[2010/07/10 15:29:51 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bradley\Desktop\TFC.exe
[2010/07/09 08:53:15 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/08 19:35:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ibicifi.bin
[2010/07/08 15:45:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/01 09:36:36 | 000,000,038 | ---- | M] () -- C:\WINDOWS\osAviSplitter.INI
[2010/06/24 00:22:30 | 000,001,488 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Neverwinter Nights.lnk
[2010/06/23 20:13:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\PowerReg.dat
[2010/06/23 18:59:51 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools.lnk
[2010/06/23 01:27:22 | 000,808,944 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Bradley\Desktop\sptd2.sys
[2010/06/23 00:09:55 | 000,182,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/22 23:41:10 | 002,734,730 | -H-- | M] () -- C:\Documents and Settings\Bradley\Local Settings\Application Data\IconCache.db
[2010/06/12 17:28:56 | 000,545,876 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/12 17:28:56 | 000,472,234 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/12 17:28:56 | 000,084,236 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/02 15:48:08 | 000,001,715 | ---- | M] () -- C:\Documents and Settings\Bradley\Desktop\mkv2vob.lnk
[2010/05/16 20:55:23 | 000,035,872 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/16 14:36:06 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/25 15:03:31 | 000,000,071 | ---- | M] () -- C:\WINDOWS\Pex.INI

========== Files Created - No Company Name ==========

[2010/07/10 17:32:28 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Bradley\Desktop\gmer.exe
[2010/07/10 16:13:34 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/10 16:11:59 | 000,000,621 | ---- | C] () -- C:\Documents and Settings\Bradley\Desktop\NTREGOPT.lnk
[2010/07/10 16:11:59 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Bradley\Desktop\ERUNT.lnk
[2010/06/27 12:00:01 | 000,000,038 | ---- | C] () -- C:\WINDOWS\osAviSplitter.INI
[2010/06/25 19:37:44 | 000,497,664 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.acm
[2010/06/24 00:22:30 | 000,001,488 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Neverwinter Nights.lnk
[2010/06/23 20:13:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/06/23 18:59:51 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools.lnk
[2010/06/22 00:52:34 | 013,631,488 | ---- | C] () -- C:\Documents and Settings\Bradley\ntuser.dat
[2010/06/19 18:53:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ibicifi.bin
[2010/06/19 18:53:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hzenaxiti.dat
[2010/06/14 20:10:13 | 000,001,006 | ---- | C] () -- C:\Documents and Settings\Bradley\Desktop\magicJack.lnk
[2010/06/02 15:48:08 | 000,001,715 | ---- | C] () -- C:\Documents and Settings\Bradley\Desktop\mkv2vob.lnk
[2010/05/16 20:55:23 | 000,035,872 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/16 14:36:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/02/07 17:40:28 | 000,000,249 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010/02/07 17:39:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxblvs.dll
[2010/02/07 17:39:47 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBLLCNP.DLL
[2009/10/08 03:29:58 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/07/17 01:40:07 | 000,138,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/04/23 18:49:14 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2009/04/23 18:49:14 | 000,000,543 | ---- | C] () -- C:\WINDOWS\SWISV3.INI
[2009/04/23 18:49:13 | 000,000,287 | ---- | C] () -- C:\WINDOWS\SKNIFE.INI
[2009/04/23 18:48:56 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2009/02/25 04:28:39 | 000,000,070 | ---- | C] () -- C:\WINDOWS\SCOOP.INI
[2009/02/08 16:36:39 | 000,000,228 | ---- | C] () -- C:\WINDOWS\ACTIVEJP.INI
[2008/09/16 18:08:33 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/07/08 18:53:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2008/04/01 18:20:59 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2008/04/01 17:44:30 | 001,544,542 | ---- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2008/03/30 05:07:25 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2008/02/07 21:38:41 | 000,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll
[2008/02/07 21:38:41 | 000,685,056 | ---- | C] () -- C:\WINDOWS\System32\RGSS103J.dll
[2008/02/07 21:38:40 | 000,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll
[2008/02/07 21:38:40 | 000,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll
[2008/01/15 00:31:13 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2007/10/27 12:30:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/10/12 02:11:58 | 000,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/09/29 12:02:38 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2007/09/27 07:13:44 | 000,000,212 | ---- | C] () -- C:\WINDOWS\iTunesQLoudEx.INI
[2007/04/08 15:47:41 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPSONCD.INI
[2007/04/08 12:35:45 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/04/08 12:34:55 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/04/08 12:34:44 | 000,000,083 | ---- | C] () -- C:\WINDOWS\EPSPR260.ini
[2007/03/09 01:12:32 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/03/06 03:14:48 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/03/06 03:14:48 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/12/20 01:41:09 | 000,000,340 | ---- | C] () -- C:\WINDOWS\scanreg.ini
[2006/12/19 15:19:39 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\wsxttime.sys
[2006/12/19 13:31:46 | 000,000,106 | ---- | C] () -- C:\WINDOWS\Wininit.INI
[2006/03/05 20:14:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2006/03/05 16:21:15 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2006/03/05 16:21:15 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2006/03/05 16:21:15 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2006/03/05 16:21:14 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2006/03/05 15:18:21 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AVIConverter.INI
[2006/02/15 20:53:48 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2006/02/15 20:49:44 | 000,000,229 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2006/01/31 21:14:11 | 000,015,494 | ---- | C] () -- C:\WINDOWS\snpp106.ini
[2006/01/31 21:14:10 | 000,238,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpp106.sys
[2006/01/31 21:14:10 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dsnpp106.dll
[2006/01/31 21:14:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\vsnpp106.dll
[2006/01/05 17:19:49 | 000,000,050 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2006/01/05 01:59:08 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/12/27 00:55:28 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/12/27 00:55:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/12/26 07:53:07 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/12/19 15:23:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/01 11:47:06 | 000,000,804 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
[2004/12/20 12:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 12:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/08/22 17:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2003/04/11 02:52:30 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\mshas.dll

========== LOP Check ==========

[2009/08/29 14:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/12/17 21:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CCP
[2009/06/06 20:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2007/04/08 12:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/10/21 23:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2008/03/29 07:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/09/10 00:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IJJIGame
[2009/05/07 02:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/07/02 13:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/02/15 20:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/06/23 00:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/06/09 14:59:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
[2010/05/20 17:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/01 15:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/31 00:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/01/05 02:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\acccore
[2008/01/05 15:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\Aim
[2010/04/26 11:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\Amazon
[2008/05/29 15:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\Atari
[2010/07/10 15:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\Azureus
[2009/10/20 00:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\BSW
[2010/07/10 17:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\DNA
[2009/04/02 18:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\EVEMon
[2008/03/29 07:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\Grisoft
[2006/06/27 18:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\gunz-mrb
[2009/08/31 19:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\ICAClient
[2007/09/10 22:26:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Bradley\Application Data\ijjigame
[2007/11/27 20:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\iLike
[2008/06/06 23:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\IMVU
[2005/12/19 13:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\InterTrust
[2010/07/05 19:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\LAIM
[2005/12/25 23:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\Leadertech
[2006/02/17 22:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\LucasArts
[2010/07/10 18:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\mjusbsp
[2005/12/27 14:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\OLYMPUS
[2009/06/05 05:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\OpenOffice.org
[2006/02/17 23:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\Petroglyph
[2008/10/03 20:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\SPORE
[2010/07/01 15:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\TomTom
[2006/02/15 20:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\Ulead Systems

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/04/12 02:59:22 | 000,006,974 | ---- | M] () -- C:\Abeno.html
[2006/09/21 10:02:46 | 001,116,109 | ---- | M] () -- C:\Apr2006_d3dx9_30_x86.cab
[2005/12/01 11:39:43 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/03/05 16:23:43 | 000,012,485 | ---- | M] () -- C:\avi_log.txt
[2008/04/28 01:29:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2005/12/01 11:39:43 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/22 18:08:31 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
[2008/05/23 02:12:54 | 000,000,895 | ---- | M] () -- C:\d gray man op 4.txt
[2006/08/29 15:05:21 | 000,001,143 | ---- | M] () -- C:\deltaStartup.log
[2006/09/21 10:02:46 | 000,074,520 | ---- | M] (Microsoft Corporation) -- C:\DSETUP.dll
[2006/09/21 10:02:46 | 002,248,984 | ---- | M] (Microsoft Corporation) -- C:\dsetup32.dll
[2006/09/21 10:02:46 | 000,041,995 | ---- | M] () -- C:\dxdllreg_x86.cab
[2006/09/21 10:02:46 | 000,484,632 | ---- | M] (Microsoft Corporation) -- C:\DXSETUP.exe
[2006/09/21 10:02:46 | 000,082,338 | ---- | M] () -- C:\dxupdate.cab
[2007/04/08 16:54:59 | 000,001,024 | ---- | M] () -- C:\EPSONCD.Pal
[2006/01/17 21:36:34 | 000,000,043 | ---- | M] () -- C:\FAP._MD
[2006/01/17 00:19:17 | 000,000,002 | ---- | M] () -- C:\FS1
[2005/12/01 11:39:43 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/04/12 03:56:31 | 000,002,709 | ---- | M] () -- C:\morning sunrise.html
[2005/12/01 11:39:43 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/03 17:31:07 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/05/20 21:12:00 | 000,001,774 | ---- | M] () -- C:\ontario song.txt
[2010/07/10 17:56:48 | 1407,188,992 | -HS- | M] () -- C:\pagefile.sys
[2008/06/05 00:14:17 | 000,002,048 | ---- | M] () -- C:\pumpprex3.ini
[2008/04/04 13:56:44 | 000,001,855 | ---- | M] () -- C:\rapport.txt
[2008/05/05 23:23:49 | 000,001,432 | ---- | M] () -- C:\Rose Mage build.txt
[2007/11/08 16:09:51 | 000,304,136 | ---- | M] () -- C:\SNPP106.RAW
[2008/05/04 23:36:39 | 000,000,004 | RHS- | M] () -- C:\WINOS.SYS

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/12/01 11:39:26 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/07/29 05:36:00 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBLPP5C.DLL

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.dat >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/02/10 22:46:14 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[2004/08/04 06:00:00 | 001,355,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm50.dll
[2008/04/13 18:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/12/01 04:28:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/12/01 04:28:04 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/12/01 04:28:04 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 18:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 18:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 18:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-12 23:34:30

========== Files - Unicode (All) ==========
[2007/05/29 20:51:59 | 000,000,000 | ---D | M](C:\Documents and Settings\Bradley\Application Data\??????????) -- C:\Documents and Settings\Bradley\Application Data\私立さくらんぼ小学校
[2007/05/29 20:51:59 | 000,000,000 | ---D | M](C:\Documents and Settings\Bradley\Application Data\??????????) -- C:\Documents and Settings\Bradley\Application Data\私立さくらんぼ小学校
(C:\Documents and Settings\Bradley\Application Data\??????????) -- C:\Documents and Settings\Bradley\Application Data\私立さくらんぼ小学校

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Bradley\My Documents\shell32.dll:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Bradley\My Documents\Me Vs. Itachi 2:SummaryInformation
@Alternate Data Stream - 248 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
< End of report >


OTL Extras logfile created on: 10/07/2010 6:05:31 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Bradley\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 85.80 Gb Free Space | 36.84% Space Free | Partition Type: NTFS
Drive D: | 625.15 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1397.26 Gb Total Space | 318.45 Gb Free Space | 22.79% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 1397.26 Gb Total Space | 788.05 Gb Free Space | 56.40% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 578.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BRAD
Current User Name: Bradley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe" = C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars: Empire at War -- (Lucasfilm Entertainment Company, Ltd.)
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"F:\Games\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe" = F:\Games\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- File not found
"F:\Games\Stronghold 2\Stronghold2.exe" = F:\Games\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Bradley\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Bradley\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03ABC33C-10B1-400E-B1FA-E817FE98D11C}" = YUME MIRU KUSURI
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{148E0B24-4757-45F5-9418-FC6879D9753B}" = 美香がんばる
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 20
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{2DD0D38E-EBAD-4DB4-B1EF-FE095E30754C}" = Nexus: The Jupiter Incident
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{5022AA3F-26CB-4B07-AEBD-419D6DAB002B}" = 57xx SteelVine
"{50C94E8B-D6DC-4B61-A948-B84B08D40496}" = RagnarokOnline
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{54DC27A1-2708-421E-8915-119955DB3B92}" = PC Camera (6029 CIF)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56507F25-41BE-4E18-BA87-0476417BBBDF}" = Avdump GUI
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{6E7F60B4-F1E9-473F-A6BA-1C1C73A63592}" = ILLUSION Sexyビーチ3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{88D5B052-13BF-44FE-8C17-AC416B323BFE}" = UT2004 Editor's Choice Edition Mod Installer
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8D61229A-9C20-465E-9EEA-76D98FAFE5F6}" = Flash Video Exporter 1.2
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A1288842-D600-453F-B61F-6C2AA3D6A528}" = Ragnarok Online
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0EF4866-9A9A-4B8B-A4B1-064BCC7547AE}" = Systerac XP Tools 4.02
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{CADDE354-C78C-46CB-A006-E2B178EFC271}" = Rise Of Legends
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB8E2137-EE2E-4A97-A154-0562A3DD12AB}" = iLike Sidebar
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{D5D721EE-93C3-4352-B0D1-560EF2950FE3}_is1" = GunZ Mouse Re-Binder 1.14
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{D7447B32-518C-442F-A8E4-DCF12D8A6D75}" = Station LaunchPad
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{E4D02EF2-6F12-4BE9-9928-2F27DA01A915}" = ILLUSION 人工少女3
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E6BD1D87-E072-4149-96E2-DDAB3F9D7116}" = らぶフェチ~パイズリ編~
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"426" = 426の追加と削除
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM Lite" = AIM Lite 0.32
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon Kindle For PC" = Amazon Kindle For PC v1.0
"AnvSoft Flash to iPod Converter_is1" = AnvSoft Flash to iPod Converter 1.10
"AOL Instant Messenger" = AOL Instant Messenger
"AruaROSE" = AruaROSE
"Ask Toolbar_is1" = Vuze Toolbar
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"AviSynth" = AviSynth 2.5
"Azureus" = Azureus
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"Bomberman Online Beta_is1" = Bomberman Online Beta
"Bootfighter Windom XP sp-2.NET_is1" = Bootfighter Windom XP sp-2.NET v1.028
"BSW" = BrettspielWelt
"CCleaner" = CCleaner
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"CDisplay_is1" = CDisplay 1.8
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"CompuApps SwissKnife V3" = CompuApps SwissKnife V3
"DCoder Image Source" = DCoder Image Source (remove only)
"Digicam Print" = Digicam Print (V2.0)
"DirectVobSub" = DirectVobSub (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"EVE" = EVE-ONLINE (remove only)
"EVE Launcher_is1" = EVE Launcher 1.0.3
"EVEMon" = EVEMon
"Fate-stay night English" = Fate/stay night English v3.2
"ffdshow_is1" = ffdshow [rev 3124] [2009-11-03]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"FLAC" = FLAC 1.2.1b (remove only)
"FlashGet" = FlashGet 1.8.6.1008
"FlashGet(JetCar)" = FlashGet(JetCar)
"Forte Agent" = Fort・Agent
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.34
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"GameSpy Arcade" = GameSpy Arcade
"glGo" = PANDA-glGo
"Gunz" = ijji - Gunz
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn (Remove Only)
"In bed with Alison" = In bed with Alison
"InstallShield_{CADDE354-C78C-46CB-A006-E2B178EFC271}" = Rise Of Legends
"InterActual Player" = InterActual Player
"KSignAccessToolkit" = KSignAccessToolkit v1.0
"Lamia_girl" = –‚•–‚‚̐Šˆ`ƒ‰ƒ~ƒA‚̏‡`
"legacyqcam_10.51" = Logitech Legacy USB Camera Driver Package
"Lexmark Z700-P700 Series" = Lexmark Z700-P700 Series
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Ogg Codecs" = Ogg Codecs 0.81.15562
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"Oz Insight All-In-One Newsreader" = Oz Insight All-In-One Newsreader
"Panda ActiveScan" = Panda ActiveScan
"PFPortChecker" = PFPortChecker 1.0.28
"Planescape - Torment" = Planescape - Torment
"PopCap Browser Plugin" = PopCap Browser Plugin
"Pretty Soldier Wars A.D. 2048" = Pretty Soldier Wars A.D. 2048
"PTFightInstaller" = 行殺!スピリッツR1
"Qloud Plug-in for iTunes" = Qloud Plug-in for iTunes
"QuicktimeAlt_is1" = QuickTime Alternative 1.76
"RealMedia" = RealMedia (remove only)
"Recover My Files_is1" = Recover My Files
"Replay_Converter_1" = Replay Converter 2.8
"RGSS-RTP Standard_is1" = RGSS-RTP Standard
"ScreenGrab_is1" = ScreenGrab 1.1
"SHOUTcast Source" = SHOUTcast Source (remove only)
"Silent Package Run-Time Sample" = EPSON Stylus Photo R260 User's Guide
"Sins of a Solar Empire" = Sins of a Solar Empire
"Smart DVD Creator_is1" = Smart DVD Creator
"Steam App 8400" = Geometry Wars
"StepMania" = StepMania (remove only)
"SWEET ALISON" = SWEET ALISON
"TalonRO_is1" = TalonRO Client 1.0.0
"TIKANANIME" = お姉さん中出し痴漢列車-The Anime-
"TomTom HOME" = TomTom HOME 2.7.5.2014
"UT2004" = Unreal Tournament 2004
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"WinAce Archiver" = WinAce Archiver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMCSetup" = Windows Media Connect
"Worms Armageddon" = Worms Armageddon
"X-Change" = X-Change
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec
"ZoomPlayer" = Zoom Player (remove only)
"ヴィーナスブラッド_is1" = ヴィーナスブラッド

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0534CFAB-643C-40B0-B83A-21C19ECFF55B}" = Nega 0
"BitTorrent DNA" = DNA
"ijji FireFox Launcher" = ijji FireFox Launcher 1.0
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"Sudoku Ball Application 1.0.13-beta" = Sudoku Ball Application 1.0.13-beta
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 10/06/2007 7:43:38 AM | Computer Name = BRAD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\windows\system32\ir50_32.dll failed, 0000001E.

Error - 10/06/2007 7:43:39 AM | Computer Name = BRAD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\windows\system32\xvidvfw.dll failed, 0000001E.

Error - 01/04/2008 8:18:08 PM | Computer Name = BRAD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://dl10.filekicker.net/private/$a...ad0/RCSetup.exe
failed, 00000084.

Error - 07/04/2008 10:14:32 AM | Computer Name = BRAD | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function C0000005.

Error - 28/04/2008 2:36:46 AM | Computer Name = BRAD | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 28/04/2008 2:36:46 AM | Computer Name = BRAD | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 28/04/2008 2:37:10 AM | Computer Name = BRAD | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

Error - 28/04/2008 3:16:24 AM | Computer Name = BRAD | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 28/04/2008 3:16:24 AM | Computer Name = BRAD | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 10/11/2009 3:27:10 AM | Computer Name = BRAD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://media.mofosex...js/swfobject.js failed, 0000A413.

[ Application Events ]
Error - 09/07/2010 3:04:05 PM | Computer Name = BRAD | Source = Application Hang | ID = 1001
Description = Fault bucket 1449328921.

Error - 10/07/2010 6:11:11 AM | Computer Name = BRAD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 10/07/2010 6:11:11 AM | Computer Name = BRAD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/07/2010 6:31:36 AM | Computer Name = BRAD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 10/07/2010 6:31:37 AM | Computer Name = BRAD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/07/2010 6:45:19 PM | Computer Name = BRAD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 10/07/2010 6:45:20 PM | Computer Name = BRAD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/07/2010 7:54:09 PM | Computer Name = BRAD | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, faulting module
gmer.exe, version 1.0.15.15281, fault address 0x0005c887.

Error - 10/07/2010 7:54:17 PM | Computer Name = BRAD | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, faulting module
gmer.exe, version 1.0.15.15281, fault address 0x0005c887.

Error - 10/07/2010 7:54:19 PM | Computer Name = BRAD | Source = Application Error | ID = 1001
Description = Fault bucket 1608445813.

[ System Events ]
Error - 10/07/2010 7:11:09 PM | Computer Name = BRAD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 10/07/2010 7:38:25 PM | Computer Name = BRAD | Source = DCOM | ID = 10010
Description = The server {B2B3C70A-B20F-40B7-90C5-EA7E946C16E0} did not register
with DCOM within the required timeout.

Error - 10/07/2010 7:42:07 PM | Computer Name = BRAD | Source = DCOM | ID = 10010
Description = The server {B2B3C70A-B20F-40B7-90C5-EA7E946C16E0} did not register
with DCOM within the required timeout.

Error - 10/07/2010 7:46:47 PM | Computer Name = BRAD | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 10/07/2010 7:46:47 PM | Computer Name = BRAD | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 10/07/2010 7:46:59 PM | Computer Name = BRAD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 10/07/2010 7:57:14 PM | Computer Name = BRAD | Source = d347prt | ID = 262153
Description =

Error - 10/07/2010 7:57:14 PM | Computer Name = BRAD | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 10/07/2010 7:57:14 PM | Computer Name = BRAD | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 10/07/2010 7:57:29 PM | Computer Name = BRAD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd


< End of report >

Attached Files

  • Attached File  OTL.Txt   122.71KB   119 downloads
  • Attached File  Extras.Txt   58.14KB   150 downloads

Edited by SweetTech, 10 July 2010 - 06:35 PM.
expanded logs--ST

  • 0

Advertisements


#2
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message to me on here. :)
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\Run: [Obohigusu] C:\WINDOWS\ufeyidad.DLL File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to autostartgui.bat.lnk = F:\RECYCLER\HatH\autostartgui.bat File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    [2010/06/23 00:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bradley\Local Settings\Application Data\ppdbvrdlf
    [2010/07/10 15:31:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Hzenaxiti.dat
    [2010/07/08 19:35:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ibicifi.bin
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Bradley\My Documents\shell32.dll:SummaryInformation
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Bradley\My Documents\Me Vs. Itachi 2:SummaryInformation
    @Alternate Data Stream - 248 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [start explorer]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now



NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that is produced after running the OTL Fix.
3. The log that is produced after running the ComboFix scan.
4. An update on how your computer is currently running.


It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Edited by SweetTech, 10 July 2010 - 06:41 PM.

  • 0

#3
Cheap-o

Cheap-o

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
1. While running combofix, the first time the computer restarted, it gave me a pop-up and asked me to write down some information. This is it:
Service: atapi
File C:\WINDOWS\system32\DRIVERS\atapi.sys

And thank you for the help!

2. All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Obohigusu deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to autostartgui.bat.lnk moved successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\Bradley\Local Settings\Application Data\ppdbvrdlf folder moved successfully.
C:\WINDOWS\Hzenaxiti.dat moved successfully.
C:\WINDOWS\Ibicifi.bin moved successfully.
ADS C:\Documents and Settings\Bradley\My Documents\shell32.dll:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\Bradley\My Documents\Me Vs. Itachi 2:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:63238B95 deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Bradley
->Temp folder emptied: 425432 bytes
->Temporary Internet Files folder emptied: 684988 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 41689776 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 857 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33248 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 30898157 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1278 bytes

User: Shawn
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16647793 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 86.00 mb


[EMPTYFLASH]

User: All Users

User: Bradley
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Shawn
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.9.0 log created on 07102010_190557

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZB4ZUHY6\144410_1361[1].jpg not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZB4ZUHY6\CA01KH4N.htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZB4ZUHY6\CAGLUPH2 not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZB4ZUHY6\CAGXYJS1.htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZB4ZUHY6\CAXG8N1T.htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZB4ZUHY6\Pug[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZB4ZUHY6\Pug[2].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YN6P2FAB\CA4WXLNI.htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YN6P2FAB\CA9157UA not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YN6P2FAB\pm_300_250[1].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YN6P2FAB\Pug[1].gif not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YN6P2FAB\Pug[2].gif not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YN6P2FAB\Rediscovering_China_20090824_part_1[3].flv moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YN6P2FAB\syncuppixels[1].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EW8B2Q0U\CAKZM1Y5 not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8S649PUE\freq[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8S649PUE\freq[2].htm not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\fla22.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_500.dat not found!

Registry entries deleted on Reboot...

3. ComboFix 10-07-10.01 - Bradley 10/07/2010 20:10:51.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.3327.2805 [GMT -6:00]
Running from: c:\documents and settings\Bradley\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100710-2] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\data
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Bradley\Local Settings\Application Data\{92228C97-ABD6-43C5-96DC-2BADB4590D00}
c:\documents and settings\Bradley\Local Settings\Application Data\{92228C97-ABD6-43C5-96DC-2BADB4590D00}\chrome.manifest
c:\documents and settings\Bradley\Local Settings\Application Data\{92228C97-ABD6-43C5-96DC-2BADB4590D00}\chrome\content\_cfg.js
c:\documents and settings\Bradley\Local Settings\Application Data\{92228C97-ABD6-43C5-96DC-2BADB4590D00}\chrome\content\overlay.xul
c:\documents and settings\Bradley\Local Settings\Application Data\{92228C97-ABD6-43C5-96DC-2BADB4590D00}\install.rdf
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\daemon.dll
c:\windows\system32\_000000_.tmp.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\STEC3.sys
c:\windows\system32\Thumbs.db
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll

----- BITS: Possible infected sites -----

hxxp://j+|[email protected]:NGD_DQ{zGD_DQ{zGD_DQ{zGD_DQ{[email protected]:Nj+|Cv
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_STEC3
-------\Service_STEC3


((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 )))))))))))))))))))))))))))))))
.

2010-07-11 01:05 . 2010-07-11 01:05 -------- d-----w- C:\_OTL
2010-07-10 22:13 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-10 22:13 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-10 22:11 . 2010-07-10 22:12 -------- d-----w- c:\program files\ERUNT
2010-07-06 01:23 . 2010-07-06 01:23 -------- d-----w- c:\program files\Common Files\Logitech
2010-07-03 03:17 . 2010-07-05 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-01 21:34 . 2010-07-01 21:34 -------- d-----w- c:\documents and settings\Bradley\Local Settings\Application Data\TomTom
2010-07-01 21:34 . 2010-07-01 21:34 -------- d-----w- c:\documents and settings\Bradley\Application Data\TomTom
2010-07-01 21:34 . 2010-07-01 21:34 -------- d-----w- c:\program files\TomTom International B.V
2010-06-26 01:38 . 2010-06-26 01:38 -------- d-----w- c:\program files\DCoder Image Source
2010-06-26 01:38 . 2010-06-26 01:38 -------- d-----w- c:\program files\FFMPEG Core Files
2010-06-26 01:38 . 2010-06-26 01:38 -------- d-----w- c:\program files\SHOUTcast Source
2010-06-26 01:38 . 2010-06-26 01:38 -------- d-----w- c:\program files\MONOGRAM AMR SplitterDecoder
2010-06-26 01:38 . 2010-06-26 01:38 -------- d-----w- c:\program files\CD Audio Reader Filter
2010-06-26 01:38 . 2010-06-26 01:38 -------- d-----w- c:\program files\OpenSource AVI Splitter
2010-06-26 01:38 . 2010-06-26 01:38 -------- d-----w- c:\program files\Gabest MPEG Splitter
2010-06-26 01:38 . 2010-06-26 01:38 -------- d-----w- c:\program files\OpenSource DTSAC3DD+ Source Filter
2010-06-26 01:38 . 2010-06-26 01:38 -------- d-----w- c:\program files\RealMedia
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-----w- c:\program files\DScaler5
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-----w- c:\program files\AC3Filter
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-----w- c:\program files\OpenSource Flash Video Splitter
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-----w- c:\program files\DirectVobSub
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-----w- c:\program files\Haali
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-----w- c:\program files\Bass Audio Decoder
2010-06-26 01:36 . 2010-07-10 22:01 -------- d-----w- c:\program files\Zoom Player
2010-06-25 11:36 . 2010-06-25 11:36 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-06-24 06:16 . 2010-06-24 06:16 -------- d-----w- C:\NeverwinterNights
2010-06-24 04:46 . 2010-06-24 04:46 -------- d-----w- c:\program files\CCleaner
2010-06-24 02:15 . 2010-06-24 02:15 -------- d-----w- c:\documents and settings\Bradley\Application Data\InstallShield Installation Information
2010-06-24 02:13 . 2010-06-24 02:13 0 ----a-w- c:\windows\PowerReg.dat
2010-06-24 00:59 . 2004-08-22 22:31 5248 ----a-w- c:\windows\system32\drivers\d347prt.sys
2010-06-24 00:59 . 2004-08-22 22:31 155136 ----a-w- c:\windows\system32\drivers\d347bus.sys
2010-06-24 00:59 . 2010-06-24 00:59 -------- d-----w- c:\program files\D-Tools
2010-06-24 00:50 . 2010-04-12 23:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-23 06:08 . 2010-06-23 06:08 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-23 06:07 . 2010-06-23 06:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-06-22 02:18 . 2010-06-22 02:18 -------- d-----w- c:\documents and settings\Bradley\Local Settings\Application Data\tjnet
2010-06-15 02:09 . 2010-07-11 02:23 -------- d-----w- c:\documents and settings\Bradley\Application Data\mjusbsp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 02:23 . 2010-05-16 20:33 -------- d-----w- c:\documents and settings\Bradley\Application Data\Skype
2010-07-11 02:22 . 2009-03-13 06:42 -------- d-----w- c:\program files\DNA
2010-07-11 02:22 . 2009-03-13 06:42 -------- d-----w- c:\documents and settings\Bradley\Application Data\DNA
2010-07-10 22:16 . 2008-04-01 23:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-10 21:34 . 2008-03-30 07:16 -------- d-----w- c:\documents and settings\Bradley\Application Data\SUPERAntiSpyware.com
2010-07-10 21:34 . 2007-07-11 16:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-10 21:34 . 2008-03-30 07:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-10 21:33 . 2005-12-26 09:55 -------- d-----w- c:\documents and settings\Bradley\Application Data\Azureus
2010-07-09 14:53 . 2007-09-27 13:28 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-06 01:25 . 2007-05-28 22:53 -------- d-----w- c:\documents and settings\Bradley\Application Data\LAIM
2010-07-03 03:18 . 2010-07-03 03:18 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-07-02 19:32 . 2009-11-19 08:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-26 02:08 . 2006-05-19 07:43 -------- d-----w- c:\program files\7-Zip
2010-06-26 01:40 . 2009-05-07 08:24 -------- d-----w- c:\program files\PopCap Games
2010-06-26 01:31 . 2006-09-22 20:59 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-06-24 06:18 . 2005-12-19 19:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-24 00:50 . 2005-12-26 09:53 -------- d-----w- c:\program files\Java
2010-06-23 06:04 . 2010-06-02 21:48 -------- d-----w- c:\program files\mkv2vob
2010-06-23 06:04 . 2010-06-02 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-06-23 06:04 . 2005-12-19 19:02 -------- d-----w- c:\program files\ATI Technologies
2010-06-23 05:29 . 2005-12-26 09:53 -------- d-----w- c:\program files\Common Files\Java
2010-06-21 19:10 . 2006-05-09 02:04 -------- d-----w- c:\documents and settings\Bradley\Application Data\dvdcss
2010-06-11 22:08 . 2010-05-16 20:36 -------- d-----w- c:\documents and settings\Bradley\Application Data\skypePM
2010-06-11 16:11 . 2009-06-05 12:00 1 ----a-w- c:\documents and settings\Bradley\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-06 00:29 . 2010-06-06 00:29 -------- d-----w- c:\program files\iLike
2010-06-02 21:48 . 2010-06-02 21:48 29184 ----a-r- c:\documents and settings\Bradley\Application Data\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2010-05-24 06:42 . 2006-08-28 10:19 -------- d-----w- c:\program files\Azureus
2010-05-20 23:19 . 2010-05-20 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-20 23:19 . 2007-09-02 18:19 -------- d-----w- c:\program files\iTunes
2010-05-20 23:18 . 2010-05-20 23:18 -------- d-----w- c:\program files\iPod
2010-05-20 23:18 . 2007-09-02 18:17 -------- d-----w- c:\program files\Common Files\Apple
2010-05-20 23:15 . 2006-12-23 07:56 -------- d-----w- c:\program files\QuickTime Alternative
2010-05-20 23:12 . 2010-05-20 23:12 -------- d-----w- c:\program files\Bonjour
2010-05-20 23:09 . 2010-05-20 23:09 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-17 02:55 . 2010-05-17 02:55 35872 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-16 20:36 . 2010-05-16 20:36 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-16 20:32 . 2010-05-16 20:32 -------- d-----r- c:\program files\Skype
2010-05-16 20:32 . 2010-05-16 20:32 -------- d-----w- c:\program files\Common Files\Skype
2010-05-16 20:32 . 2010-05-16 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-05-14 23:16 . 2010-03-11 21:44 -------- d-----w- c:\program files\Google
2010-05-02 05:22 . 2007-04-05 09:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-04-16 14:33 . 2009-07-31 06:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-16 14:33 . 2008-10-17 05:02 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2005-04-01 05:17 . 2005-12-19 19:16 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
2008-08-16 23:42 . 2008-08-16 23:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 23:42 . 2008-08-16 23:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 23:42 . 2008-08-16 23:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 23:42 . 2008-08-16 23:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 23:43 . 2008-08-16 23:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 23:42 . 2008-08-16 23:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 23:42 . 2008-08-16 23:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 14:41 . 2008-05-21 14:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 14:41 . 2008-05-21 14:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 14:41 . 2008-05-21 14:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 19:58 . 2008-06-05 19:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 23:42 . 2008-08-16 23:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2007-03-09 07:12 . 2007-03-09 07:12 27648 -csha-w- c:\windows\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 19:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"cdloader"="c:\documents and settings\Bradley\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"TomTomHOME.exe"="e:\nicole\TV shows\Ghost Whisperer\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-08 14565376]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"laim"="c:\program files\AIM Lite\aimlite.exe" [2007-03-26 759808]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Memory Optimizer"="c:\program files\Systerac XP Tools 4\memoryo.exe" [2006-11-09 1056768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]

c:\documents and settings\Bradley\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
2007-06-11 09:25 6731312 ----a-w- c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\57xxSteelVine]
2008-01-22 18:28 1761280 ----a-w- c:\program files\Silicon Image\57xx SteelVine\SteelVineManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
2009-11-24 23:51 81000 ----a-w- c:\progra~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iLike]
2008-09-10 21:41 63024 ----a-w- c:\program files\iLike\1.2.17\ilikesidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 21:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-08-14 23:11 565008 ----a-w- c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 23:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 23:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-09-17 00:41 1961984 -c--a-w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 03:53 421888 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-12-09 00:35 32768 ----a-w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2008-03-29 12:37 1271032 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"SENS"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Bradley\\Application Data\\mjusbsp\\magicJack.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [23/06/2010 6:59 PM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [23/06/2010 6:59 PM 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [05/04/2008 3:21 AM 114768]
R2 57xx SteelVine Manager;57xx SteelVine;c:\program files\Silicon Image\57xx SteelVine\SteelVine.exe [22/01/2008 12:28 PM 1310720]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [06/01/2010 5:32 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [06/01/2010 5:32 PM 234888]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/04/2008 3:21 AM 20560]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [23/04/2009 6:49 PM 14976]
R2 TomTomHOMEService;TomTomHOMEService;e:\nicole\TV shows\Ghost Whisperer\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 8:41 AM 92008]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [29/09/2007 12:02 PM 33792]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/03/2010 3:44 PM 135664]
S3 SNPP106;PC Camera (6029 CIF);c:\windows\system32\drivers\snpp106.sys [31/01/2006 9:14 PM 238080]
.
Contents of the 'Scheduled Tasks' folder

2010-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-11 21:44]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-11 21:44]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Bradley\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: {0DBA1AEF-0E6E-4186-B165-3958A27D96B9} = 4.2.2.2,4.2.2.3
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
FF - ProfilePath - c:\documents and settings\Bradley\Application Data\Mozilla\Firefox\Profiles\wrjbr3mn.Brad\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-AVG Anti-Spyware Driver
SafeBoot-svcWRSSSDK
MSConfigStartUp-Memory Optimizer - c:\program files\Systerac XP Tools 3\memoryo.exe
MSConfigStartUp-Registry Compact - c:\program files\Systerac XP Tools 3\regcomp.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
AddRemove-426 - f:\hath\501 azrael and sweet legacy\426\501\FrontWing\426\setup.exe
AddRemove-AruaROSE - f:\games\ROSE\Uninstall.exe
AddRemove-Bootfighter Windom XP sp-2.NET_is1 - f:\games\Bootfighter Windom XP sp-2.NET\unins000.exe
AddRemove-EVE - f:\games\Eve\Uninstall.exe
AddRemove-Fate-stay night English - f:\games\fate stay\Fate\uninstall.exe
AddRemove-In bed with Alison - f:\flash animations\Bed Allison\Uninstal.exe
AddRemove-RGSS-RTP Standard_is1 - f:\games\RPG maker\Standard\unins000.exe
AddRemove-SWEET ALISON - f:\flash animations\Uninstal.exe
AddRemove-TIKANANIME - f:\games\[HentaiShare].Oneesan.Chuu.Dashi.Chikan.Ressha.The.Animated.Version\MBSTRUTH\TIKANANIME\Uninstall.exe
AddRemove-Worms Armageddon - f:\games\worms\Uninst.isu
AddRemove-?????????_is1 - f:\anime\Current\Nicole's stuff\games\Installed\?????????\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-10 20:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8B02BF00]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f59cb8
\Driver\atapi -> 0x8b02bf00
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9e06bd4
PacketIndicateHandler -> NDIS.sys @ 0xb9e12a21
SendHandler -> NDIS.sys @ 0xb9e06d44
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1036893752-4074264256-4249479951-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\00000L*O*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"Order"=hex:08,00,00,00,02,00,00,00,8e,00,00,00,01,00,00,00,01,00,00,00,82,00,
00,00,00,00,00,00,74,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,62,00,36,\

[HKEY_USERS\S-1-5-21-1036893752-4074264256-4249479951-1006\Software\SecuROM\License information*]
"datasecu"=hex:42,92,90,10,4e,5c,08,e8,95,4c,7f,86,29,3d,c2,42,3f,60,2a,8e,63,
25,7f,62,ae,74,8b,fb,75,4c,0f,a1,3a,f4,ef,55,2b,47,d8,a4,10,64,aa,18,3f,7a,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(608)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6444)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\libusbd-nt.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\locator.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\wscntfy.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\documents and settings\Bradley\Application Data\mjusbsp\magicJack.exe
.
**************************************************************************
.
Completion time: 2010-07-10 20:30:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-11 02:30

Pre-Run: 91,976,806,400 bytes free
Post-Run: 91,916,984,320 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - B6FE327B4BC074C4B9BD52DDA6B39610

4. The redirects or opening of new tabs in firefox without my doing anything were very far apart to begin with. I might have one happen once every 3 or so hours, so I won't be 100% sure that is gone for a little while. Avast has not popped up to warn me about trojans since I first started following the instructions on the site. Upon loading of windows after a restart, I am getting two errors for missing DLL files that rundll is trying to run. They are files that the programs I ran before posting a topic here removed, I believe, but I forgot to write those down. I'll do that the next time I restart. I just don't want to restart again until you've told me to.
  • 0

#4
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Lets run a few more scans to ensure that nothing else is hiding.

Also, did you recently uninstall a CD Emulation software?

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following bolded text into the Posted Image textbox.


    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push Posted Image
  • A report will open. Copy and Paste that report in your next reply.





Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that is produced after running the MalwareBytes' Anti-Malware scan.
3. The log that is produced after running the ESET Online Virus Scanner.
4. The log that is produced after running the SecurityCheck scan.
5. The log that is produced after running the OTL scan.
6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Cheers,
SweetTech.
  • 0

#5
Cheap-o

Cheap-o

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
1. I did not recently uninstall a CD emulation program. I *did* however, remove one of the files required for alcohol to emulate cd drives. A file called sptd.sys was causing my computer to crash upon startup every time. I had to eventually start it up in safe mode, and STOP it from loading that file, once I figured the problem out, then move the file (currently on my desktop) so the computer would start up without crashing. I looked around online for a while, and as far as I can tell, there is no fix for this problem. I replaced alcohol with an old version of daemon tools that doesn't use sptd.sys, but I haven't uninstalled alcohol at this time.

Also, I glanced at the security check scan and noticed it said something about having windows firewall disabled. I don't know if it picked up that I do have a hardware firewall in my WBR-2310 D-link router, just in case that happens to be relevant.

2.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4301

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/07/2010 9:57:57 PM
mbam-log-2010-07-10 (21-57-57).txt

Scan type: Quick scan
Objects scanned: 136759
Time elapsed: 5 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

3.
C:\Program Files\Gravity\EuphRO2\System\RagII.exe a variant of Win32/Packed.Themida application


4.
Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
avast! Antivirus
AVG Anti-Spyware 7.5
ESET Online Scanner v3
avast! successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java™ 6 Update 20
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player
Mozilla Firefox (3.6.6)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashDisp.exe
````````````````````````````````
DNS Vulnerability Check:

Unknown. This method cannot test your vulnerability to DNS cache poisoning.

``````````End of Log````````````

5.
OTL logfile created on: 11/07/2010 12:58:47 AM - Run 2
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Bradley\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 85.50 Gb Free Space | 36.72% Space Free | Partition Type: NTFS
Drive D: | 625.15 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1397.26 Gb Total Space | 318.45 Gb Free Space | 22.79% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 1397.26 Gb Total Space | 788.05 Gb Free Space | 56.40% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 578.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BRAD
Current User Name: Bradley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/10 17:34:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bradley\Desktop\OTL.exe
PRC - [2010/07/02 00:26:55 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/02 00:26:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/24 08:41:38 | 000,092,008 | ---- | M] (TomTom) -- E:\Nicole\TV shows\Ghost Whisperer\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/06/24 08:41:34 | 000,247,144 | ---- | M] (TomTom) -- E:\Nicole\TV shows\Ghost Whisperer\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/26 17:46:32 | 012,526,424 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Bradley\Application Data\mjusbsp\magicJack.exe
PRC - [2009/11/24 17:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 17:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 17:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 17:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 17:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/11/13 05:26:49 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/04/23 06:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 06:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/04/02 13:47:04 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2009/04/02 13:47:02 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/08/14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 17:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/22 12:28:40 | 001,310,720 | ---- | M] () -- C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe
PRC - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007/03/26 14:54:54 | 000,759,808 | ---- | M] () -- C:\Program Files\AIM Lite\aimlite.exe
PRC - [2006/11/09 16:37:26 | 001,056,768 | ---- | M] (Systerac) -- C:\Program Files\Systerac XP Tools 4\memoryo.exe
PRC - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe


========== Modules (SafeList) ==========

MOD - [2010/07/10 20:21:46 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll
MOD - [2010/07/10 17:34:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bradley\Desktop\OTL.exe
MOD - [2009/11/24 17:50:32 | 000,139,264 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll
MOD - [1999/03/29 07:34:06 | 000,110,595 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Msscript1.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/24 08:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- E:\Nicole\TV shows\Ghost Whisperer\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/24 17:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 17:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 17:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 17:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/04/02 13:47:04 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 13:47:02 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/01/22 12:28:40 | 001,310,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe -- (57xx SteelVine Manager)
SRV - [2007/05/30 06:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [Disabled | Stopped] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)
SRV - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2005/10/06 19:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\Bradley\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/02/11 01:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/11/24 17:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 17:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 17:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 17:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 17:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 17:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/07/17 01:59:02 | 000,138,520 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/07/26 09:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 09:25:46 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 09:22:32 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/26 09:22:20 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 12:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 12:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/06 21:40:20 | 000,169,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2007/05/30 06:10:42 | 000,011,000 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver)
DRV - [2007/05/30 06:10:42 | 000,010,872 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)
DRV - [2005/11/01 21:02:54 | 000,166,400 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinevxx.sys -- (atinevxx)
DRV - [2005/11/01 21:01:50 | 000,015,360 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2005/09/19 09:41:00 | 000,241,280 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/06/08 02:22:20 | 003,160,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2005/03/09 00:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/07 18:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004/08/04 06:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/05 03:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/11/08 18:56:28 | 000,238,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpp106.sys -- (SNPP106) PC Camera (6029 CIF)
DRV - [2001/08/17 08:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.21.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.5
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/02 00:26:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/02 21:17:41 | 000,000,000 | ---D | M]

[2010/07/01 15:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Extensions
[2010/07/01 15:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Extensions\[email protected]
[2010/01/06 17:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Firefox\Profiles\7200ieve.default\extensions
[2008/04/27 19:44:02 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Firefox\Profiles\7200ieve.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2)
[2009/07/17 01:09:07 | 000,000,000 | ---D | M] (IE View) -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Firefox\Profiles\7200ieve.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2009/07/17 01:09:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Firefox\Profiles\7200ieve.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008/04/27 19:44:02 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Firefox\Profiles\7200ieve.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(2)
[2010/01/06 17:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Firefox\Profiles\7200ieve.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/07/17 01:09:08 | 000,000,000 | ---D | M] (Text-to-Image) -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Firefox\Profiles\7200ieve.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
[2009/07/17 00:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Firefox\Profiles\7200ieve.default\extensions\[email protected]
[2008/04/12 13:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Firefox\Profiles\7200ieve.default\extensions\[email protected]
[2007/09/19 03:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Firefox\Profiles\7200ieve.default\extensions\[email protected]
[2010/07/10 20:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Firefox\Profiles\wrjbr3mn.Brad\extensions
[2009/09/27 22:58:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Firefox\Profiles\wrjbr3mn.Brad\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/02 13:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bradley\Application Data\Mozilla\Firefox\Profiles\wrjbr3mn.Brad\extensions\[email protected]
[2010/07/10 20:42:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/16 14:32:51 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/23 18:50:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/08/16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2008/08/16 17:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2008/08/16 17:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2008/05/21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2008/05/21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2008/05/21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/08/16 17:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2007/07/02 15:20:46 | 000,069,632 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2009/05/07 02:24:18 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
[2008/08/16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2010/07/10 20:21:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [laim] C:\Program Files\AIM Lite\aimlite.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Memory Optimizer] C:\Program Files\Systerac XP Tools 4\memoryo.exe (Systerac)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Bradley\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [TomTomHOME.exe] E:\Nicole\TV shows\Ghost Whisperer\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\Bradley\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Bradley\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...er_4.0.21.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Bradley\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bradley\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/01 11:39:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/07/03 16:32:17 | 000,427,008 | R--- | M] () - J:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/07/03 16:32:18 | 000,000,178 | R--- | M] () - J:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - F:\FLASHA~1\FLASHC~1\iac25_32.ax File not found
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (33509132979929088)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/10 22:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/10 19:47:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/10 19:44:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/10 19:44:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/10 19:44:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/10 19:44:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/10 19:43:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/10 19:05:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/10 17:34:31 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bradley\Desktop\OTL.exe
[2010/07/10 16:13:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/10 16:13:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/10 16:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/10 16:11:58 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/10 15:34:44 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/07/10 15:33:18 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bradley\Desktop\mbam-setup.exe
[2010/07/10 15:30:45 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Bradley\Desktop\erunt_setup.exe
[2010/07/10 15:29:50 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bradley\Desktop\TFC.exe
[2010/07/05 19:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2010/07/05 04:34:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/02 21:17:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/07/01 15:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bradley\My Documents\TomTom
[2010/07/01 15:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bradley\Local Settings\Application Data\TomTom
[2010/07/01 15:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bradley\Application Data\TomTom
[2010/07/01 15:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2010/06/25 19:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\DCoder Image Source
[2010/06/25 19:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\FFMPEG Core Files
[2010/06/25 19:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\SHOUTcast Source
[2010/06/25 19:38:15 | 000,000,000 | ---D | C] -- C:\Program Files\MONOGRAM AMR SplitterDecoder
[2010/06/25 19:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\CD Audio Reader Filter
[2010/06/25 19:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource AVI Splitter
[2010/06/25 19:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest MPEG Splitter
[2010/06/25 19:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource DTSAC3DD+ Source Filter
[2010/06/25 19:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\RealMedia
[2010/06/25 19:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\DScaler5
[2010/06/25 19:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter
[2010/06/25 19:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource Flash Video Splitter
[2010/06/25 19:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\DirectVobSub
[2010/06/25 19:37:32 | 000,000,000 | ---D | C] -- C:\Program Files\Haali
[2010/06/25 19:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bass Audio Decoder
[2010/06/25 19:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\Zoom Player
[2010/06/24 00:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bradley\Desktop\_Crack_
[2010/06/24 00:16:18 | 000,000,000 | ---D | C] -- C:\NeverwinterNights
[2010/06/23 22:55:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bradley\Recent
[2010/06/23 22:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/06/23 20:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bradley\Application Data\InstallShield Installation Information
[2010/06/23 18:59:52 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2010/06/23 18:59:52 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2010/06/23 18:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\D-Tools
[2010/06/23 18:50:42 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/23 18:50:42 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/23 18:50:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/23 18:50:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/23 12:39:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bradley\My Documents\New Folder
[2010/06/23 01:13:36 | 000,808,944 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Bradley\Desktop\sptd2.sys
[2010/06/23 00:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/23 00:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/06/23 00:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/22 23:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/06/21 20:29:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/21 20:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bradley\Local Settings\Application Data\tjnet
[2010/06/19 20:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/06/19 19:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/14 20:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bradley\Application Data\mjusbsp

========== Files - Modified Within 30 Days ==========

[2010/07/11 00:55:14 | 000,867,892 | ---- | M] () -- C:\Documents and Settings\Bradley\Desktop\SecurityCheck.exe
[2010/07/11 00:18:02 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/11 00:18:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/10 22:06:40 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Bradley\Desktop\esetsmartinstaller_enu.exe
[2010/07/10 20:24:50 | 000,001,006 | ---- | M] () -- C:\Documents and Settings\Bradley\Desktop\magicJack.lnk
[2010/07/10 20:21:30 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/10 20:21:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/10 20:21:03 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/10 20:20:52 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\SV_SQL3_Events.db
[2010/07/10 20:20:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/10 20:20:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/10 20:18:22 | 013,631,488 | ---- | M] () -- C:\Documents and Settings\Bradley\ntuser.dat
[2010/07/10 20:18:22 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Bradley\ntuser.ini
[2010/07/10 19:48:04 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/10 19:03:27 | 003,738,393 | R--- | M] () -- C:\Documents and Settings\Bradley\Desktop\ComboFix.exe
[2010/07/10 17:34:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bradley\Desktop\OTL.exe
[2010/07/10 16:13:34 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/10 16:11:59 | 000,000,621 | ---- | M] () -- C:\Documents and Settings\Bradley\Desktop\NTREGOPT.lnk
[2010/07/10 16:11:59 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Bradley\Desktop\ERUNT.lnk
[2010/07/10 15:59:54 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/10 15:59:39 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Bradley\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/10 15:33:27 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bradley\Desktop\mbam-setup.exe
[2010/07/10 15:30:46 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Bradley\Desktop\erunt_setup.exe
[2010/07/10 15:29:51 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bradley\Desktop\TFC.exe
[2010/07/09 08:53:15 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/08 15:45:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/01 09:36:36 | 000,000,038 | ---- | M] () -- C:\WINDOWS\osAviSplitter.INI
[2010/06/24 00:22:30 | 000,001,488 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Neverwinter Nights.lnk
[2010/06/23 20:13:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\PowerReg.dat
[2010/06/23 18:59:51 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools.lnk
[2010/06/23 01:27:22 | 000,808,944 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Bradley\Desktop\sptd2.sys
[2010/06/23 00:09:55 | 000,182,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/22 23:41:10 | 002,734,730 | -H-- | M] () -- C:\Documents and Settings\Bradley\Local Settings\Application Data\IconCache.db
[2010/06/12 17:28:56 | 000,545,876 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/12 17:28:56 | 000,472,234 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/12 17:28:56 | 000,084,236 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2010/07/11 00:55:14 | 000,867,892 | ---- | C] () -- C:\Documents and Settings\Bradley\Desktop\SecurityCheck.exe
[2010/07/10 22:06:25 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Bradley\Desktop\esetsmartinstaller_enu.exe
[2010/07/10 19:48:03 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/10 19:48:00 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/10 19:44:30 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/10 19:44:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/10 19:44:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/10 19:44:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/10 19:44:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/10 19:03:22 | 003,738,393 | R--- | C] () -- C:\Documents and Settings\Bradley\Desktop\ComboFix.exe
[2010/07/10 17:32:28 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Bradley\Desktop\gmer.exe
[2010/07/10 16:13:34 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/10 16:11:59 | 000,000,621 | ---- | C] () -- C:\Documents and Settings\Bradley\Desktop\NTREGOPT.lnk
[2010/07/10 16:11:59 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Bradley\Desktop\ERUNT.lnk
[2010/06/27 12:00:01 | 000,000,038 | ---- | C] () -- C:\WINDOWS\osAviSplitter.INI
[2010/06/25 19:37:44 | 000,497,664 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.acm
[2010/06/24 00:22:30 | 000,001,488 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Neverwinter Nights.lnk
[2010/06/23 20:13:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/06/23 18:59:51 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools.lnk
[2010/06/22 00:52:34 | 013,631,488 | ---- | C] () -- C:\Documents and Settings\Bradley\ntuser.dat
[2010/06/14 20:10:13 | 000,001,006 | ---- | C] () -- C:\Documents and Settings\Bradley\Desktop\magicJack.lnk
[2010/02/07 17:40:28 | 000,000,249 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010/02/07 17:39:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxblvs.dll
[2010/02/07 17:39:47 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBLLCNP.DLL
[2009/10/08 03:29:58 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/07/17 01:40:07 | 000,138,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/04/23 18:49:14 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2009/04/23 18:49:14 | 000,000,543 | ---- | C] () -- C:\WINDOWS\SWISV3.INI
[2009/04/23 18:49:13 | 000,000,287 | ---- | C] () -- C:\WINDOWS\SKNIFE.INI
[2009/04/23 18:48:56 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2009/02/25 04:28:39 | 000,000,070 | ---- | C] () -- C:\WINDOWS\SCOOP.INI
[2009/02/08 16:36:39 | 000,000,228 | ---- | C] () -- C:\WINDOWS\ACTIVEJP.INI
[2008/09/16 18:08:33 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/07/08 18:53:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2008/04/01 18:20:59 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2008/04/01 17:44:30 | 001,544,542 | ---- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2008/03/30 05:07:25 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2008/02/07 21:38:41 | 000,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll
[2008/02/07 21:38:41 | 000,685,056 | ---- | C] () -- C:\WINDOWS\System32\RGSS103J.dll
[2008/02/07 21:38:40 | 000,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll
[2008/02/07 21:38:40 | 000,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll
[2008/01/15 00:31:13 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2007/10/27 12:30:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/10/12 02:11:58 | 000,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/09/29 12:02:38 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2007/09/27 07:13:44 | 000,000,212 | ---- | C] () -- C:\WINDOWS\iTunesQLoudEx.INI
[2007/04/08 15:47:41 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPSONCD.INI
[2007/04/08 12:35:45 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/04/08 12:34:55 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/04/08 12:34:44 | 000,000,083 | ---- | C] () -- C:\WINDOWS\EPSPR260.ini
[2007/03/09 01:12:32 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/03/06 03:14:48 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/03/06 03:14:48 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/12/20 01:41:09 | 000,000,340 | ---- | C] () -- C:\WINDOWS\scanreg.ini
[2006/12/19 15:19:39 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\wsxttime.sys
[2006/12/19 13:31:46 | 000,000,106 | ---- | C] () -- C:\WINDOWS\Wininit.INI
[2006/03/05 20:14:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2006/03/05 16:21:15 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2006/03/05 16:21:15 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2006/03/05 16:21:15 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2006/03/05 16:21:14 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2006/03/05 15:18:21 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AVIConverter.INI
[2006/02/15 20:53:48 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2006/02/15 20:49:44 | 000,000,229 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2006/01/31 21:14:11 | 000,015,494 | ---- | C] () -- C:\WINDOWS\snpp106.ini
[2006/01/31 21:14:10 | 000,238,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpp106.sys
[2006/01/31 21:14:10 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dsnpp106.dll
[2006/01/31 21:14:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\vsnpp106.dll
[2006/01/05 17:19:49 | 000,000,050 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2006/01/05 01:59:08 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/12/27 00:55:28 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/12/27 00:55:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/12/26 07:53:07 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/12/19 15:23:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/01 11:47:06 | 000,000,804 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
[2004/12/20 12:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 12:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2003/04/11 02:52:30 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\mshas.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/04/12 02:59:22 | 000,006,974 | ---- | M] () -- C:\Abeno.html
[2006/09/21 10:02:46 | 001,116,109 | ---- | M] () -- C:\Apr2006_d3dx9_30_x86.cab
[2005/12/01 11:39:43 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/03/05 16:23:43 | 000,012,485 | ---- | M] () -- C:\avi_log.txt
[2008/04/28 01:29:13 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/10 19:48:04 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/10 20:30:06 | 000,030,874 | ---- | M] () -- C:\ComboFix.txt
[2005/12/01 11:39:43 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/22 18:08:31 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
[2008/05/23 02:12:54 | 000,000,895 | ---- | M] () -- C:\d gray man op 4.txt
[2006/08/29 15:05:21 | 000,001,143 | ---- | M] () -- C:\deltaStartup.log
[2006/09/21 10:02:46 | 000,074,520 | ---- | M] (Microsoft Corporation) -- C:\DSETUP.dll
[2006/09/21 10:02:46 | 002,248,984 | ---- | M] (Microsoft Corporation) -- C:\dsetup32.dll
[2006/09/21 10:02:46 | 000,041,995 | ---- | M] () -- C:\dxdllreg_x86.cab
[2006/09/21 10:02:46 | 000,484,632 | ---- | M] (Microsoft Corporation) -- C:\DXSETUP.exe
[2006/09/21 10:02:46 | 000,082,338 | ---- | M] () -- C:\dxupdate.cab
[2007/04/08 16:54:59 | 000,001,024 | ---- | M] () -- C:\EPSONCD.Pal
[2006/01/17 21:36:34 | 000,000,043 | ---- | M] () -- C:\FAP._MD
[2006/01/17 00:19:17 | 000,000,002 | ---- | M] () -- C:\FS1
[2005/12/01 11:39:43 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/04/12 03:56:31 | 000,002,709 | ---- | M] () -- C:\morning sunrise.html
[2005/12/01 11:39:43 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/03 17:31:07 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/05/20 21:12:00 | 000,001,774 | ---- | M] () -- C:\ontario song.txt
[2010/07/10 20:20:22 | 1407,188,992 | -HS- | M] () -- C:\pagefile.sys
[2008/06/05 00:14:17 | 000,002,048 | ---- | M] () -- C:\pumpprex3.ini
[2008/04/04 13:56:44 | 000,001,855 | ---- | M] () -- C:\rapport.txt
[2008/05/05 23:23:49 | 000,001,432 | ---- | M] () -- C:\Rose Mage build.txt
[2007/11/08 16:09:51 | 000,304,136 | ---- | M] () -- C:\SNPP106.RAW
[2008/05/04 23:36:39 | 000,000,004 | RHS- | M] () -- C:\WINOS.SYS

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/12/01 11:39:26 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/07/29 05:36:00 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBLPP5C.DLL

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2005/03/31 23:17:42 | 000,040,960 | ---- | M] () -- C:\Program Files\Uninstall_CDS.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/02/10 22:46:14 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[2004/08/04 06:00:00 | 001,355,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm50.dll
[2008/04/13 18:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/12/01 04:28:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/12/01 04:28:04 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/12/01 04:28:04 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 18:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 18:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 18:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-12 23:34:30

========== Files - Unicode (All) ==========
[2007/05/29 20:51:59 | 000,000,000 | ---D | M](C:\Documents and Settings\Bradley\Application Data\??????????) -- C:\Documents and Settings\Bradley\Application Data\私立さくらんぼ小学校
(C:\Documents and Settings\Bradley\Application Data\??????????) -- C:\Documents and Settings\Bradley\Application Data\私立さくらんぼ小学校
< End of report >

6. Since the last set of instructions didn't require a restart, I still haven't had a chance to write down the names of the .dll files that are causing an error on startup. However, so far, there have been no tabs opening of their own accord in firefox, and I haven't been getting any alerts from Avast!.
  • 0

#6
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Okay, thanks for the clarification on the CD Emulation software and on the router.

Your currently using an outdated version of Internet Explorer on your computer. I suggest you update to the latest version which is 8. Link: http://www.microsoft...wide-sites.aspx


Do you have any idea what program this file belongs to/what it does?

C:\Program Files\Gravity\EuphRO2\System\RagII.exe

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
    :OTL
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    [2010/07/11 00:55:14 | 000,867,892 | ---- | M] () -- C:\Documents and Settings\Bradley\Desktop\SecurityCheck.exe
    [2010/07/10 22:06:40 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Bradley\Desktop\esetsmartinstaller_enu.exe
    [2010/07/10 15:33:27 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bradley\Desktop\mbam-setup.exe
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [start explorer]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

  • 0

#7
Cheap-o

Cheap-o

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Yeah, that file is the exe for a game I used to play. It's been on here for years now, so I'm pretty sure it's harmless.

I got 2 errors after OTL restarted my computer this time. The first was this:

ie4uinit.exe - Entry Point Not Found

The procedure entry point RunSetupCommandW could not be located in the dynamic link library ADVPACK.dll

The second was after the desktop was mostly loaded and was just a general error at the top of the bar. It said:

C:\WINDOWS\daemon.dll error.

Also, during the running of JavaRa, it crashed. I started it again, and it said everything had been uninstalled and produced this logfile:

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Jul 14 18:41:54 2010

Found and removed: C:\Program Files\Java\jre1.6.0_02

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: C:\Documents and Settings\Bradley\Application Data\Sun\Java\jre1.6.0_11

Found and removed: C:\Documents and Settings\Bradley\Application Data\Sun\Java\jre1.6.0_12

Found and removed: C:\Documents and Settings\Bradley\Application Data\Sun\Java\jre1.6.0_13

Found and removed: C:\Documents and Settings\Bradley\Application Data\Sun\Java\jre1.6.0_14

Found and removed: C:\Documents and Settings\Bradley\Application Data\Sun\Java\jre1.6.0_17

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_09

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: Software\Classes\JavaPlugin.160_02

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_02

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Jul 14 18:42:33 2010

------------------------------------

Finished reporting.



Here is the logfile from OTL:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\Documents and Settings\Bradley\Desktop\SecurityCheck.exe moved successfully.
C:\Documents and Settings\Bradley\Desktop\esetsmartinstaller_enu.exe moved successfully.
C:\Documents and Settings\Bradley\Desktop\mbam-setup.exe moved successfully.
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bradley
->Temp folder emptied: 160135 bytes
->Temporary Internet Files folder emptied: 1164406 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 58527617 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 671 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33192 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 434 bytes

User: Shawn
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 27590467 bytes
%systemroot%\System32\dllcache .tmp files removed: 1533440 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 170182 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 85.00 mb


[EMPTYFLASH]

User: All Users

User: Bradley
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Shawn
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.9.0 log created on 07142010_184406

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Bradley\Local Settings\Temporary Internet Files\Content.IE5\YWTF19JR\3881132539[1].htm not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_4d4.dat not found!

Registry entries deleted on Reboot...

Thank you!
  • 0

#8
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Not sure about those error messages..

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



NEXT:



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Clean-Up
Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.



NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE
  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here
    • If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
      • NoScript - for blocking ads and other potential website attacks
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.
  • 0

#9
Cheap-o

Cheap-o

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
All done! Thanks a lot for your help. I really appreciate it!
  • 0

#10
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Your more than welcome. I'm glad I was able to be of assistance.

Cheers,
ST.
  • 0

#11
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP