Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Sdra64.exe

Started by Steveoebi , Aug 16 2010 02:22 AM

  • Please log in to reply

#1
Steveoebi
Posted 16 August 2010 - 02:22 AM

Steveoebi

    New Member

  • Member
  • Pip
  • 6 posts
I've got a warning from Microsoft Security Essential saying I have a virus to clean saying I have gotten for 2 days. MSE didn't get rid of it. Kaspersky didn't. Malwarebytes didn't. It found 15 infections, but it's still here. I can't open regedit or else it'll shut down. I get BSoD when I try and go into safe mode, and when I try Reg Explorer it won't find sdra64.exe Here's my OTL logs.

OTL logfile created on: 8/15/2010 8:00:18 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Adrian\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 145.29 Gb Free Space | 62.39% Space Free | Partition Type: NTFS
Drive D: | 637.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EVILDUCKS-WILL-
Current User Name: Adrian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/15 19:32:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adrian\My Documents\Downloads\OTL.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/25 21:40:42 | 000,203,312 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2009/10/28 08:54:35 | 002,923,192 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2009/10/09 02:36:15 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/08 15:51:34 | 002,814,976 | ---- | M] (WhatPulse.org) -- C:\Program Files\WhatPulse\WhatPulse.exe
PRC - [2008/05/01 10:52:02 | 000,225,280 | ---- | M] () -- C:\Program Files\Wonderful\wonderfl.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/11 11:51:50 | 002,136,064 | ---- | M] (OrdinarySoft) -- C:\Program Files\Vista Start Menu\VistaStartMenu.exe
PRC - [2007/08/31 13:58:50 | 000,357,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2006/11/02 11:21:18 | 000,156,160 | ---- | M] () -- C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe


========== Modules (SafeList) ==========

MOD - [2010/08/15 19:32:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adrian\My Documents\Downloads\OTL.exe
MOD - [2008/05/01 10:52:02 | 000,040,960 | ---- | M] (Eric Heimburg) -- C:\Program Files\Wonderful\wondppet.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/05 13:34:42 | 000,020,992 | ---- | M] (OrdinarySoft) -- C:\Program Files\Vista Start Menu\VistaStartMenu.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\VentSrv\ventrilo_svc.exe -- (Ventrilo)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2010/03/31 11:26:00 | 003,612,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2003/05/19 16:07:38 | 000,086,016 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\nielprt.sys -- (nielprt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nielgfx.sys -- (NielGfx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2010/08/14 12:48:48 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/03/31 11:05:51 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 19:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/08/09 16:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2009/04/02 15:51:29 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/09/23 09:45:32 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/09/23 09:45:31 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/06 04:30:00 | 007,429,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/07/09 20:56:00 | 004,449,280 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/26 18:15:22 | 000,061,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2006/11/27 03:33:54 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/11/27 03:33:50 | 000,058,368 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/28 04:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/06/26 11:24:28 | 000,004,224 | ---- | M] (FSPro Labs) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\lmpc2.sys -- (LMPC2)
DRV - [2005/08/22 16:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 16:06:16 | 000,244,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/08/22 16:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 16 53 9A AA E3 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.babylo...=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.eddieizza...index-main.php"
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.45
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.5
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.6.0.15
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.20100626
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.736
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.5
FF - prefs.js..network.proxy.pong: ""
FF - prefs.js..network.proxy.pong_port: 0
FF - prefs.js..network.proxy.socks_version: 0


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin File not found
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/05 00:34:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/06 08:05:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/03 02:01:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2008/06/19 02:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\Mozilla\Extensions
[2010/08/14 18:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\wfbi5egt.default\extensions
[2009/06/14 22:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\wfbi5egt.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2009/03/04 05:10:11 | 000,000,000 | ---D | M] (PONG!) -- C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\wfbi5egt.default\extensions\{1368F36C-0370-419a-A408-28F94FD35974}
[2009/08/12 16:03:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\wfbi5egt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/02 15:09:38 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\wfbi5egt.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009/08/23 21:13:15 | 000,000,000 | ---D | M] (Alienware Invader v1.2) -- C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\wfbi5egt.default\extensions\{5476e6b0-3de0-11dd-ae16-0800200c9a66}
[2009/11/17 01:22:31 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\wfbi5egt.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010/05/03 23:18:09 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\wfbi5egt.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2009/11/09 13:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\wfbi5egt.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/08/02 15:08:41 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\wfbi5egt.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/12/10 00:18:55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\wfbi5egt.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2008/06/28 20:11:52 | 000,000,000 | ---D | M] (STOP! Hammertime!) -- C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\wfbi5egt.default\extensions\{f274730f-db76-4942-97ba-7984ab94f854}
[2010/08/02 15:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\wfbi5egt.default\extensions\[email protected]
[2009/11/09 13:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\wfbi5egt.default\extensions\[email protected]
[2009/12/10 11:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\wfbi5egt.default\extensions\[email protected]
[2010/08/02 15:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\wfbi5egt.default\extensions\[email protected]
[2010/08/02 15:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\wfbi5egt.default\extensions\[email protected]
[2009/04/28 19:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\wfbi5egt.default\extensions\[email protected]
[2009/11/13 03:25:04 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\wfbi5egt.default\searchplugins\conduit.xml
[2008/06/19 19:33:33 | 000,002,377 | ---- | M] () -- C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\wfbi5egt.default\searchplugins\kongregate.xml
[2010/08/02 14:50:59 | 000,000,946 | ---- | M] () -- C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\wfbi5egt.default\searchplugins\merriam-webster-dictionary.xml
[2008/10/05 19:36:18 | 000,002,157 | ---- | M] () -- C:\Documents and Settings\Adrian\Application Data\Mozilla\Firefox\Profiles\wfbi5egt.default\searchplugins\youtube-video-search.xml
[2010/08/14 18:42:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/14 12:37:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2009/10/28 08:54:26 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2010/08/14 13:11:49 | 000,321,343 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 www.spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 secure.spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 knocker
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 11099 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe ()
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [FlashMute] C:\Program Files\FlashMute\flashmute.exe ()
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [VistaStartMenu] C:\Program Files\Vista Start Menu\VistaStartMenu.exe (OrdinarySoft)
O4 - HKCU..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe (WhatPulse.org)
O4 - Startup: C:\Documents and Settings\Adrian\Start Menu\Programs\Startup\Eddie izzard.url ()
O4 - Startup: C:\Documents and Settings\Adrian\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Adrian\Start Menu\Programs\Startup\The Wonderful Icon.lnk = C:\Program Files\Wonderful\wonderfl.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictCpl = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrivesInSendToMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecycleFiles = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceRecycleBinSize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeWebView = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeThisFolder = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebView = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontShowSuperHidden = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDisconnect = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNtSecurity = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceMaxRecentDocs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTips = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PromptRunasInstallNetPath = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartRunNoHOMEPATH = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0? = nwiz.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1? = reader_sl.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2? = nerocheck.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4? = skytel.exe (Realtek Semiconductor Corp.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5? = alcmtr.exe (Realtek Semiconductor Corp.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 6? = glass2k.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 7? = ipoint.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 8? = hpwuschd2.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 9? = hpqsrmon.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 10? = reminderapp.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 11? = newlock.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 12? = connectionmanager.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 13? = isw.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 14? = qttask.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 15? = ituneshelper.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 16? = cfp.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 17? = jusched.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 18? = egui.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 19? = cs4servicemanager.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 20? = hpqtra08.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 21? = osa.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 22? = lightscribecontrolpanel.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 24? = vistastartmenu.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 25? = googleupdate.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 26? = flashmute.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 27? = yahoomessenger.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 28? = livestation.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 29? = vidalia.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 30? = quickstart.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 31? = wonderfl.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 32? = newadmin.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://messenger.zon...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} http://appdirectory....ap/PhtPkMSN.cab (PhotoPickConvert Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopet...v/GoPetsWeb.cab (GoPetsWeb Control)
O16 - DPF: CabBuilder http://kiw.imgag.com...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\fsp_lmwl: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:1 () - http://www.eddieizza...ngs/tetrizz.izz
O24 - Desktop WallPaper: C:\WINDOWS\AW_XenoMorph1280.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\AW_XenoMorph1280.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/15 20:29:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1998/01/08 22:06:18 | 000,000,040 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465059307421696)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/15 16:51:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/15 16:51:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/15 16:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/14 12:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/08/14 12:35:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010/08/14 12:35:38 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/08/14 12:15:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/08/12 14:16:10 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2010/08/11 23:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/08/11 23:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Chart Controls
[2010/08/11 23:24:51 | 000,000,000 | ---D | C] -- C:\UDK
[2010/08/10 12:57:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adrian\Application Data\.minecraft
[2010/08/09 10:30:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Adrian\Recent
[2010/08/03 05:19:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/08/01 16:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adrian\Application Data\Toribash
[2010/08/01 16:50:46 | 000,000,000 | ---D | C] -- C:\Games
[2010/08/01 06:01:34 | 000,068,096 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2010/08/01 06:01:15 | 000,000,000 | ---D | C] -- C:\Starcraft
[2010/06/10 13:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/06/07 12:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/06/06 16:25:51 | 000,000,000 | ---D | C] -- C:\ultimate_mac-10_sounds
[2010/06/05 04:26:15 | 000,764,432 | ---- | C] (The Nielsen Company) -- C:\netsight_setup_5.2.4.10_MP_Production_mid60558120425_p.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[19 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Adrian\My Documents\*.tmp files -> C:\Documents and Settings\Adrian\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/15 20:03:40 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Adrian\NTUSER.DAT
[2010/08/15 19:36:14 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Adrian\jagex_runescape_preferences2.dat
[2010/08/15 19:23:02 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-507921405-839522115-1005UA.job
[2010/08/15 19:21:38 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Adrian\jagex_runescape_preferences.dat
[2010/08/15 19:12:52 | 000,000,206 | -HS- | M] () -- C:\WINDOWS\KLIF.spi
[2010/08/15 18:57:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/15 18:55:20 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/15 18:49:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/15 18:49:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/15 18:48:50 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Adrian\ntuser.ini
[2010/08/15 16:51:17 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/14 12:48:48 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/08/14 12:48:46 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/08/14 12:48:46 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/08/13 14:48:03 | 000,232,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 01:11:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/13 01:09:51 | 000,501,230 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/13 01:09:51 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/13 01:09:51 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/12 16:20:22 | 000,106,496 | ---- | M] () -- C:\Documents and Settings\Adrian\Application Data\zigkgwy.exe
[2010/08/12 10:45:57 | 000,000,222 | RHS- | M] () -- C:\boot.ini
[2010/08/12 07:37:06 | 000,106,496 | ---- | M] () -- C:\Documents and Settings\Adrian\Application Data\pqovczv.exe
[2010/08/12 07:28:40 | 000,106,496 | ---- | M] () -- C:\Documents and Settings\Adrian\Application Data\eejnits.exe
[2010/08/12 07:23:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-507921405-839522115-1005Core.job
[2010/08/12 00:17:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Adrian\jagex__preferences3.dat
[2010/08/10 18:43:00 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\Adrian\Desktop\Alien Swarm.url
[2010/08/10 09:31:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/07 09:46:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/02 14:59:44 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Adrian\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/02 14:59:44 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/01 16:51:05 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\Adrian\Desktop\Toribash.lnk
[2010/08/01 10:06:35 | 001,576,778 | -H-- | M] () -- C:\Documents and Settings\Adrian\Local Settings\Application Data\IconCache.db
[2010/08/01 06:01:35 | 000,009,807 | ---- | M] () -- C:\WINDOWS\scunin.dat
[2010/08/01 06:01:34 | 000,068,096 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2010/08/01 06:01:34 | 000,000,967 | ---- | M] () -- C:\WINDOWS\ScUnin.pif
[2010/07/31 01:01:34 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/07/31 01:00:43 | 000,000,699 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/07 13:58:08 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/06/05 04:32:24 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_nielprt_01007.Wdf
[2010/06/05 04:32:23 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/06/05 04:26:43 | 000,764,432 | ---- | M] (The Nielsen Company) -- C:\netsight_setup_5.2.4.10_MP_Production_mid60558120425_p.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[19 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Adrian\My Documents\*.tmp files -> C:\Documents and Settings\Adrian\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/15 19:12:52 | 000,000,206 | -HS- | C] () -- C:\WINDOWS\KLIF.spi
[2010/08/15 16:51:17 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/14 12:37:14 | 000,113,933 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/08/14 12:37:14 | 000,097,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/08/13 03:19:02 | 000,420,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/12 16:20:20 | 000,106,496 | ---- | C] () -- C:\Documents and Settings\Adrian\Application Data\zigkgwy.exe
[2010/08/12 07:37:06 | 000,106,496 | ---- | C] () -- C:\Documents and Settings\Adrian\Application Data\pqovczv.exe
[2010/08/12 07:28:37 | 000,106,496 | ---- | C] () -- C:\Documents and Settings\Adrian\Application Data\eejnits.exe
[2010/08/12 00:17:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Adrian\jagex__preferences3.dat
[2010/08/12 00:17:00 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Adrian\jagex_runescape_preferences2.dat
[2010/08/12 00:15:46 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Adrian\jagex_runescape_preferences.dat
[2010/08/10 18:43:00 | 000,000,213 | ---- | C] () -- C:\Documents and Settings\Adrian\Desktop\Alien Swarm.url
[2010/08/02 14:59:44 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/01 16:51:05 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\Adrian\Desktop\Toribash.lnk
[2010/08/01 06:01:35 | 000,009,807 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/08/01 06:01:34 | 000,000,967 | ---- | C] () -- C:\WINDOWS\ScUnin.pif
[2010/07/31 01:07:30 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/31 01:01:34 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/05 04:32:24 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_nielprt_01007.Wdf
[2010/06/05 04:32:23 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/03/31 11:05:51 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/01/21 05:11:15 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Adrian\Local Settings\Application Data\housecall.guid.cache
[2010/01/18 19:47:14 | 000,000,210 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/22 04:04:52 | 000,000,022 | ---- | C] () -- C:\WINDOWS\msnmsgr.exe.ini
[2009/01/25 10:55:21 | 000,000,016 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/11/01 15:38:15 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2008/10/09 22:36:49 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/09 22:36:49 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/10/05 23:01:09 | 000,000,224 | ---- | C] () -- C:\WINDOWS\wslam.ini
[2008/09/10 17:16:44 | 000,001,817 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/09/01 01:41:08 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/06/08 22:16:08 | 000,002,336 | ---- | C] () -- C:\WINDOWS\inty.ini
[2008/06/08 22:16:08 | 000,000,001 | ---- | C] () -- C:\WINDOWS\Inty_Ult.ini
[2008/05/08 21:23:46 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Adrian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/02 10:07:21 | 000,000,966 | ---- | C] () -- C:\Documents and Settings\Adrian\Application Data\Invaders2005.txt
[2008/04/26 12:23:55 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/15 22:08:09 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/04/15 21:02:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/15 20:51:11 | 000,000,068 | ---- | C] () -- C:\WINDOWS\autmtst.ini
[2007/11/06 04:30:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/11/06 04:30:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/11/06 04:30:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/11/06 04:30:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/11/06 04:30:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/08/10 12:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\.minecraft
[2010/08/15 18:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\.purple
[2009/03/04 13:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\Armagetron
[2009/04/02 11:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\AT&T
[2008/12/11 21:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\DMCache
[2008/08/30 09:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\DNA
[2008/12/04 20:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\Elluminate
[2009/05/18 03:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\ESET
[2008/05/23 21:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\FLVPlayer4Free
[2010/08/09 12:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\gtk-2.0
[2010/04/03 17:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\ijjigame
[2008/04/20 03:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\ImgBurn
[2009/07/02 02:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\IObit
[2008/05/01 15:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\iPod Copy Expert
[2009/04/14 18:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\Livestation
[2009/04/14 18:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\Mchid
[2009/04/02 16:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\MSNInstaller
[2009/04/16 06:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\OpenOffice.org
[2009/02/02 03:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\Opera
[2010/04/23 07:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\Publish Providers
[2010/04/23 08:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\Sony
[2009/05/15 20:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\StanaPhone
[2009/07/24 07:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\SystemRequirementsLab
[2010/04/08 16:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\TeamViewer
[2010/08/11 23:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\Vista Start Menu
[2009/11/17 07:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Application Data\WhatPulse
[2009/05/31 04:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/03/04 13:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Armagetron
[2009/04/02 11:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2009/05/16 13:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
[2009/05/18 03:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008/04/18 08:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/05/22 17:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/05/22 04:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/07/31 18:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/10/28 18:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2009/04/04 05:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/10/28 18:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2008/04/15 22:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBC Yahoo!
[2010/04/23 07:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/08/03 05:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/02 12:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/09/19 16:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/03 11:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/06/04 21:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/08/15 18:55:20 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/06/07 13:58:08 | 000,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/11 23:17:56 | 006,268,134 | ---- | M] () -- C:\06 Minute of Decay.mp3
[2008/10/14 16:17:08 | 000,003,866 | ---- | M] () -- C:\121237190011.stk
[2009/02/22 06:33:23 | 000,939,956 | ---- | M] () -- C:\7z465.exe
[2009/03/10 02:26:17 | 000,000,000 | ---- | M] () -- C:\acemtwse.exe
[2009/03/10 02:34:54 | 001,487,417 | ---- | M] () -- C:\acemtwse.exe.part
[2009/03/12 04:50:48 | 009,525,969 | ---- | M] (Adobe Systems Incorporated) -- C:\ADBEFLPRCS3_WWE.exe.part
[2009/06/29 19:07:33 | 026,739,584 | ---- | M] ( ) -- C:\AdbeRdr910_en_US.exe
[2008/05/02 16:47:36 | 000,000,706 | ---- | M] () -- C:\Armagetron.lnk
[2008/04/15 20:29:41 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/12 10:45:57 | 000,000,222 | RHS- | M] () -- C:\boot.ini
[2008/04/15 20:29:41 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/04/12 23:34:36 | 031,305,216 | ---- | M] () -- C:\eav_nt32_enu.msi
[2009/05/16 12:58:01 | 036,019,200 | ---- | M] () -- C:\ess_nt32_enu.msi
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/12/01 23:50:18 | 000,000,506 | ---- | M] () -- C:\FILE_ID.DIZ
[2009/05/30 19:57:22 | 000,142,960 | ---- | M] () -- C:\fmb.exe
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2009/02/27 07:25:29 | 000,000,928 | ---- | M] () -- C:\Install.jnlp
[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/04/03 17:39:31 | 001,878,888 | ---- | M] (Adobe Systems Incorporated) -- C:\install_flash_player.exe
[2008/04/15 20:29:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/11/10 23:46:04 | 000,834,153 | ---- | M] () -- C:\jnes_0_6.exe
[2009/04/03 19:11:39 | 001,002,752 | ---- | M] (Microsoft Corporation) -- C:\JournalViewer1.5_KB886179_ENU.exe
[2009/04/14 18:57:25 | 018,537,984 | ---- | M] () -- C:\Livestation-2.7.0.msi
[2010/04/12 10:57:56 | 005,918,800 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2009/04/18 13:56:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/02/25 12:56:38 | 000,508,897 | ---- | M] () -- C:\MSMS6-73.31399.rtf
[2009/06/16 11:16:24 | 000,021,353 | ---- | M] () -- C:\MSMS6-75.69181.rtf
[2009/04/02 16:47:00 | 007,330,816 | ---- | M] (Microsoft Corporation) -- C:\msnsusii.exe
[2009/12/02 05:43:35 | 009,034,488 | ---- | M] (Microsoft Corporation) -- C:\mssefullinstall-x86fre-en-us-xp.exe
[2010/06/05 04:26:43 | 000,764,432 | ---- | M] (The Nielsen Company) -- C:\netsight_setup_5.2.4.10_MP_Production_mid60558120425_p.exe
[2009/10/28 13:24:06 | 000,000,159 | ---- | M] () -- C:\NGM.log
[2010/06/05 04:27:33 | 000,000,439 | ---- | M] () -- C:\nsinst.log
[2004/08/03 23:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/04/24 14:28:20 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2009/04/16 06:16:01 | 149,353,184 | ---- | M] () -- C:\OOo_3.0.1_Win32Intel_install_wJRE_en-US.exe
[2010/08/15 18:49:42 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/06/17 16:19:39 | 000,482,336 | ---- | M] (RealNetworks, Inc.) -- C:\RealPlayer11GOLD.exe
[2009/03/27 03:21:44 | 000,910,617 | ---- | M] () -- C:\rename_your_file(10).mp3
[2009/04/23 11:36:04 | 002,456,510 | ---- | M] () -- C:\rename_your_file(11).mp3
[2009/04/15 03:37:06 | 002,426,409 | ---- | M] () -- C:\rename_your_file(12).mp3
[2009/04/15 12:44:50 | 001,740,461 | ---- | M] () -- C:\rename_your_file(13).mp3
[2009/02/23 17:58:23 | 001,498,288 | ---- | M] () -- C:\rename_your_file(2).mp3
[2009/02/23 18:11:14 | 001,327,173 | ---- | M] () -- C:\rename_your_file(3).mp3
[2009/03/04 12:25:50 | 001,049,970 | ---- | M] () -- C:\rename_your_file(4).mp3
[2009/03/29 06:26:49 | 002,575,949 | ---- | M] () -- C:\rename_your_file(5).mp3
[2009/03/06 15:02:24 | 003,754,200 | ---- | M] () -- C:\rename_your_file(6).mp3
[2009/03/13 00:36:05 | 001,171,397 | ---- | M] () -- C:\rename_your_file(7).mp3
[2009/03/23 23:24:03 | 001,855,626 | ---- | M] () -- C:\rename_your_file(8).mp3
[2009/03/21 04:03:35 | 000,612,896 | ---- | M] () -- C:\rename_your_file(9).mp3
[2009/02/22 11:45:35 | 002,183,604 | ---- | M] () -- C:\rename_your_file.mp3
[2010/04/12 10:56:36 | 000,363,520 | ---- | M] () -- C:\rkill.com
[2010/04/12 10:56:43 | 000,000,319 | ---- | M] () -- C:\rkill.log
[2009/08/10 02:11:42 | 353,207,487 | ---- | M] () -- C:\S4League.zip
[2009/04/02 17:14:29 | 023,608,320 | ---- | M] (PC Tools ) -- C:\sdsetup.exe
[2009/04/12 22:46:14 | 032,793,088 | ---- | M] () -- C:\setupeng(2).exe
[2009/03/23 21:36:05 | 032,793,088 | ---- | M] () -- C:\setupeng.exe
[2009/03/23 18:22:45 | 000,000,000 | ---- | M] () -- C:\setupengpro.exe
[2009/03/23 18:28:23 | 000,678,900 | ---- | M] () -- C:\setupengpro.exe.part
[2010/06/07 12:30:10 | 006,259,064 | ---- | M] (Microsoft Corporation) -- C:\Silverlight.exe
[2009/06/06 07:06:51 | 005,142,528 | ---- | M] () -- C:\skold - dead god - 03 - i hate.mp3
[2009/06/29 19:05:26 | 000,662,466 | ---- | M] () -- C:\SocialStudies6.pdf
[2008/05/08 20:46:01 | 000,377,488 | ---- | M] () -- C:\The Drugs Song.mp3
[2010/05/05 00:30:42 | 000,001,166 | ---- | M] () -- C:\updatedatfix.log
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2009/04/18 08:43:50 | 008,350,750 | ---- | M] () -- C:\vidalia-bundle-0.2.0.34-0.1.10.exe
[2009/06/29 16:12:48 | 014,286,592 | ---- | M] (Sunbelt Software ) -- C:\vipre.exe
[2009/04/18 13:45:53 | 016,742,799 | ---- | M] () -- C:\vlc-0.9.9-win32.exe
[2009/04/03 19:07:27 | 000,897,920 | ---- | M] (Microsoft Corporation) -- C:\WGAPluginInstall.exe
[2009/04/03 22:51:51 | 001,143,656 | ---- | M] (Microsoft Corporation) -- C:\wlsetup-web(2).exe
[2009/11/20 21:23:36 | 001,146,184 | ---- | M] (Microsoft Corporation) -- C:\wlsetup-web(3).exe
[2009/04/02 16:56:43 | 001,143,656 | ---- | M] (Microsoft Corporation) -- C:\wlsetup-web.exe
[2009/12/09 04:38:40 | 270,305,943 | ---- | M] () -- C:\WolfET.exe
[2009/07/31 18:15:03 | 000,499,888 | ---- | M] (NCH Software) -- C:\wpsetup.exe
[2009/05/13 13:57:49 | 001,234,120 | ---- | M] () -- C:\wrar380.exe
[2009/08/08 17:59:12 | 003,316,416 | ---- | M] (Microsoft Corporation ) -- C:\XBOX360Eng.exe
[2009/08/08 18:03:16 | 018,797,672 | ---- | M] (Microsoft Corporation) -- C:\Xbox360_32Eng.exe
[2009/04/23 11:26:00 | 022,897,521 | ---- | M] () -- C:\ynManson-2009-Arma-Goddamn-Mother[bleep]in-Geddon_V0_.zip
[2008/04/15 22:09:19 | 000,000,146 | ---- | M] () -- C:\YServer.txt
[2009/02/25 12:57:06 | 000,000,162 | -H-- | M] () -- C:\~$MS6-73.31399.rtf

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/04/15 20:29:21 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/10/20 18:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >
[2004/07/10 19:37:00 | 000,479,385 | ---- | M] () -- C:\WINDOWS\ALX_1600x1200.jpg
[2004/07/10 19:37:00 | 000,325,841 | ---- | M] () -- C:\WINDOWS\AW_1600x1200.jpg
[2006/08/18 13:45:00 | 000,068,673 | ---- | M] () -- C:\WINDOWS\AW_XenoMorph1280.jpg
[2005/07/05 17:38:30 | 000,292,197 | ---- | M] () -- C:\WINDOWS\InvaderDark1280.jpg
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/04/15 15:19:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/04/15 15:19:15 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/04/15 15:19:15 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/04/24 14:39:46 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"RebootRelaunchTimeoutEnabled" = 1
"RebootRelaunchTimeout" = 60
"NoAutoUpdate" = 0

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-13 06:11:19

========== Alternate Data Streams ==========

@Alternate Data Stream - 508 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

OTL Extras logfile created on: 8/15/2010 8:00:18 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Adrian\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 145.29 Gb Free Space | 62.39% Space Free | Partition Type: NTFS
Drive D: | 637.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EVILDUCKS-WILL-
Current User Name: Adrian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"56915:TCP" = 56915:TCP:*:Enabled:Pando Media Booster
"56915:UDP" = 56915:UDP:*:Enabled:Pando Media Booster
"57950:TCP" = 57950:TCP:*:Enabled:Pando Media Booster
"57950:UDP" = 57950:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"c:\sdslkkn.exe" = c:\sdslkkn.exe:*:Enabled:test -- File not found
"c:\immsdfbt.exe" = c:\immsdfbt.exe:*:Enabled:Windows Messenger -- File not found
"C:\DOCUME~1\Adrian\LOCALS~1\Temp\usbvuh.exe" = C:\DOCUME~1\Adrian\LOCALS~1\Temp\usbvuh.exe:*:Enabled:Windows Messenger -- File not found
"C:\DOCUME~1\Adrian\LOCALS~1\Temp\vpvrs.exe" = C:\DOCUME~1\Adrian\LOCALS~1\Temp\vpvrs.exe:*:Enabled:Windows Messenger -- File not found
"C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe" = C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe:*:Enabled:Windows Messenger -- File not found
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.)
"C:\Program Files\iCall\iCall.exe" = C:\Program Files\iCall\iCall.exe:*:Enabled:iCall -- File not found
"C:\Program Files\StanaPhone\StanaClient.exe" = C:\Program Files\StanaPhone\StanaClient.exe:*:Enabled:StanaPhone (1.0.2.145) -- File not found
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\WINDOWS\Downloaded Program Files\PurpleBean.exe" = C:\WINDOWS\Downloaded Program Files\PurpleBean.exe:*:Enabled:PurpleBean.exe -- ()
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\NGM\NGM.exe" = C:\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe" = C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- ()
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
"C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A656F84-7C04-4705-B52F-074B2A941C74}" = PCI SoftV92 Modem
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6283826F-59A2-11D9-BB04-000AE6BE6EE7}" = On-line Help Console
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C627F78-DBB9-4293-AA89-E83119C39CE9}" = Greeting Card Factory Photo Card Maker
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Arcade Classic Pack_is1" = Arcade Classic Pack 5.10
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combat Arms" = Combat Arms
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab HD Decrypter 4_is1" = DVDFab HD Decrypter 4.1.2.0
"ffdshow_is1" = ffdshow [rev 2183] [2008-10-07]
"Fraps" = Fraps (remove only)
"Game Booster_is1" = Game Booster
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"Lock My PC_is1" = Lock My PC 3.6 for Windows 98*Steveoebi and Windows 2000/XP
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PC Pitstop Optimize2_is1" = PC Pitstop Optimize2 2.0
"Picasa2" = Picasa 2
"Pidgin" = Pidgin
"PMPro PSP Video Converter_is1" = PMPro PSP Video Converter 2.0
"RadialpointClientGateway_is1" = AT&T Internet Security Wizard 1.5.11
"RealPlayer 12.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"Smart Defrag_is1" = Smart Defrag
"Starcraft" = Starcraft
"Steam App 400" = Portal
"Steam App 630" = Alien Swarm
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 5" = TeamViewer 5
"The Wonderful Icon" = The Wonderful Icon
"UDK-e31c830e-5628-40a5-bef1-024bb28e98db" = Unreal Development Kit: 2010-07
"Vista Start Menu" = Vista Start Menu
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WhatPulse" = WhatPulse 1.6.2.1
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Applications" = AT&T Yahoo! Applications

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"JScreenFix deluxe" = JScreenFix deluxe

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/15/2009 3:16:42 PM | Computer Name = EVILDUCKS-WILL- | Source = Application Error | ID = 1000
Description = Faulting application reactor.exe, version 1.0.0.36, faulting module
miracleui.dll, version 1.0.0.46, fault address 0x0001438e.

Error - 10/21/2009 10:02:07 PM | Computer Name = EVILDUCKS-WILL- | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 9.0.1.8, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/31/2009 5:53:05 AM | Computer Name = EVILDUCKS-WILL- | Source = Application Error | ID = 1000
Description = Faulting application engine.exe, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 10/31/2009 8:49:00 AM | Computer Name = EVILDUCKS-WILL- | Source = Application Error | ID = 1000
Description = Faulting application engine.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 10/31/2009 8:49:24 AM | Computer Name = EVILDUCKS-WILL- | Source = Application Error | ID = 1000
Description = Faulting application engine.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/6/2009 5:02:41 AM | Computer Name = EVILDUCKS-WILL- | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version 110.0.180.0, faulting module
unknown, version 0.0.0.0, fault address 0x003a019a.

Error - 11/9/2009 1:06:39 AM | Computer Name = EVILDUCKS-WILL- | Source = Application Hang | ID = 1002
Description = Hanging application pidgin.exe, version 2.5.8.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/12/2009 7:12:34 AM | Computer Name = EVILDUCKS-WILL- | Source = Application Hang | ID = 1002
Description = Hanging application left4dead2.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/14/2009 10:41:05 PM | Computer Name = EVILDUCKS-WILL- | Source = Google Update | ID = 20
Description =

Error - 11/14/2009 11:41:05 PM | Computer Name = EVILDUCKS-WILL- | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 8/15/2010 8:00:25 PM | Computer Name = EVILDUCKS-WILL- | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147575279

User:
NT AUTHORITY\SYSTEM Name: Trojan:Win32/Meredrop ID: 2147575279 Severity: Severe Category:
Trojan Path: Action: %%808 Error Code: 0x80508023 Error description: The program could
not find the spyware and other potentially unwanted software on this computer.
Status: Signature Version: AV: 1.87.1941.0, AS: 1.87.1941.0 Engine Version: 1.1.6004.0

Error - 8/15/2010 8:00:25 PM | Computer Name = EVILDUCKS-WILL- | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147574973

User:
NT AUTHORITY\SYSTEM Name: Trojan:Win32/Ircbrute ID: 2147574973 Severity: Severe Category:
Trojan Path: Action: %%808 Error Code: 0x80508023 Error description: The program could
not find the spyware and other potentially unwanted software on this computer.
Status: Signature Version: AV: 1.87.1941.0, AS: 1.87.1941.0 Engine Version: 1.1.6004.0

Error - 8/15/2010 8:00:28 PM | Computer Name = EVILDUCKS-WILL- | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147575279

User:
EVILDUCKS-WILL-\Adrian Name: Trojan:Win32/Meredrop ID: 2147575279 Severity: Severe

Category:
Trojan Path: Action: %%808 Error Code: 0x80508023 Error description: The program could
not find the spyware and other potentially unwanted software on this computer.
Status: Signature Version: AV: 1.87.1941.0, AS: 1.87.1941.0 Engine Version: 1.1.6004.0

Error - 8/15/2010 8:00:28 PM | Computer Name = EVILDUCKS-WILL- | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147574973

User:
EVILDUCKS-WILL-\Adrian Name: Trojan:Win32/Ircbrute ID: 2147574973 Severity: Severe

Category:
Trojan Path: Action: %%808 Error Code: 0x80508023 Error description: The program could
not find the spyware and other potentially unwanted software on this computer.
Status: Signature Version: AV: 1.87.1941.0, AS: 1.87.1941.0 Engine Version: 1.1.6004.0

Error - 8/15/2010 8:11:40 PM | Computer Name = EVILDUCKS-WILL- | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147574973

User:
EVILDUCKS-WILL-\Adrian Name: Trojan:Win32/Ircbrute ID: 2147574973 Severity: Severe

Category:
Trojan Path: Action: %%808 Error Code: 0x80508023 Error description: The program could
not find the spyware and other potentially unwanted software on this computer.
Status: Signature Version: AV: 1.87.1941.0, AS: 1.87.1941.0 Engine Version: 1.1.6004.0

Error - 8/15/2010 8:21:27 PM | Computer Name = EVILDUCKS-WILL- | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147575279

User:
EVILDUCKS-WILL-\Adrian Name: Trojan:Win32/Meredrop ID: 2147575279 Severity: Severe

Category:
Trojan Path: Action: %%808 Error Code: 0x80508023 Error description: The program could
not find the spyware and other potentially unwanted software on this computer.
Status: Signature Version: AV: 1.87.1941.0, AS: 1.87.1941.0 Engine Version: 1.1.6004.0

Error - 8/15/2010 8:21:30 PM | Computer Name = EVILDUCKS-WILL- | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147575279

User:
EVILDUCKS-WILL-\Adrian Name: Trojan:Win32/Meredrop ID: 2147575279 Severity: Severe

Category:
Trojan Path: Action: %%808 Error Code: 0x80508023 Error description: The program could
not find the spyware and other potentially unwanted software on this computer.
Status: Signature Version: AV: 1.87.1941.0, AS: 1.87.1941.0 Engine Version: 1.1.6004.0

Error - 8/15/2010 8:23:53 PM | Computer Name = EVILDUCKS-WILL- | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147575279

User:
EVILDUCKS-WILL-\Adrian Name: Trojan:Win32/Meredrop ID: 2147575279 Severity: Severe

Category:
Trojan Path: Action: %%808 Error Code: 0x80508023 Error description: The program could
not find the spyware and other potentially unwanted software on this computer.
Status: Signature Version: AV: 1.87.1941.0, AS: 1.87.1941.0 Engine Version: 1.1.6004.0

Error - 8/15/2010 8:23:53 PM | Computer Name = EVILDUCKS-WILL- | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147574973

User:
EVILDUCKS-WILL-\Adrian Name: Trojan:Win32/Ircbrute ID: 2147574973 Severity: Severe

Category:
Trojan Path: Action: %%808 Error Code: 0x80508023 Error description: The program could
not find the spyware and other potentially unwanted software on this computer.
Status: Signature Version: AV: 1.87.1941.0, AS: 1.87.1941.0 Engine Version: 1.1.6004.0

Error - 8/15/2010 8:23:59 PM | Computer Name = EVILDUCKS-WILL- | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147575279

User:
EVILDUCKS-WILL-\Adrian Name: Trojan:Win32/Meredrop ID: 2147575279 Severity: Severe

Category:
Trojan Path: Action: %%808 Error Code: 0x80508023 Error description: The program could
not find the spyware and other potentially unwanted software on this computer.
Status: Signature Version: AV: 1.87.1941.0, AS: 1.87.1941.0 Engine Version: 1.1.6004.0


< End of report >
  • 0

Advertisements

#2
Rorschach112
Posted 16 August 2010 - 10:25 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin File not found
O20 - Winlogon\Notify\fsp_lmwl: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
[2009/02/22 06:33:23 | 000,939,956 | ---- | M] () -- C:\7z465.exe
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"c:\sdslkkn.exe"=-
"c:\immsdfbt.exe"=-
"C:\DOCUME~1\Adrian\LOCALS~1\Temp\usbvuh.exe"=-
"C:\DOCUME~1\Adrian\LOCALS~1\Temp\vpvrs.exe"=-
"C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe"=-

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



  • Please download WVCheck by Artellos from one of the mirrors below;

    Artellos.com (exe)
    Artellos.com (zip)

  • After the download, run WVCheck.exe
  • As indicated by the prompt, This program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the notepad file as a reply.

  • 0

#3
Steveoebi
Posted 16 August 2010 - 05:01 PM

Steveoebi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin File not found
O20 - Winlogon\Notify\fsp_lmwl: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
[2009/02/22 06:33:23 | 000,939,956 | ---- | M] () -- C:\7z465.exe
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"c:\sdslkkn.exe"=-
"c:\immsdfbt.exe"=-
"C:\DOCUME~1\Adrian\LOCALS~1\Temp\usbvuh.exe"=-
"C:\DOCUME~1\Adrian\LOCALS~1\Temp\vpvrs.exe"=-
"C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe"=-

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



  • Please download WVCheck by Artellos from one of the mirrors below;

    Artellos.com (exe)
    Artellos.com (zip)

  • After the download, run WVCheck.exe
  • As indicated by the prompt, This program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the notepad file as a reply.


Windows Validation Check
Version: 1.8.8.3
Log Created On: 1749_16-08-2010
------------------------

Windows Information
-----------------------
Windows Version: Windows XP Service Pack 3
Windows Mode: Normal


WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
------------------------------
Last Success Time for Update Detection: 2010-08-16 21:18:43
Last Success Time for Update Download: 2010-08-12 21:53:27
Last Success Time for Update Installation: 2010-08-13 06:11:19


WVCheck's File Dump
-------------------
WVCheck found no known bad files.


WVCheck's Dir Dump
-------------------
C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
Size: 0 bytes
Matched: *Genuine?Advantage*
------------------------------
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
Size: 0 bytes
Matched: *Genuine?Advantage*
------------------------------


WVCheck's Missing File Check
-------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-------------------
user32.dll - b26b135ff1b9f60c9388b4a7d16f600b


-------- End of File, program close at 1751_16-08-2010 --------

Update, I can go into regedit now.

Edited by Steveoebi, 16 August 2010 - 05:04 PM.

  • 0

#4
Rorschach112
Posted 16 August 2010 - 05:04 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download CKScanner from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

  • 0

#5
Steveoebi
Posted 16 August 2010 - 08:24 PM

Steveoebi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\adrian\my documents\downloads\bonecracksniper\readme.txt
c:\documents and settings\adrian\my documents\downloads\bonecracksniper\sound\weapons\sniper_bolt_forward.sfk
c:\games\toribash-3.9\replay\head and nut cracker.rpl
scanner sequence 3.AB.11
----- EOF -----
  • 0

#6
Rorschach112
Posted 17 August 2010 - 06:17 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#7
Steveoebi
Posted 18 August 2010 - 12:00 AM

Steveoebi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ComboFix 10-08-17.03 - Adrian 08/18/2010 0:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1120 [GMT -5:00]
Running from: c:\documents and settings\Adrian\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\SET1D0.tmp
c:\recycler\k-1-3542-4232123213-7676767-8888886
C:\restore

.
((((((((((((((((((((((((( Files Created from 2010-07-18 to 2010-08-18 )))))))))))))))))))))))))))))))
.

2010-08-16 22:39 . 2010-08-16 22:39 -------- d-----w- C:\_OTL
2010-08-15 21:51 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-15 21:51 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-15 21:51 . 2010-08-15 21:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-14 23:22 . 2010-08-14 23:22 2157 ----a-w- c:\documents and settings\Adrian\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2010-08-14 17:15 . 2010-08-14 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-08-13 08:19 . 2010-08-13 08:19 420600 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-12 19:16 . 2010-08-12 19:16 -------- d-----w- C:\.jagex_cache_32
2010-08-12 12:28 . 2010-08-12 12:28 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-08-12 05:17 . 2010-08-12 05:17 0 ----a-w- c:\documents and settings\Adrian\jagex__preferences3.dat
2010-08-12 05:17 . 2010-08-17 12:36 99 ----a-w- c:\documents and settings\Adrian\jagex_runescape_preferences2.dat
2010-08-12 05:15 . 2010-08-17 10:44 46 ----a-w- c:\documents and settings\Adrian\jagex_runescape_preferences.dat
2010-08-12 04:25 . 2010-08-12 04:25 -------- d-----w- c:\program files\DIFX
2010-08-12 04:25 . 2006-07-02 03:39 36864 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2010-08-12 04:25 . 2010-08-12 04:25 -------- d-----w- c:\program files\Microsoft Chart Controls
2010-08-12 04:24 . 2010-08-12 15:45 -------- d-----w- C:\UDK
2010-08-10 17:57 . 2010-08-10 17:58 -------- d-----w- c:\documents and settings\Adrian\Application Data\.minecraft
2010-08-03 10:19 . 2010-08-03 10:19 -------- d-----w- c:\windows\Logs
2010-08-01 21:51 . 2010-08-01 21:51 -------- d-----w- c:\documents and settings\Adrian\Application Data\Toribash
2010-08-01 21:50 . 2010-08-01 21:50 -------- d-----w- C:\Games
2010-08-01 11:01 . 2010-08-01 11:01 9807 ----a-w- c:\windows\scunin.dat
2010-08-01 11:01 . 2010-08-01 11:01 967 ----a-w- c:\windows\ScUnin.pif
2010-08-01 11:01 . 2010-08-01 11:01 68096 ----a-w- c:\windows\ScUnin.exe
2010-08-01 11:01 . 2010-08-01 18:19 -------- d-----w- C:\Starcraft
2010-07-31 06:02 . 2010-07-31 06:02 65496 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-18 05:49 . 2008-09-11 03:39 -------- d-----w- c:\documents and settings\Adrian\Application Data\HPAppData
2010-08-18 05:48 . 2010-08-14 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-08-18 05:47 . 2010-05-13 18:00 -------- d-----w- c:\program files\Steam
2010-08-16 22:24 . 2008-08-02 20:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-15 23:15 . 2009-07-23 01:47 -------- d-----w- c:\documents and settings\Adrian\Application Data\.purple
2010-08-14 17:48 . 2010-08-14 17:48 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-08-14 17:48 . 2010-08-14 17:48 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-08-14 17:48 . 2010-08-14 17:48 133648 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-08-14 17:48 . 2010-08-14 17:48 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-08-14 17:48 . 2010-08-14 17:37 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-08-14 17:48 . 2010-08-14 17:37 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-08-14 17:48 . 2010-08-14 17:48 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-08-14 17:48 . 2010-08-14 17:48 133720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-08-14 17:48 . 2010-08-14 17:48 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-08-14 17:48 . 2010-08-14 17:48 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-08-14 17:35 . 2010-08-14 17:35 -------- d-----w- c:\program files\Kaspersky Lab
2010-08-12 04:33 . 2008-05-02 02:57 -------- d-----w- c:\documents and settings\Adrian\Application Data\Vista Start Menu
2010-08-09 17:42 . 2008-10-31 22:27 -------- d-----w- c:\documents and settings\Adrian\Application Data\gtk-2.0
2010-08-03 10:31 . 2008-05-01 20:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-02 13:04 . 2009-04-04 10:00 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2010-07-31 06:02 . 2009-12-02 10:45 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-31 03:43 . 2009-04-18 18:46 -------- d-----w- c:\program files\VideoLAN
2010-07-31 03:07 . 2009-04-16 11:20 1 ----a-w- c:\documents and settings\Adrian\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-30 12:31 . 2004-08-04 06:56 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 06:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 05:17 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 05:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 06:56 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-04-16 01:27 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 06:56 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-07 17:30 . 2010-06-07 17:29 6259064 ----a-w- C:\Silverlight.exe
2010-06-05 09:26 . 2010-06-05 09:26 764432 ----a-w- C:\netsight_setup_5.2.4.10_MP_Production_mid60558120425_p.exe
2010-06-02 09:55 . 2010-08-03 10:23 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 09:55 . 2010-08-03 10:23 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 09:55 . 2010-08-03 10:23 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-06-02 06:41 . 2010-04-18 10:53 439816 -c--a-w- c:\documents and settings\Adrian\Application Data\Real\Update\setup3.10\setup.exe
2010-06-01 17:37 . 2009-12-02 10:48 221568 -c----w- c:\windows\system32\MpSigStub.exe
2010-05-26 16:41 . 2010-08-03 10:23 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 16:41 . 2010-08-03 10:23 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 16:41 . 2010-08-03 10:23 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 16:41 . 2010-08-03 10:23 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 16:41 . 2010-08-03 10:23 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
"VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe" [2008-04-11 2136064]
"FlashMute"="c:\program files\FlashMute\FlashMute.exe" [2006-03-11 221184]
"Google Update"="c:\documents and settings\Adrian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-23 133104]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-10-28 2923192]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2009-04-08 2814976]
"Steam"="c:\program files\Steam\Steam.exe" [2010-05-13 1238352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776]
"nwiz"="nwiz.exe" [2007-11-06 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"ReminderApp"="c:\program files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe" [2006-11-02 156160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-09 198160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-21 340456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Adrian\Start Menu\Programs\Startup\
Eddie izzard.url [2008-6-18 358]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
The Wonderful Icon.lnk - c:\program files\Wonderful\wonderfl.exe [2008-5-1 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoVisualStyleChoice"= 0 (0x0)
"NoColorChoice"= 0 (0x0)
"NoSizeChoice"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"DisallowRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideClock"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-03-18 23:50 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2006-07-21 21:19 129536 -c--a-w- c:\progra~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\NGM\\NGM.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56915:TCP"= 56915:TCP:Pando Media Booster
"56915:UDP"= 56915:UDP:Pando Media Booster
"57950:TCP"= 57950:TCP:Pando Media Booster
"57950:UDP"= 57950:UDP:Pando Media Booster

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [3/31/2010 11:05 AM 33824]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
R3 LMPC2;LMPC2;c:\windows\system32\drivers\lmpc2.sys [6/10/2009 9:53 AM 4224]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 22:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-507921405-839522115-1005Core.job
- c:\documents and settings\Adrian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-23 01:31]

2010-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-507921405-839522115-1005UA.job
- c:\documents and settings\Adrian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-23 01:31]

2010-08-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40]

2010-08-16 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-12-28 21:48]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://search.babylon.com/home
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Adrian\Application Data\Mozilla\Firefox\Profiles\wfbi5egt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.eddieizzard.com/index-main.php
FF - component: c:\documents and settings\Adrian\Application Data\Mozilla\Firefox\Profiles\wfbi5egt.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Adrian\Application Data\Mozilla\Firefox\Profiles\wfbi5egt.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Adrian\Application Data\Mozilla\Firefox\Profiles\wfbi5egt.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\documents and settings\Adrian\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)
HKLM-Run-hpqSRMon - (no file)
MSConfigStartUp-AT&T Yahoo! Dial Connection Manager - c:\program files\SBC Yahoo!\Connection Manager\ConnectionManager.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-18 00:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2052111302-507921405-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{03e0ca59-8174-4bb1-addf-64cf13dcb39c}]
@Denied: (Full) (Everyone)
"Model"=dword:00000159
"Therad"=dword:00000002
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,37,ce,5f,33,19,69,0a,25,0a,ba,df,ba,41,70,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):58,2a,e5,54,b6,f2,a4,a4,02,8e,29,be,d5,c7,47,82,e9,99,5a,54,62,
94,8b,01,81,ee,51,c3,2e,6c,1b,af,1e,fc,a6,70,f8,b3,41,05,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3304)
c:\windows\system32\WININET.dll
c:\program files\FlashMute\mutelib.dll
c:\program files\Vista Start Menu\VistaStartMenu.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
c:\program files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
.
**************************************************************************
.
Completion time: 2010-08-18 00:56:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-18 05:55

Pre-Run: 156,875,870,208 bytes free
Post-Run: 156,693,049,344 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 6FEB48A7AF28599BD71D348D38ADF35B
  • 0

#8
Rorschach112
Posted 18 August 2010 - 05:15 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.



  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste the following:
    :Commands
[clearallrestorepoints]
  • Click the Run Fix button at the top
  • It might ask you to reboot, if so click YES



  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes



  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0

#9
Steveoebi
Posted 18 August 2010 - 02:41 PM

Steveoebi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you, but MSE is having a pop up saying I have a Trojan:Win32/Ircbrute. Could it be a false positive?
  • 0

#10
Rorschach112
Posted 18 August 2010 - 02:43 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
where is it saying it is
  • 0

#11
Steveoebi
Posted 19 August 2010 - 02:13 AM

Steveoebi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
file:C:\System Volume Information\_restore{FA174B57-ECD2-4BBC-85E6-3316107ADAE2}\RP472\A0332229.exe
  • 0

#12
Rorschach112
Posted 19 August 2010 - 06:13 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
if you did the steps in my above post, that would be gone
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP