[xCami]

So today I got a virus, I couldn't get a good look at the name of it before I flipped out and immediately did a system restore. All I know is that it downloaded porn to my computer and tried to remove Malwarbytes and kept popping up alerts (I'm sure that narrows it down lol)

After I did the system restore and my computer was in the process of booting up, it got stuck on a page called PCI Device Listing and it says a bunch of stuff

Then at the bottom it says:
Verifying DMI Pool Data........
Boot from CD:
Boot from CD:
Boot from CD:

and it stuck there I restarted it, attempted to go into safe mode, same thing happened again.
And I don't have the Windows Operating System Disk either :/ Help?

Oh and I'm sorry if this is in the incorrect place, I couldn't quite figure out which forum to post it in

Edited by xCami, 27 October 2010 - 10:30 AM.

[Advertisements]

Hello xCami

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

• Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
• Please do not do anything or perform other steps unless I have asked you to do so.
• Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

OK this file is big Print these instruction out so that you know what you are doing

Its seems you are not able to do anything on the infected machine so you need to use a alternative computer to do the below steps

Two programmes to download

First

ISOBurner this will allow you to burn REATOGO-X-PE ISO to a cd and make it bootable. Just install the programme, from there on in it is fairly automatic. Instructions

Second

• Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
• When downloaded double click and this will then open ISOBurner to burn the file to CD
• Reboot your system using the boot CD you just created.
  
  Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
• Double-click on the OTLPE icon.
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the C:\OTL.txt file in your reply.

[ali.B]

Hello xCami

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

• Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
• Please do not do anything or perform other steps unless I have asked you to do so.
• Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

OK this file is big Print these instruction out so that you know what you are doing

Its seems you are not able to do anything on the infected machine so you need to use a alternative computer to do the below steps

Two programmes to download

First

ISOBurner this will allow you to burn REATOGO-X-PE ISO to a cd and make it bootable. Just install the programme, from there on in it is fairly automatic. Instructions

Second

• Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
• When downloaded double click and this will then open ISOBurner to burn the file to CD
• Reboot your system using the boot CD you just created.
  
  Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
• Double-click on the OTLPE icon.
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the C:\OTL.txt file in your reply.

[xCami]

When I click the OTLPE.iso link I get a 404

[Essexboy]

There are new links - I will post them and then hand you back to Ali

Please print these instruction out so that you know what you are doing

OTLPEStd.exe
MD5=107440596207871822220183734CF7C4
98,217,771bytes / 93.6MB

• Download OTLPEStd.exe to your desktop
• Ensure that you have a blank CD in the drive
• Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
  
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  
  
• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[xCami]

Wow, after I booted up the system using a CD, the system restore screen came up saying the restore was successful and blah blah blah
None of the other stuff came up on the desktop like it said it would, but my desktop is back to normal and no processes that looked suspicious were running. Is there something else I should do?

I'm running a malwarebytes scan just in case to get rid of some other stuff that has probably been lingering around.

Thank you guys so much by the way

[ali.B]

hi

are you able now to boot up into your system normally ?

[xCami]

Yes everything is running how it was before I got the virus ^^

[ali.B]

hi

Step 1

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan bot paste this in
  
  netsvcs
  drivers32
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\System32\config\*.sav
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Step 2

Download the GMER Rootkit Scanner.

• Extract the contents of the zipped file to desktop.
• Double click GMER.exe.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    
    Click the image to enlarge it
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.


Things I would like to see in your reply:

• OTL.txt and Extras.txt
• GMER Log ark.txt

[xCami]

OLT.txt

OTL logfile created on: 01/11/2010 7:20:05 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

894.00 Mb Total Physical Memory | 575.00 Mb Available Physical Memory | 64.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2500 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.49 Gb Total Space | 148.52 Gb Free Space | 65.00% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 2.38 Gb Free Space | 54.38% Space Free | Partition Type: FAT32
Drive E: | 1.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JENNIFER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/01 19:18:24 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/10/11 05:17:45 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/11 14:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2006/03/30 11:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/11/22 18:51:44 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2005/09/26 19:07:00 | 000,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005/08/27 09:09:28 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe


========== Modules (SafeList) ==========

MOD - [2010/11/01 19:18:24 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/09/18 00:55:00 | 001,503,232 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2008/09/18 00:55:00 | 001,101,824 | ---- | M] () -- C:\WINDOWS\system32\nvwimg.dll
MOD - [2008/09/18 00:55:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
MOD - [2006/10/05 00:07:12 | 000,144,936 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (helpsvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006/03/30 11:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/11/22 18:51:44 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\TLRecAgent.sys -- (TLRecAgent)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/07/16 21:06:57 | 000,033,920 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2008/09/18 00:55:00 | 006,132,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/08/01 19:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 19:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/09/26 19:07:00 | 003,644,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/11/10 21:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/11/10 21:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/08/10 15:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 15:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/06/17 18:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 18:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 18:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/03/29 14:22:00 | 000,346,560 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (PRISM_A02) D-Link Wireless 802.11b/g Driver (USB)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/18 01:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 01:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 01:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 01:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 01:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/18 00:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/18 00:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/18 00:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/18 00:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/18 00:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 00:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 00:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/18 00:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/18 00:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/18 00:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 7F 43 E6 BA 6A CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/27 19:00:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/27 19:00:20 | 000,000,000 | ---D | M]

[2010/10/27 19:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/11/01 09:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a5ze4f0k.default\extensions
[2010/10/27 19:40:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a5ze4f0k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/27 19:00:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/11/21 11:05:19 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [SoundMan] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Owner\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://photoshare.sh...geUploader4.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...881/mcfscan.cab (McFreeScan Class)
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.co...upldr-2k-xp.cab (Plaxo Auto-Import Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 21:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/11/28 00:55:28 | 000,000,090 | ---- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O33 - MountPoints2\{36b4e008-aeac-11de-b011-00155811f72e}\Shell - "" = AutoRun
O33 - MountPoints2\{36b4e008-aeac-11de-b011-00155811f72e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{36b4e008-aeac-11de-b011-00155811f72e}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ecb950b7-efa4-11da-8b58-806d6172696f}\Shell\AutoRun\command - "" = setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - File not found

Drivers32: midi - wdmaud.drv File not found
Drivers32: midimapper - midimap.dll File not found
Drivers32: mixer - wdmaud.drv File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm File not found
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm File not found
Drivers32: msacm.msaudio1 - msaud32.acm File not found
Drivers32: msacm.msg711 - msg711.acm File not found
Drivers32: msacm.msg723 - msg723.acm File not found
Drivers32: msacm.msgsm610 - msgsm32.acm File not found
Drivers32: msacm.sl_anet - sl_anet.acm File not found
Drivers32: msacm.trspch - tssoft32.acm File not found
Drivers32: vidc.cvid - iccvid.dll File not found
Drivers32: vidc.I420 - msh263.drv File not found
Drivers32: vidc.iv31 - ir32_32.dll File not found
Drivers32: vidc.iv32 - ir32_32.dll File not found
Drivers32: vidc.iv41 - ir41_32.ax File not found
Drivers32: vidc.iv50 - ir50_32.dll File not found
Drivers32: vidc.iyuv - iyuv_32.dll File not found
Drivers32: vidc.M261 - msh261.drv File not found
Drivers32: vidc.M263 - msh263.drv File not found
Drivers32: vidc.mrle - msrle32.dll File not found
Drivers32: vidc.msvc - msvidc32.dll File not found
Drivers32: vidc.uyvy - msyuv.dll File not found
Drivers32: vidc.yuy2 - msyuv.dll File not found
Drivers32: vidc.yvu9 - tsbyuv.dll File not found
Drivers32: vidc.yvyu - msyuv.dll File not found
Drivers32: wave - wdmaud.drv File not found
Drivers32: wavemapper - msacm32.drv File not found
SystemRestore not available.

========== Files/Folders - Created Within 30 Days ==========

[2010/11/01 18:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Blizzard Installer Bootstrap - 19a42b7d
[2010/11/01 17:37:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\fjdklsjfkds
[2010/10/28 18:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2010/10/27 18:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\~nsu.tmp
[2010/10/27 18:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\WPDNSE
[2010/10/27 12:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{78799A7C-95BC-45CC-88D0-33C2D6ED640D}
[2010/10/27 10:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Blizzard Installer Temporary Data - e1334021
[2010/10/26 19:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\Bejeweled 2
[2010/10/22 19:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2010/10/20 20:10:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\plugtmp-3
[2010/10/20 17:20:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\CyberLink
[2010/10/18 10:58:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\picss
[2010/10/16 17:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DVDVideoSoftTB
[2010/10/12 18:24:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\plugtmp-2
[2010/10/11 23:57:30 | 000,331,776 | ---- | C] (Blizzard Entertainment) -- C:\Documents and Settings\Owner\d2l_PlayD2.exe
[2010/10/11 23:36:14 | 000,331,776 | ---- | C] (Blizzard Entertainment) -- C:\Documents and Settings\Owner\d2l_Install.exe
[2010/10/11 23:25:38 | 000,072,192 | ---- | C] (Macrovision Europe Ltd.) -- C:\Documents and Settings\Owner\~e5.0001
[2010/10/11 23:02:44 | 000,459,400 | R--- | C] (Macrovision Corporation) -- C:\Documents and Settings\Owner\_isA61.exe
[2010/10/11 23:02:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\{4A1BDED7-6CAB-4FA1-BA2B-A968213A3A32}
[2010/10/06 03:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\NDP1.1sp1-KB2416447-X86
[539 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/01 19:02:39 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/11/01 07:49:09 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0302142F-D8AE-4902-ADA3-8A0040E095EB}.job
[2010/10/30 17:35:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/30 09:36:53 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/10/29 21:09:40 | 000,132,901 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\snoop.jpeg
[2010/10/28 19:29:45 | 009,040,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\David Usher black black heart lyrics.mp3
[2010/10/28 18:14:39 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\World of Warcraft Installer.lnk
[2010/10/27 21:57:25 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/27 19:00:22 | 000,001,656 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/27 19:00:22 | 000,001,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/27 18:57:31 | 000,007,780 | ---- | M] () -- C:\Documents and Settings\Owner\au-descriptor-1.6.0_22-b04.xml
[2010/10/27 18:53:08 | 000,000,409 | ---- | M] () -- C:\Documents and Settings\Owner\WGANotify.settings
[2010/10/27 18:53:07 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/27 18:52:30 | 000,192,954 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/10/27 18:52:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/27 12:12:38 | 000,009,662 | ---- | M] () -- C:\Documents and Settings\Owner\3.ico
[2010/10/27 12:12:38 | 000,009,662 | ---- | M] () -- C:\Documents and Settings\Owner\2.ico
[2010/10/27 12:12:38 | 000,009,662 | ---- | M] () -- C:\Documents and Settings\Owner\1.ico
[2010/10/27 12:00:06 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Nxisivuluyetofi.dat
[2010/10/27 12:00:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Gcuyoyowohowo.bin
[2010/10/26 19:52:39 | 000,000,016 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/10/25 15:53:29 | 000,000,023 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/10/22 19:57:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\popcreg.dat
[2010/10/20 20:51:15 | 005,869,696 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Mt Eden Dubstep - Still Alive.mp3
[2010/10/20 19:10:22 | 000,001,590 | ---- | M] () -- C:\Documents and Settings\Owner\wmplog00.sqm
[2010/10/20 17:21:47 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/19 22:53:09 | 000,112,582 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ColourfulPaintBlotsSeamlessBackgroundVector.jpg
[2010/10/19 19:18:24 | 005,243,315 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\There For Tomorrow - Re-Burn.mp3
[2010/10/19 19:18:20 | 006,498,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\There For Tomorrow - Small World.mp3
[2010/10/17 13:04:49 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/15 18:54:12 | 000,234,421 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\me in 4th grade.jpeg
[2010/10/14 03:24:00 | 000,232,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/14 03:07:21 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/11 23:46:51 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/10/11 23:46:51 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/10/11 23:46:51 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/10/11 23:29:35 | 000,072,192 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\Owner\~e5.0001
[2010/10/11 23:26:57 | 036,713,400 | ---- | M] () -- C:\Documents and Settings\Owner\ubiAC2.tmp.exe
[2010/10/11 21:55:03 | 000,040,506 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\36417_1419042607903_1587782706_981615_5841954_n.jpg
[2010/10/09 19:02:23 | 004,544,640 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Enrique Iglesias - I Like It.mp3
[2010/10/06 18:14:55 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\World of Warcraft.lnk
[2010/10/06 03:03:24 | 000,452,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/06 03:03:24 | 000,075,764 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[539 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/29 21:09:38 | 000,132,901 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\snoop.jpeg
[2010/10/28 18:15:25 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/10/28 14:51:51 | 009,040,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\David Usher black black heart lyrics.mp3
[2010/10/27 19:00:22 | 000,001,656 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/27 19:00:22 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/27 12:12:38 | 000,009,662 | ---- | C] () -- C:\Documents and Settings\Owner\3.ico
[2010/10/27 12:12:38 | 000,009,662 | ---- | C] () -- C:\Documents and Settings\Owner\2.ico
[2010/10/27 12:12:38 | 000,009,662 | ---- | C] () -- C:\Documents and Settings\Owner\1.ico
[2010/10/27 12:00:06 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Nxisivuluyetofi.dat
[2010/10/27 12:00:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Gcuyoyowohowo.bin
[2010/10/26 19:52:39 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/10/22 19:57:44 | 000,000,023 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/10/22 19:57:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/10/20 20:44:45 | 005,869,696 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Mt Eden Dubstep - Still Alive.mp3
[2010/10/20 19:10:22 | 000,001,590 | ---- | C] () -- C:\Documents and Settings\Owner\wmplog00.sqm
[2010/10/20 17:01:08 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\World of Warcraft Installer.lnk
[2010/10/19 22:53:09 | 000,112,582 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ColourfulPaintBlotsSeamlessBackgroundVector.jpg
[2010/10/19 18:28:10 | 005,243,315 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\There For Tomorrow - Re-Burn.mp3
[2010/10/19 18:15:01 | 006,498,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\There For Tomorrow - Small World.mp3
[2010/10/15 18:54:10 | 000,234,421 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\me in 4th grade.jpeg
[2010/10/14 03:29:13 | 000,007,780 | ---- | C] () -- C:\Documents and Settings\Owner\au-descriptor-1.6.0_22-b04.xml
[2010/10/11 23:44:59 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/10/11 23:44:59 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/10/11 23:44:59 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/10/11 23:36:15 | 000,263,168 | ---- | C] () -- C:\Documents and Settings\Owner\binkw32.dll
[2010/10/11 23:16:15 | 036,713,400 | ---- | C] () -- C:\Documents and Settings\Owner\ubiAC2.tmp.exe
[2010/10/11 21:55:03 | 000,040,506 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\36417_1419042607903_1587782706_981615_5841954_n.jpg
[2010/10/09 19:01:45 | 004,544,640 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Enrique Iglesias - I Like It.mp3
[2010/10/07 23:14:09 | 000,002,155 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/10/06 18:14:55 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\World of Warcraft.lnk
[2010/06/02 05:22:54 | 001,412,902 | ---- | C] () -- C:\Program Files\OCT2006_d3dx9_31_x64.cab
[2010/06/02 05:22:54 | 001,127,217 | ---- | C] () -- C:\Program Files\OCT2006_d3dx9_31_x86.cab
[2010/06/02 05:22:54 | 000,273,960 | ---- | C] () -- C:\Program Files\Nov2008_XAudio_x64.cab
[2010/06/02 05:22:54 | 000,272,611 | ---- | C] () -- C:\Program Files\Nov2008_XAudio_x86.cab
[2010/06/02 05:22:54 | 000,182,361 | ---- | C] () -- C:\Program Files\OCT2006_XACT_x64.cab
[2010/06/02 05:22:54 | 000,138,017 | ---- | C] () -- C:\Program Files\OCT2006_XACT_x86.cab
[2010/06/02 05:22:54 | 000,086,037 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x64.cab
[2010/06/02 05:22:54 | 000,045,359 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x86.cab
[2010/06/02 05:22:52 | 001,906,878 | ---- | C] () -- C:\Program Files\Nov2008_d3dx9_40_x64.cab
[2010/06/02 05:22:52 | 001,550,796 | ---- | C] () -- C:\Program Files\Nov2008_d3dx9_40_x86.cab
[2010/06/02 05:22:52 | 000,965,421 | ---- | C] () -- C:\Program Files\Nov2008_d3dx10_40_x86.cab
[2010/06/02 05:22:52 | 000,121,794 | ---- | C] () -- C:\Program Files\Nov2008_XACT_x64.cab
[2010/06/02 05:22:52 | 000,092,684 | ---- | C] () -- C:\Program Files\Nov2008_XACT_x86.cab
[2010/06/02 05:22:52 | 000,054,522 | ---- | C] () -- C:\Program Files\Nov2008_X3DAudio_x64.cab
[2010/06/02 05:22:52 | 000,021,851 | ---- | C] () -- C:\Program Files\Nov2008_X3DAudio_x86.cab
[2010/06/02 05:22:50 | 000,994,154 | ---- | C] () -- C:\Program Files\Nov2008_d3dx10_40_x64.cab
[2010/06/02 05:22:50 | 000,196,762 | ---- | C] () -- C:\Program Files\NOV2007_XACT_x64.cab
[2010/06/02 05:22:50 | 000,148,264 | ---- | C] () -- C:\Program Files\NOV2007_XACT_x86.cab
[2010/06/02 05:22:50 | 000,046,144 | ---- | C] () -- C:\Program Files\NOV2007_X3DAudio_x64.cab
[2010/06/02 05:22:50 | 000,018,496 | ---- | C] () -- C:\Program Files\NOV2007_X3DAudio_x86.cab
[2010/06/02 05:22:48 | 001,802,058 | ---- | C] () -- C:\Program Files\Nov2007_d3dx9_36_x64.cab
[2010/06/02 05:22:48 | 001,709,360 | ---- | C] () -- C:\Program Files\Nov2007_d3dx9_36_x86.cab
[2010/06/02 05:22:48 | 000,864,600 | ---- | C] () -- C:\Program Files\Nov2007_d3dx10_36_x64.cab
[2010/06/02 05:22:48 | 000,803,884 | ---- | C] () -- C:\Program Files\Nov2007_d3dx10_36_x86.cab
[2010/06/02 05:22:48 | 000,273,018 | ---- | C] () -- C:\Program Files\Mar2009_XAudio_x86.cab
[2010/06/02 05:22:46 | 000,275,044 | ---- | C] () -- C:\Program Files\Mar2009_XAudio_x64.cab
[2010/06/02 05:22:46 | 000,121,506 | ---- | C] () -- C:\Program Files\Mar2009_XACT_x64.cab
[2010/06/02 05:22:46 | 000,092,740 | ---- | C] () -- C:\Program Files\Mar2009_XACT_x86.cab
[2010/06/02 05:22:38 | 000,054,600 | ---- | C] () -- C:\Program Files\Mar2009_X3DAudio_x64.cab
[2010/06/02 05:22:38 | 000,021,298 | ---- | C] () -- C:\Program Files\Mar2009_X3DAudio_x86.cab
[2010/06/02 05:22:36 | 001,973,702 | ---- | C] () -- C:\Program Files\Mar2009_d3dx9_41_x64.cab
[2010/06/02 05:22:36 | 001,612,446 | ---- | C] () -- C:\Program Files\Mar2009_d3dx9_41_x86.cab
[2010/06/02 05:22:36 | 001,067,160 | ---- | C] () -- C:\Program Files\Mar2009_d3dx10_41_x64.cab
[2010/06/02 05:22:36 | 001,040,745 | ---- | C] () -- C:\Program Files\Mar2009_d3dx10_41_x86.cab
[2010/06/02 05:22:36 | 000,251,194 | ---- | C] () -- C:\Program Files\Mar2008_XAudio_x64.cab
[2010/06/02 05:22:36 | 000,226,250 | ---- | C] () -- C:\Program Files\Mar2008_XAudio_x86.cab
[2010/06/02 05:22:36 | 000,122,336 | ---- | C] () -- C:\Program Files\Mar2008_XACT_x64.cab
[2010/06/02 05:22:36 | 000,093,734 | ---- | C] () -- C:\Program Files\Mar2008_XACT_x86.cab
[2010/06/02 05:22:34 | 001,769,862 | ---- | C] () -- C:\Program Files\Mar2008_d3dx9_37_x64.cab
[2010/06/02 05:22:34 | 001,443,282 | ---- | C] () -- C:\Program Files\Mar2008_d3dx9_37_x86.cab
[2010/06/02 05:22:34 | 000,818,260 | ---- | C] () -- C:\Program Files\Mar2008_d3dx10_37_x86.cab
[2010/06/02 05:22:34 | 000,055,058 | ---- | C] () -- C:\Program Files\Mar2008_X3DAudio_x64.cab
[2010/06/02 05:22:34 | 000,021,867 | ---- | C] () -- C:\Program Files\Mar2008_X3DAudio_x86.cab
[2010/06/02 05:22:32 | 000,937,246 | ---- | C] () -- C:\Program Files\Jun2010_d3dx9_43_x64.cab
[2010/06/02 05:22:32 | 000,844,884 | ---- | C] () -- C:\Program Files\Mar2008_d3dx10_37_x64.cab
[2010/06/02 05:22:32 | 000,768,036 | ---- | C] () -- C:\Program Files\Jun2010_d3dx9_43_x86.cab
[2010/06/02 05:22:32 | 000,278,060 | ---- | C] () -- C:\Program Files\Jun2010_XAudio_x86.cab
[2010/06/02 05:22:32 | 000,277,338 | ---- | C] () -- C:\Program Files\Jun2010_XAudio_x64.cab
[2010/06/02 05:22:32 | 000,124,596 | ---- | C] () -- C:\Program Files\Jun2010_XACT_x64.cab
[2010/06/02 05:22:32 | 000,093,686 | ---- | C] () -- C:\Program Files\Jun2010_XACT_x86.cab
[2010/06/02 05:22:30 | 000,762,188 | ---- | C] () -- C:\Program Files\Jun2010_d3dcsx_43_x86.cab
[2010/06/02 05:22:30 | 000,235,955 | ---- | C] () -- C:\Program Files\Jun2010_d3dx10_43_x64.cab
[2010/06/02 05:22:30 | 000,197,283 | ---- | C] () -- C:\Program Files\Jun2010_d3dx10_43_x86.cab
[2010/06/02 05:22:30 | 000,138,205 | ---- | C] () -- C:\Program Files\Jun2010_d3dx11_43_x64.cab
[2010/06/02 05:22:30 | 000,109,445 | ---- | C] () -- C:\Program Files\Jun2010_d3dx11_43_x86.cab
[2010/06/02 05:22:28 | 000,944,460 | ---- | C] () -- C:\Program Files\Jun2010_D3DCompiler_43_x64.cab
[2010/06/02 05:22:28 | 000,931,471 | ---- | C] () -- C:\Program Files\Jun2010_D3DCompiler_43_x86.cab
[2010/06/02 05:22:28 | 000,752,783 | ---- | C] () -- C:\Program Files\Jun2010_d3dcsx_43_x64.cab
[2010/06/02 05:22:20 | 000,269,024 | ---- | C] () -- C:\Program Files\JUN2008_XAudio_x86.cab
[2010/06/02 05:22:18 | 001,792,608 | ---- | C] () -- C:\Program Files\JUN2008_d3dx9_38_x64.cab
[2010/06/02 05:22:18 | 001,463,878 | ---- | C] () -- C:\Program Files\JUN2008_d3dx9_38_x86.cab
[2010/06/02 05:22:18 | 000,867,828 | ---- | C] () -- C:\Program Files\JUN2008_d3dx10_38_x64.cab
[2010/06/02 05:22:18 | 000,849,919 | ---- | C] () -- C:\Program Files\JUN2008_d3dx10_38_x86.cab
[2010/06/02 05:22:18 | 000,269,628 | ---- | C] () -- C:\Program Files\JUN2008_XAudio_x64.cab
[2010/06/02 05:22:18 | 000,152,909 | ---- | C] () -- C:\Program Files\JUN2007_XACT_x86.cab
[2010/06/02 05:22:18 | 000,121,054 | ---- | C] () -- C:\Program Files\JUN2008_XACT_x64.cab
[2010/06/02 05:22:18 | 000,093,128 | ---- | C] () -- C:\Program Files\JUN2008_XACT_x86.cab
[2010/06/02 05:22:18 | 000,055,154 | ---- | C] () -- C:\Program Files\JUN2008_X3DAudio_x64.cab
[2010/06/02 05:22:18 | 000,021,905 | ---- | C] () -- C:\Program Files\JUN2008_X3DAudio_x86.cab
[2010/06/02 05:22:16 | 001,607,774 | ---- | C] () -- C:\Program Files\JUN2007_d3dx9_34_x64.cab
[2010/06/02 05:22:16 | 001,607,286 | ---- | C] () -- C:\Program Files\JUN2007_d3dx9_34_x86.cab
[2010/06/02 05:22:16 | 001,064,925 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x86.cab
[2010/06/02 05:22:16 | 000,699,044 | ---- | C] () -- C:\Program Files\JUN2007_d3dx10_34_x64.cab
[2010/06/02 05:22:16 | 000,698,472 | ---- | C] () -- C:\Program Files\JUN2007_d3dx10_34_x86.cab
[2010/06/02 05:22:16 | 000,197,122 | ---- | C] () -- C:\Program Files\JUN2007_XACT_x64.cab
[2010/06/02 05:22:16 | 000,180,785 | ---- | C] () -- C:\Program Files\JUN2006_XACT_x64.cab
[2010/06/02 05:22:16 | 000,133,671 | ---- | C] () -- C:\Program Files\JUN2006_XACT_x86.cab
[2010/06/02 05:22:14 | 001,336,002 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x64.cab
[2010/06/02 05:22:14 | 000,277,191 | ---- | C] () -- C:\Program Files\Feb2010_XAudio_x86.cab
[2010/06/02 05:22:14 | 000,276,960 | ---- | C] () -- C:\Program Files\Feb2010_XAudio_x64.cab
[2010/06/02 05:22:14 | 000,122,446 | ---- | C] () -- C:\Program Files\Feb2010_XACT_x64.cab
[2010/06/02 05:22:14 | 000,093,180 | ---- | C] () -- C:\Program Files\Feb2010_XACT_x86.cab
[2010/06/02 05:22:12 | 000,194,675 | ---- | C] () -- C:\Program Files\FEB2007_XACT_x64.cab
[2010/06/02 05:22:12 | 000,147,983 | ---- | C] () -- C:\Program Files\FEB2007_XACT_x86.cab
[2010/06/02 05:22:12 | 000,054,678 | ---- | C] () -- C:\Program Files\Feb2010_X3DAudio_x64.cab
[2010/06/02 05:22:12 | 000,020,713 | ---- | C] () -- C:\Program Files\Feb2010_X3DAudio_x86.cab
[2010/06/02 05:22:10 | 000,178,359 | ---- | C] () -- C:\Program Files\Feb2006_XACT_x64.cab
[2010/06/02 05:22:10 | 000,132,409 | ---- | C] () -- C:\Program Files\Feb2006_XACT_x86.cab
[2010/06/02 05:22:04 | 001,084,720 | ---- | C] () -- C:\Program Files\Feb2006_d3dx9_29_x86.cab
[2010/06/02 05:22:02 | 001,574,376 | ---- | C] () -- C:\Program Files\DEC2006_d3dx9_32_x86.cab
[2010/06/02 05:22:02 | 001,362,796 | ---- | C] () -- C:\Program Files\Feb2006_d3dx9_29_x64.cab
[2010/06/02 05:22:02 | 001,247,499 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x64.cab
[2010/06/02 05:22:02 | 001,013,225 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x86.cab
[2010/06/02 05:22:02 | 000,192,475 | ---- | C] () -- C:\Program Files\DEC2006_XACT_x64.cab
[2010/06/02 05:22:02 | 000,145,599 | ---- | C] () -- C:\Program Files\DEC2006_XACT_x86.cab
[2010/06/02 05:22:02 | 000,094,011 | ---- | C] () -- C:\Program Files\dxupdate.cab
[2010/06/02 05:22:02 | 000,042,410 | ---- | C] () -- C:\Program Files\dxdllreg_x86.cab
[2010/06/02 05:22:00 | 001,571,154 | ---- | C] () -- C:\Program Files\DEC2006_d3dx9_32_x64.cab
[2010/06/02 05:22:00 | 001,357,976 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x64.cab
[2010/06/02 05:22:00 | 001,079,456 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x86.cab
[2010/06/02 05:22:00 | 000,273,264 | ---- | C] () -- C:\Program Files\Aug2009_XAudio_x64.cab
[2010/06/02 05:22:00 | 000,272,642 | ---- | C] () -- C:\Program Files\Aug2009_XAudio_x86.cab
[2010/06/02 05:22:00 | 000,212,807 | ---- | C] () -- C:\Program Files\DEC2006_d3dx10_00_x64.cab
[2010/06/02 05:22:00 | 000,191,720 | ---- | C] () -- C:\Program Files\DEC2006_d3dx10_00_x86.cab
[2010/06/02 05:22:00 | 000,122,408 | ---- | C] () -- C:\Program Files\Aug2009_XACT_x64.cab
[2010/06/02 05:22:00 | 000,093,106 | ---- | C] () -- C:\Program Files\Aug2009_XACT_x86.cab
[2010/06/02 05:21:58 | 000,930,116 | ---- | C] () -- C:\Program Files\Aug2009_d3dx9_42_x64.cab
[2010/06/02 05:21:58 | 000,728,456 | ---- | C] () -- C:\Program Files\Aug2009_d3dx9_42_x86.cab
[2010/06/02 05:21:58 | 000,232,635 | ---- | C] () -- C:\Program Files\Aug2009_d3dx10_42_x64.cab
[2010/06/02 05:21:58 | 000,192,131 | ---- | C] () -- C:\Program Files\Aug2009_d3dx10_42_x86.cab
[2010/06/02 05:21:58 | 000,136,301 | ---- | C] () -- C:\Program Files\Aug2009_d3dx11_42_x64.cab
[2010/06/02 05:21:58 | 000,105,044 | ---- | C] () -- C:\Program Files\Aug2009_d3dx11_42_x86.cab
[2010/06/02 05:21:56 | 003,319,740 | ---- | C] () -- C:\Program Files\Aug2009_d3dcsx_42_x86.cab
[2010/06/02 05:21:56 | 003,112,111 | ---- | C] () -- C:\Program Files\Aug2009_d3dcsx_42_x64.cab
[2010/06/02 05:21:56 | 000,900,598 | ---- | C] () -- C:\Program Files\Aug2009_D3DCompiler_42_x86.cab
[2010/06/02 05:21:46 | 000,919,044 | ---- | C] () -- C:\Program Files\Aug2009_D3DCompiler_42_x64.cab
[2010/06/02 05:21:46 | 000,271,412 | ---- | C] () -- C:\Program Files\Aug2008_XAudio_x64.cab
[2010/06/02 05:21:46 | 000,271,038 | ---- | C] () -- C:\Program Files\Aug2008_XAudio_x86.cab
[2010/06/02 05:21:44 | 001,794,084 | ---- | C] () -- C:\Program Files\Aug2008_d3dx9_39_x64.cab
[2010/06/02 05:21:44 | 001,464,672 | ---- | C] () -- C:\Program Files\Aug2008_d3dx9_39_x86.cab
[2010/06/02 05:21:44 | 000,849,167 | ---- | C] () -- C:\Program Files\Aug2008_d3dx10_39_x86.cab
[2010/06/02 05:21:44 | 000,198,096 | ---- | C] () -- C:\Program Files\AUG2007_XACT_x64.cab
[2010/06/02 05:21:44 | 000,153,012 | ---- | C] () -- C:\Program Files\AUG2007_XACT_x86.cab
[2010/06/02 05:21:44 | 000,121,772 | ---- | C] () -- C:\Program Files\Aug2008_XACT_x64.cab
[2010/06/02 05:21:44 | 000,092,996 | ---- | C] () -- C:\Program Files\Aug2008_XACT_x86.cab
[2010/06/02 05:21:42 | 001,800,160 | ---- | C] () -- C:\Program Files\AUG2007_d3dx9_35_x64.cab
[2010/06/02 05:21:42 | 001,708,152 | ---- | C] () -- C:\Program Files\AUG2007_d3dx9_35_x86.cab
[2010/06/02 05:21:42 | 000,867,612 | ---- | C] () -- C:\Program Files\Aug2008_d3dx10_39_x64.cab
[2010/06/02 05:21:42 | 000,852,286 | ---- | C] () -- C:\Program Files\AUG2007_d3dx10_35_x64.cab
[2010/06/02 05:21:42 | 000,796,867 | ---- | C] () -- C:\Program Files\AUG2007_d3dx10_35_x86.cab
[2010/06/02 05:21:40 | 001,350,542 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x64.cab
[2010/06/02 05:21:40 | 001,077,644 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x86.cab
[2010/06/02 05:21:40 | 000,182,903 | ---- | C] () -- C:\Program Files\AUG2006_XACT_x64.cab
[2010/06/02 05:21:40 | 000,137,235 | ---- | C] () -- C:\Program Files\AUG2006_XACT_x86.cab
[2010/06/02 05:21:40 | 000,087,142 | ---- | C] () -- C:\Program Files\AUG2006_xinput_x64.cab
[2010/06/02 05:21:40 | 000,053,302 | ---- | C] () -- C:\Program Files\APR2007_xinput_x86.cab
[2010/06/02 05:21:40 | 000,046,058 | ---- | C] () -- C:\Program Files\AUG2006_xinput_x86.cab
[2010/06/02 05:21:38 | 001,606,039 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x86.cab
[2010/06/02 05:21:38 | 000,195,766 | ---- | C] () -- C:\Program Files\APR2007_XACT_x64.cab
[2010/06/02 05:21:38 | 000,151,225 | ---- | C] () -- C:\Program Files\APR2007_XACT_x86.cab
[2010/06/02 05:21:38 | 000,096,817 | ---- | C] () -- C:\Program Files\APR2007_xinput_x64.cab
[2010/06/02 05:21:36 | 001,607,358 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x64.cab
[2010/06/02 05:21:36 | 000,698,612 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x64.cab
[2010/06/02 05:21:36 | 000,695,865 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x86.cab
[2010/06/02 05:21:34 | 000,046,010 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x86.cab
[2010/06/02 05:21:20 | 000,087,101 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x64.cab
[2010/06/02 05:21:18 | 004,162,630 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86_Archive.cab
[2010/06/02 05:21:18 | 000,916,430 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86.cab
[2010/06/02 05:21:18 | 000,179,133 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x64.cab
[2010/06/02 05:21:18 | 000,133,103 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x86.cab
[2010/06/02 05:21:16 | 001,397,830 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x64.cab
[2010/06/02 05:21:16 | 001,347,354 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x64.cab
[2010/06/02 05:21:16 | 001,115,221 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x86.cab
[2010/06/02 05:21:16 | 001,078,962 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x86.cab
[2008/12/22 16:24:48 | 000,033,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2008/06/23 02:24:15 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/02/04 21:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/11/26 20:40:50 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\MyPhrases.dta
[2007/06/19 03:03:39 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/05 04:19:23 | 000,000,111 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/20 15:08:57 | 000,070,171 | ---- | C] () -- C:\Program Files\simone_after (555 x 600).jpg
[2007/02/07 14:19:53 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/12/09 03:41:13 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/30 02:41:41 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2006/08/27 20:16:45 | 000,000,914 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/08/04 15:32:48 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2006/06/26 04:15:12 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/06/17 03:24:17 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/06/06 05:21:15 | 000,049,465 | ---- | C] () -- C:\Program Files\moviepass Terms.html
[2006/06/03 16:53:04 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/06/03 16:36:02 | 000,000,087 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2005/11/22 18:53:31 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/11/22 18:53:28 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/11/22 18:50:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/22 18:31:43 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/11/22 18:31:43 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/11/22 18:31:41 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/11/22 18:31:40 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/11/22 18:31:40 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/11/22 18:31:40 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/08/06 01:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 13:08:14 | 000,247,803 | ---- | C] () -- C:\Program Files\PublicationReviewCenter_Basic.stp
[2005/07/22 13:08:10 | 000,369,524 | ---- | C] () -- C:\Program Files\PublicationReviewCenter_Custom.stp
[2005/07/21 14:20:32 | 000,002,356 | ---- | C] () -- C:\Program Files\README.TXT
[2005/01/12 13:38:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/09 19:49:16 | 000,001,220 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/09 19:49:16 | 000,000,468 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/01/09 19:48:31 | 000,191,488 | ---- | C] () -- C:\WINDOWS\edajelapelepix.dll
[2005/01/09 19:48:24 | 000,282,112 | ---- | C] () -- C:\WINDOWS\System32\sbe(2).dll
[2005/01/09 19:48:22 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2005/01/09 13:00:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/12/21 14:13:56 | 000,191,136 | ---- | C] () -- C:\WINDOWS\System32\plx_upldr.dll
[2004/07/10 21:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/12/19 03:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/09/25 18:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2008/12/22 15:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2007/06/27 02:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/02/09 06:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2007/06/28 13:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2006/08/27 20:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2007/05/14 05:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2005/11/22 18:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/28 09:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/09/11 19:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 17:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/18 20:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/18 20:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2010/09/19 20:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DVDVideoSoftIEHelpers
[2007/10/18 06:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/02/09 06:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2008/02/09 06:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ParetoLogic
[2010/10/27 18:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PriceGong
[2005/11/22 19:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2007/06/27 02:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanSoft
[2010/01/21 10:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\School Zone Preferences
[2010/09/24 21:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2007/10/08 14:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TypingMaster7
[2009/11/28 09:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\wsInspector
[2010/11/01 07:49:09 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0302142F-D8AE-4902-ADA3-8A0040E095EB}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/03/29 06:08:32 | 000,012,292 | -H-- | M] () -- C:\.DS_Store
[2005/01/09 21:13:09 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/11/02 22:38:28 | 000,000,222 | RHS- | M] () -- C:\boot.ini
[2005/01/09 21:13:09 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/11/18 18:06:21 | 000,753,664 | -HS- | M] () -- C:\ehthumbs.db
[2005/01/09 21:13:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/11/22 18:55:51 | 000,001,186 | -H-- | M] () -- C:\IPH.PH
[2005/01/09 21:13:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 15:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/08 17:17:39 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/27 18:52:03 | 2621,440,000 | -HS- | M] () -- C:\pagefile.sys
[2010/09/29 03:01:27 | 000,002,272 | ---- | M] () -- C:\Silverlight0.log
[2010/09/29 03:01:26 | 001,870,894 | ---- | M] () -- C:\SilverlightMSI.log
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/01/09 12:58:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/01/09 12:58:49 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/01/09 12:58:49 | 000,868,352 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-14 07:07:31

< End of report >

Extras.txt

OTL Extras logfile created on: 01/11/2010 7:20:05 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

894.00 Mb Total Physical Memory | 575.00 Mb Available Physical Memory | 64.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2500 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.49 Gb Total Space | 148.52 Gb Free Space | 65.00% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 2.38 Gb Free Space | 54.38% Space Free | Partition Type: FAT32
Drive E: | 1.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JENNIFER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"6112:TCP" = 6112:TCP:*:Enabled:Blizz
"6112:UDP" = 6112:UDP:*:Enabled:Blizz 2
"3724:TCP" = 3724:TCP:*:Enabled:Blizzz
"3724:UDP" = 3724:UDP:*:Enabled:Blizzz 2
"4000:TCP" = 4000:TCP:*:Enabled:Blizzz
"4000:UDP" = 4000:UDP:*:Enabled:Blizzz 2
"6113:TCP" = 6113:TCP:*:Enabled:Blizzzz
"6113:UDP" = 6113:UDP:*:Enabled:Blizzzz 2
"6114:TCP" = 6114:TCP:*:Enabled:Blizzzzz
"6114:UDP" = 6114:UDP:*:Enabled:Blizzzzz 2

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft -- (Blizzard Entertainment)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B360A8E5-C171-4AAE-9777-65B3CDB0072C}" = CanoScan LiDE20,30 Manual
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon CanoScan Toolbox 4.0" = Canon CanoScan Toolbox 4.0
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CSCLIB" = Canon Camera Support Core Library
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"EOS Utility" = Canon Utilities EOS Utility
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Insaniquarium Deluxe 1.1" = Insaniquarium Deluxe 1.1
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"Qloud Plug-in for iTunes" = Qloud Plug-in for iTunes
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27/10/2010 5:58:19 PM | Computer Name = JENNIFER | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 27/10/2010 6:49:44 PM | Computer Name = JENNIFER | Source = Bonjour Service | ID = 100
Description = 244: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 27/10/2010 6:49:44 PM | Computer Name = JENNIFER | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 27/10/2010 6:49:44 PM | Computer Name = JENNIFER | Source = Bonjour Service | ID = 100
Description = 440: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 27/10/2010 6:49:44 PM | Computer Name = JENNIFER | Source = Bonjour Service | ID = 100
Description = 436: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 27/10/2010 6:49:44 PM | Computer Name = JENNIFER | Source = Bonjour Service | ID = 100
Description = 452: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 27/10/2010 6:49:44 PM | Computer Name = JENNIFER | Source = Bonjour Service | ID = 100
Description = 464: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 27/10/2010 6:52:43 PM | Computer Name = JENNIFER | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 01/11/2010 6:25:40 PM | Computer Name = JENNIFER | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1827735974-QkxaMDAwMkQ1QjlEQkFBNilBQi1GQzgyMUNxMTlCN3w=._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 01/11/2010 7:06:32 PM | Computer Name = JENNIFER | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1827735974-QkxaMDAwMkQ1QjlEQkFBNilBQi1GQzgyMUNxMTlCN3w=._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.

[ System Events ]
Error - 31/10/2010 9:43:29 PM | Computer Name = JENNIFER | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MOWGLI that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CD63F30F-AE52-4926-B8.
The
master browser is stopping or an election is being forced.

Error - 01/11/2010 1:46:54 AM | Computer Name = JENNIFER | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MOWGLI that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CD63F30F-AE52-4926-B8.
The
master browser is stopping or an election is being forced.

Error - 01/11/2010 8:51:26 AM | Computer Name = JENNIFER | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MOWGLI that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CD63F30F-AE52-4926-B8.
The
master browser is stopping or an election is being forced.

Error - 01/11/2010 9:52:15 AM | Computer Name = JENNIFER | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MOWGLI that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CD63F30F-AE52-4926-B8.
The
master browser is stopping or an election is being forced.

Error - 01/11/2010 11:04:16 AM | Computer Name = JENNIFER | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MOWGLI that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CD63F30F-AE52-4926-B8.
The
master browser is stopping or an election is being forced.

Error - 01/11/2010 12:04:17 PM | Computer Name = JENNIFER | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MOWGLI that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CD63F30F-AE52-4926-B8.
The
master browser is stopping or an election is being forced.

Error - 01/11/2010 1:40:17 PM | Computer Name = JENNIFER | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MOWGLI that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CD63F30F-AE52-4926-B8.
The
master browser is stopping or an election is being forced.

Error - 01/11/2010 2:52:19 PM | Computer Name = JENNIFER | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MOWGLI that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CD63F30F-AE52-4926-B8.
The
master browser is stopping or an election is being forced.

Error - 01/11/2010 4:25:59 PM | Computer Name = JENNIFER | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MOWGLI that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CD63F30F-AE52-4926-B8.
The
master browser is stopping or an election is being forced.

Error - 01/11/2010 5:28:51 PM | Computer Name = JENNIFER | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MOWGLI that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CD63F30F-AE52-4926-B8.
The
master browser is stopping or an election is being forced.


< End of report >


art.txt report

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-11-01 19:34:05
Windows 5.1.2600 Service Pack 3
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???)????? ?(?????X????????????? ?????????????????f??? ???????1?????@?? ??U? ??"????????????????????I?I???T???X???m??????????????????????????????????????????US??C:\Program Files\World of Warcraft\WoW-3.3.5.12340-x86-Win-enUS-BKGND-downloader.exe:*:Enabled:Blizzard Downloader?ngs??wner\Blizzard\Installer_68601828\FrizQuadrata.ttf????Q(??X?X?U?X?X?U?U?U?X??? 4??X???l??????sN??USBSTOR\Disk?USBSTOR\RAW????? ???????y?????/?? ??]? ??"????????????????????lig???????????d???????\??? ???\?????????b.r??Generic USB SD Reader USB Device?e??Generic USB SM Reader USB Device?????????????.??????USBSTOR\DiskSanDisk_SanDisk_Cruzer__8.02?USBSTOR\DiskSanDisk_SanDisk_Cruzer__?USBSTOR\DiskSanDisk_?USBSTOR\SanDisk_SanDisk_Cruzer__8?SanDisk_SanDisk_Cruzer__8?USBSTOR\GenDisk?GenDisk??????????????? ???????X?????+???????H??.???????????????????s?si??? ???????X????????????? ?????????????????????????n??? ???????X????????????? ?????????????????f??system32\DRIVERS\aha154x.sys?????? ??(??????????? ???????y?????+??????? ??$?????????-??????????

---- EOF - GMER 1.0.15 ----

[ali.B]

hi

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them
  
  Click me
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply

[xCami]

ComboFix 10-11-04.08 - Owner 05/11/2010 10:06:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.523 [GMT -4:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\PriceGong
c:\documents and settings\Owner\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Owner\GLC98.tmp
c:\documents and settings\Owner\GLF8.tmp
c:\documents and settings\Owner\GLF9A.tmp
c:\documents and settings\Owner\Local Settings\Application Data\{78799A7C-95BC-45CC-88D0-33C2D6ED640D}
c:\documents and settings\Owner\Local Settings\Application Data\{78799A7C-95BC-45CC-88D0-33C2D6ED640D}\chrome.manifest
c:\documents and settings\Owner\Local Settings\Application Data\{78799A7C-95BC-45CC-88D0-33C2D6ED640D}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{78799A7C-95BC-45CC-88D0-33C2D6ED640D}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{78799A7C-95BC-45CC-88D0-33C2D6ED640D}\install.rdf
c:\documents and settings\Owner\ubiAC2.tmp.exe
c:\documents and settings\Owner\uninst.dll
c:\documents and settings\Owner\Uninstall.exe
c:\documents and settings\Owner\utt1.tmp.exe
c:\documents and settings\Owner\utt2.tmp.exe
c:\documents and settings\Owner\utt3.tmp.exe
c:\documents and settings\Owner\utt4.tmp.exe
c:\documents and settings\Owner\utt5.tmp.exe
c:\documents and settings\Owner\utt6.tmp.exe
C:\LHT7FB.tmp
c:\windows\notepad.exe
c:\windows\system32\_000125_.tmp.dll
c:\windows\system32\arp.exe
c:\windows\system32\spool\prtprocs\w32x86\CNMPD83.DLL
c:\windows\system32\spool\prtprocs\w32x86\CNMPP83.DLL
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-10-05 to 2010-11-05 )))))))))))))))))))))))))))))))
.

2010-11-05 13:57 . 2010-11-05 13:58 -------- d-----w- c:\documents and settings\Owner\plugtmp-4
2010-11-05 13:06 . 2010-11-05 13:06 -------- d-----w- c:\documents and settings\Owner\Blizzard Installer Bootstrap - 2c41d7e1
2010-11-05 12:00 . 2010-11-05 12:00 -------- d-----w- c:\documents and settings\Owner\Blizzard Installer Temporary Data - f699d397
2010-11-05 03:54 . 2010-11-05 03:54 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX
2010-11-05 03:53 . 2010-11-05 03:53 -------- d-----w- c:\program files\Xvid
2010-11-05 03:53 . 2009-06-07 20:25 77824 ----a-w- c:\windows\system32\xvid.ax
2010-11-05 03:53 . 2009-06-07 20:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-11-05 03:53 . 2009-06-07 20:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-11-05 03:53 . 2010-11-05 04:23 -------- d-----w- c:\documents and settings\Owner\div1640.tmp
2010-11-05 03:52 . 2010-11-05 03:52 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-11-05 03:51 . 2010-11-05 03:52 -------- d-----w- c:\program files\DivX
2010-11-05 03:51 . 2010-11-05 03:53 -------- d-----w- c:\documents and settings\Owner\div1604.tmp
2010-11-05 03:51 . 2010-11-05 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-11-05 02:28 . 2010-11-05 02:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Publish Providers
2010-11-05 02:27 . 2010-11-05 02:27 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sony
2010-11-05 02:26 . 2010-11-05 02:26 -------- d-----w- c:\program files\Sony
2010-11-05 02:26 . 2010-11-05 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2010-11-05 02:23 . 2010-11-05 02:23 -------- d-----w- c:\windows\LastGood
2010-11-05 02:22 . 2010-11-05 02:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Sony
2010-11-01 23:25 . 2010-11-01 23:25 93824 ----a-w- c:\program files\Common Files\System\MSMAPI\1033\pxldypog.sys
2010-11-01 23:25 . 2010-11-01 23:25 -------- d--h--w- c:\documents and settings\Owner\Temporary Directory 1 for gmer.zip
2010-10-31 19:31 . 2010-10-31 19:31 166 ----a-w- c:\documents and settings\Owner\AC94B.tmp
2010-10-31 19:31 . 2010-10-31 19:31 166 ----a-w- c:\documents and settings\Owner\AC94A.tmp
2010-10-31 19:29 . 2010-10-31 19:29 140 ----a-w- c:\documents and settings\Owner\AC949.tmp
2010-10-28 22:15 . 2010-11-05 13:10 -------- d-----w- c:\program files\World of Warcraft
2010-10-27 22:57 . 2010-10-27 22:57 -------- d-----w- c:\documents and settings\Owner\~nsu.tmp
2010-10-27 22:56 . 2010-10-27 22:56 3300 ----a-w- c:\documents and settings\Owner\4153031819280203.tmp
2010-10-27 22:56 . 2010-10-27 22:56 112346 ----a-w- c:\documents and settings\Owner\369839132280203.tmp
2010-10-27 22:00 . 2010-10-27 22:00 65536 ----a-w- c:\documents and settings\Owner\~DFDE43.tmp
2010-10-27 16:14 . 2010-10-27 16:14 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-27 16:13 . 2010-10-27 16:13 172032 ----a-w- c:\documents and settings\Owner\201a.tmp
2010-10-27 16:11 . 2007-11-28 07:58 13008 ----a-w- c:\documents and settings\Owner\MPC95.tmp
2010-10-27 16:11 . 2007-11-28 07:58 13008 ----a-w- c:\documents and settings\Owner\MPC94.tmp
2010-10-27 16:11 . 2007-11-28 07:58 13008 ----a-w- c:\documents and settings\Owner\MPC93.tmp
2010-10-27 16:11 . 2007-11-28 07:58 13008 ----a-w- c:\documents and settings\Owner\MPC92.tmp
2010-10-27 16:11 . 2010-10-27 16:13 4403200 ----a-w- c:\documents and settings\Owner\1a38.tmp
2010-10-27 16:11 . 2007-11-28 07:58 13008 ----a-w- c:\documents and settings\Owner\MPC91.tmp
2010-10-27 16:10 . 2010-10-02 21:19 716624 ------w- c:\documents and settings\Owner\_iu14D2N.tmp
2010-10-27 16:10 . 2010-10-27 16:10 0 ----a-w- c:\documents and settings\Owner\asd90.tmp
2010-10-27 16:00 . 2010-10-27 16:00 0 ----a-w- c:\windows\Gcuyoyowohowo.bin
2010-10-27 15:59 . 2010-10-27 15:59 0 ----a-w- c:\documents and settings\Owner\PRAGMAa026.tmp
2010-10-27 15:56 . 2010-10-27 15:56 8723 ------w- c:\documents and settings\Owner\jar_cache4970793089583665464.tmp
2010-10-27 15:56 . 2010-10-27 15:56 2994 ------w- c:\documents and settings\Owner\jar_cache6430805503696848459.tmp
2010-10-27 15:48 . 2010-10-27 15:48 32768 ----a-w- c:\documents and settings\Owner\~DFD2B7.tmp
2010-10-27 15:47 . 2010-10-27 15:47 98304 ----a-w- c:\documents and settings\Owner\~DF785C.tmp
2010-10-27 15:38 . 2010-10-27 15:38 32768 ----a-w- c:\documents and settings\Owner\~DF7F0A.tmp
2010-10-27 14:24 . 2010-10-27 14:24 -------- d-----w- c:\documents and settings\Owner\Blizzard Installer Temporary Data - e1334021
2010-10-26 23:52 . 2010-10-26 23:52 22584 ----a-w- c:\documents and settings\Owner\SpiB8.tmp
2010-10-26 23:45 . 2010-10-27 16:13 -------- d-----w- c:\program files\Bejeweled 2
2010-10-22 23:57 . 2010-10-27 00:22 -------- d-----w- c:\program files\PopCap Games
2010-10-21 00:10 . 2010-10-21 00:40 -------- d-----w- c:\documents and settings\Owner\plugtmp-3
2010-10-19 23:20 . 2010-10-19 23:20 32768 ----a-w- c:\documents and settings\Owner\~DFCA5B.tmp
2010-10-19 12:33 . 2010-10-19 12:33 32768 ----a-w- c:\documents and settings\Owner\~DF184E.tmp
2010-10-19 12:14 . 2010-10-19 12:14 32768 ----a-w- c:\documents and settings\Owner\~DFD32B.tmp
2010-10-19 12:13 . 2010-10-19 12:13 32768 ----a-w- c:\documents and settings\Owner\~DF8BE7.tmp
2010-10-18 23:51 . 2010-10-18 23:51 32768 ----a-w- c:\documents and settings\Owner\~DF8731.tmp
2010-10-18 19:47 . 2010-10-18 19:47 900 ----a-w- c:\documents and settings\Owner\AC4AD.tmp
2010-10-17 19:05 . 2010-10-17 19:05 32768 ----a-w- c:\documents and settings\Owner\~DFBDB0.tmp
2010-10-16 21:35 . 2010-10-16 21:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\DVDVideoSoftTB
2010-10-14 01:12 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 01:12 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2010-10-14 01:12 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 01:12 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-13 22:32 . 2010-10-13 22:32 32768 ----a-w- c:\documents and settings\Owner\~DF7206.tmp
2010-10-13 01:03 . 2010-10-13 01:03 32768 ----a-w- c:\documents and settings\Owner\~DF7D50.tmp
2010-10-12 22:25 . 2010-10-12 22:25 32768 ----a-w- c:\documents and settings\Owner\~DFEEDE.tmp
2010-10-12 22:24 . 2010-10-12 22:24 -------- d-----w- c:\documents and settings\Owner\plugtmp-2
2010-10-12 18:46 . 2010-10-12 18:46 32768 ----a-w- c:\documents and settings\Owner\~DF735D.tmp
2010-10-12 03:57 . 2000-05-21 19:46 331776 ----a-w- c:\documents and settings\Owner\d2l_PlayD2.exe
2010-10-12 03:44 . 2010-10-12 03:46 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-10-12 03:44 . 2010-10-12 03:46 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-10-12 03:44 . 2010-10-12 03:46 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-10-12 03:36 . 2000-05-03 14:08 263168 ----a-w- c:\documents and settings\Owner\binkw32.dll
2010-10-12 03:36 . 2000-05-23 10:11 331776 ----a-w- c:\documents and settings\Owner\d2l_Install.exe
2010-10-12 03:25 . 2010-10-12 03:29 72192 ----a-w- c:\documents and settings\Owner\~e5.0001
2010-10-12 03:02 . 2010-10-12 03:16 -------- d-----w- c:\documents and settings\Owner\{4A1BDED7-6CAB-4FA1-BA2B-A968213A3A32}
2010-10-12 03:02 . 2008-03-06 18:00 459400 ----a-r- c:\documents and settings\Owner\_isA61.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 22:55 . 2010-10-05 22:55 0 ----a-w- c:\documents and settings\Owner\~DF510.tmp
2010-10-02 15:11 . 2010-10-02 15:11 208 ----a-w- c:\documents and settings\Owner\AC1BD.tmp
2010-09-20 23:22 . 2010-09-20 23:22 246 ----a-w- c:\documents and settings\Owner\AC7E5.tmp
2010-09-20 23:22 . 2010-09-20 23:22 1152 ----a-w- c:\documents and settings\Owner\AC7E4.tmp
2010-09-20 23:22 . 2010-09-20 23:22 1434 ----a-w- c:\documents and settings\Owner\AC7E3.tmp
2010-09-20 23:21 . 2010-09-20 23:21 138 ----a-w- c:\documents and settings\Owner\AC7E2.tmp
2010-09-20 23:21 . 2010-09-20 23:21 642 ----a-w- c:\documents and settings\Owner\AC7E1.tmp
2010-09-20 20:57 . 2010-09-20 20:57 304 ----a-w- c:\documents and settings\Owner\AC70D.tmp
2010-09-20 20:57 . 2010-09-20 20:57 1068 ----a-w- c:\documents and settings\Owner\AC70C.tmp
2010-09-20 20:57 . 2010-09-20 20:57 1322 ----a-w- c:\documents and settings\Owner\AC70B.tmp
2010-09-20 16:36 . 2010-09-20 16:36 228 ----a-w- c:\documents and settings\Owner\AC64A.tmp
2010-09-20 16:36 . 2010-09-20 16:36 1602 ----a-w- c:\documents and settings\Owner\AC649.tmp
2010-09-20 16:34 . 2010-09-20 16:34 1480 ----a-w- c:\documents and settings\Owner\AC648.tmp
2010-09-20 03:44 . 2010-09-20 03:44 4014 ----a-w- c:\documents and settings\Owner\AC575.tmp
2010-09-18 16:23 . 2005-01-09 23:48 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2005-01-09 23:48 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2005-01-09 23:48 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2005-01-09 23:48 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2005-01-09 23:48 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2005-01-09 23:48 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2005-01-09 23:48 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2005-01-09 23:47 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2005-01-09 23:48 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2005-01-09 23:48 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2005-01-09 23:48 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2005-01-09 23:48 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-07-17 01:01 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2005-01-09 23:47 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2005-01-09 23:48 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2005-01-09 23:48 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-10 09:15 . 2010-08-10 09:15 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 09:15 . 2010-08-10 09:15 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-09-24 2735200]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-09-24 22:21 2735200 ----a-w- c:\program files\DVDVideoSoftTB\tbDVD1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-09-24 2735200]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-09-24 2735200]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 90112]
"nwiz"="nwiz.exe" [2008-09-18 1657376]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizz
"6112:UDP"= 6112:UDP:Blizz 2
"3724:TCP"= 3724:TCP:Blizzz
"3724:UDP"= 3724:UDP:Blizzz 2
"4000:TCP"= 4000:TCP:Blizzz
"4000:UDP"= 4000:UDP:Blizzz 2
"6113:TCP"= 6113:TCP:Blizzzz
"6113:UDP"= 6113:UDP:Blizzzz 2
"6114:TCP"= 6114:TCP:Blizzzzz
"6114:UDP"= 6114:UDP:Blizzzzz 2

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [22/12/2008 4:24 PM 33920]
S2 TLRecAgent;TLRecAgent;\??\c:\windows\system32\drivers\TLRecAgent.sys --> c:\windows\system32\drivers\TLRecAgent.sys [?]
S3 FSORSPClient;F-Secure ORSP Client;"c:\program files\Shaw Secure\ORSP Client\fsorsp.exe" --> c:\program files\Shaw Secure\ORSP Client\fsorsp.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-11-05 c:\windows\Tasks\User_Feed_Synchronization-{0302142F-D8AE-4902-ADA3-8A0040E095EB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Owner\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\a5ze4f0k.default\
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-05 10:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-11-05 10:14:36
ComboFix-quarantined-files.txt 2010-11-05 14:14

Pre-Run: 159,754,592,256 bytes free
Post-Run: 159,992,782,848 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /usepmtimer /NoExecute=OptOut

- - End Of File - - F33BFF5C0273C76622355E8175908C07

[ali.B]

hi

sorry , but for some reason i did get a notification that you replied to the topic.

let me know if you still need help.

again sorry for the delay.

[xCami]

It's okay
did you get the post with all the logs and stuff?

[ali.B]

yes i did

how is your system running

[xCami]

it seems to be running smoothly, although it is running a tad bit slower than usual