Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

3 PC's on 'Wired' Network

Started by moondog830 , Apr 16 2011 03:35 PM

  • This topic is locked This topic is locked

#1
moondog830
Posted 16 April 2011 - 03:35 PM

moondog830

    Member

  • Member
  • PipPipPip
  • 804 posts
The issue is ... I have 3 Computers, each on the same network through a LinkSys 'Wired' Router. All 3 have been working just fine until a couple of days ago and now one of them can not surf the internet. I have check the cable by hooking it up to my laptop and the laptop can connect to the net. It shows up as connected, but will not transfer data. All 3 computers on my network can be seen from MY computer ... not sure what else you need from me at this point.

I started working on this at http://www.geekstogo...13#entry1996213 and it was determined that I should now go here after checking a thing or two and finding out that someone had turned off the firewall ...

I have already downloaded OTL and run it. Here are the results of that as well.

OTL RESULTS

OTL Extras logfile created on: 4/14/2011 10:23:24 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = L:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 433.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.34 Gb Total Space | 83.59 Gb Free Space | 36.77% Space Free | Partition Type: NTFS
Drive D: | 5.53 Gb Total Space | 1.65 Gb Free Space | 29.80% Space Free | Partition Type: FAT32
Drive L: | 7.47 Gb Total Space | 2.70 Gb Free Space | 36.08% Space Free | Partition Type: FAT32

Computer Name: MOONDOGS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"62363:TCP" = 62363:TCP:*:Enabled:utorrent

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Strategy First\War Times Demo\wartimes.exe" = C:\Program Files\Strategy First\War Times Demo\wartimes.exe:*:Disabled:wartimes
"C:\Program Files\Dragonlords\V3gui.exe" = C:\Program Files\Dragonlords\V3gui.exe:*:Enabled:V3gui
"C:\Program Files\Dragonlords (Old)\V3gui.exe" = C:\Program Files\Dragonlords (Old)\V3gui.exe:*:Enabled:V3gui
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Napoleonic Empires\V3gui.exe" = C:\Program Files\Napoleonic Empires\V3gui.exe:*:Enabled:V3gui
"C:\Documents and Settings\Owner\Local Settings\Temp\_ISTMP2.DIR\_INS5576._MP" = C:\Documents and Settings\Owner\Local Settings\Temp\_ISTMP2.DIR\_INS5576._MP:*:Enabled:InstallShield Engine
"C:\Program Files\Intel\AnyPoint\iss_srvr.exe" = C:\Program Files\Intel\AnyPoint\iss_srvr.exe:*:Enabled:Home network software component.
"C:\Sierra\Counter-Strike\cstrike.exe" = C:\Sierra\Counter-Strike\cstrike.exe:*:Enabled:CounterStrike Launcher
"C:\Program Files\THQ\Dawn of War\W40k.exe" = C:\Program Files\THQ\Dawn of War\W40k.exe:*:Enabled:W40K
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe" = C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe:*:Enabled:Fireworks MX
"C:\Program Files\No Man's Land Demo\nml.exe" = C:\Program Files\No Man's Land Demo\nml.exe:*:Disabled:NML main engine
"C:\Program Files\Adobe\Adobe GoLive CS\GoLive.exe" = C:\Program Files\Adobe\Adobe GoLive CS\GoLive.exe:*:Enabled:Adobe GoLive Application -- (Adobe Systems Incorporated)
"C:\Program Files\Ipswitch\WS_FTP Home\wsftpgui.exe" = C:\Program Files\Ipswitch\WS_FTP Home\wsftpgui.exe:*:Enabled:WS_FTP Pro Application
"C:\Program Files\WS_FTP Pro\wsftppro.exe" = C:\Program Files\WS_FTP Pro\wsftppro.exe:*:Enabled:WS_FTP Pro Application
"C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabled:Dreamweaver MX
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Team17\Worms 2\Binaries\landgen.exe" = C:\Program Files\Team17\Worms 2\Binaries\landgen.exe:*:Enabled:landgen
"C:\Program Files\Team17\Worms 2\worms2.exe" = C:\Program Files\Team17\Worms 2\worms2.exe:*:Disabled:worms2
"C:\Chain\creation.exe" = C:\Chain\creation.exe:*:Enabled:2AM Creation game engine
"C:\Program Files\Age of Conquest\V3gui.exe" = C:\Program Files\Age of Conquest\V3gui.exe:*:Enabled:V3gui
"C:\Program Files\Valve\Steam\SteamApps\moondog830\dedicated server\hlds.exe" = C:\Program Files\Valve\Steam\SteamApps\moondog830\dedicated server\hlds.exe:*:Enabled:HLDS Launcher -- (Valve)
"C:\Program Files\Valve\Steam\SteamApps\moondog830\counter-strike\hl.exe" = C:\Program Files\Valve\Steam\SteamApps\moondog830\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Valve\Steam\SteamApps\moondog830\condition zero\hl.exe" = C:\Program Files\Valve\Steam\SteamApps\moondog830\condition zero\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Valve\Steam\SteamApps\moondog830\day of defeat\hl.exe" = C:\Program Files\Valve\Steam\SteamApps\moondog830\day of defeat\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Shogunate\V3gui.exe" = C:\Program Files\Shogunate\V3gui.exe:*:Enabled:V3gui
"C:\Program Files\Valve\Steam\SteamApps\moondog830\condition zero deleted scenes\hl.exe" = C:\Program Files\Valve\Steam\SteamApps\moondog830\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Three Rings Design\Puzzle Pirates\java\bin\javaw.exe" = C:\Program Files\Three Rings Design\Puzzle Pirates\java\bin\javaw.exe:*:Enabled:javaw
"C:\Documents and Settings\Owner\Local Settings\Temp\ImInstaller\Magentic\magentic_install.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\ImInstaller\Magentic\magentic_install.exe:*:Enabled:IncrediMail Installer
"C:\Program Files\Dragonlords3\V3gui.exe" = C:\Program Files\Dragonlords3\V3gui.exe:*:Enabled:V3gui
"C:\Program Files\Pax Galaxia\Pax.exe" = C:\Program Files\Pax Galaxia\Pax.exe:*:Disabled:Pax
"C:\Program Files\Grisoft\AVG Free\avginet.exe" = C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe
"C:\Program Files\Grisoft\AVG Free\avgcc.exe" = C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe" = C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe
"C:\Program Files\Valve\Steam\Steam.exe" = C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\NAMCO BANDAI Games\Warhammer Mark of Chaos DEMO\Warhammer_DEMO.exe" = C:\Program Files\NAMCO BANDAI Games\Warhammer Mark of Chaos DEMO\Warhammer_DEMO.exe:*:Disabled:Warhammer®: Mark of Chaos™ Single Player Demo
"C:\Program Files\Dragonlords2\V3gui.exe" = C:\Program Files\Dragonlords2\V3gui.exe:*:Enabled:V3gui
"C:\Program Files\Ubisoft\Gearbox Software\BrothersInArmsEiB\System\EiB.exe" = C:\Program Files\Ubisoft\Gearbox Software\BrothersInArmsEiB\System\EiB.exe:*:Disabled:Brothers In Arms Earned In Blood
"C:\Program Files\BearShare Gold\BearShareGold.exe" = C:\Program Files\BearShare Gold\BearShareGold.exe:*:Disabled:BearShareGold
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Disabled:BitLord
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Disabled:btdownloadgui
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Disabled:Google Talk
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer
"C:\Program Files\THQ\Dawn of War DEMO\W40k.exe" = C:\Program Files\THQ\Dawn of War DEMO\W40k.exe:*:Disabled:W40K
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Disabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\THQ\Dawn of War - Winter Assault Demo\WinterAssault.exe" = C:\Program Files\THQ\Dawn of War - Winter Assault Demo\WinterAssault.exe:*:Disabled:WinterAssault
"C:\Program Files\Team17\Worms 2\frontend.exe" = C:\Program Files\Team17\Worms 2\frontend.exe:*:Disabled:Worms 2 Frontend
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Disabled:Yahoo! Messenger
"C:\Program Files\ZipTorrent\ZipTorrent.exe" = C:\Program Files\ZipTorrent\ZipTorrent.exe:*:Disabled:ZipTorrent Application
"C:\Program Files\Magentic\bin\Magentic.exe" = C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic -- ()
"C:\Program Files\Magentic\bin\MgApp.exe" = C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic -- ()
"C:\Program Files\Magentic\bin\MgImp.exe" = C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic -- (IncrediMail, Ltd.)
"C:\Symbian\9.1\S60_3rd\Epoc32\release\winscw\udeb\epoc.exe" = C:\Symbian\9.1\S60_3rd\Epoc32\release\winscw\udeb\epoc.exe:*:Enabled:epoc
"C:\Program Files\Nokia\Carbide.ui S60 Theme Edition 3.1\JRE\bin\javaw.exe" = C:\Program Files\Nokia\Carbide.ui S60 Theme Edition 3.1\JRE\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary
"C:\Program Files\Global Star Software\Ultimate Demolition Derby\System\UDD.exe" = C:\Program Files\Global Star Software\Ultimate Demolition Derby\System\UDD.exe:*:Enabled:UDD
"C:\Program Files\Medieval Diplomacy II\V3gui.exe" = C:\Program Files\Medieval Diplomacy II\V3gui.exe:*:Enabled:V3gui
"C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe" = C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe:*:Enabled:PRTG_Traffic_Grapher_Webserver -- (Paessler GmbH)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe" = C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Disabled:BF1942
"C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe" = C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe:*:Disabled:bfvietnam
"C:\Program Files\THQ\Dawn of War - Dark Crusade Demo\DarkCrusade.exe" = C:\Program Files\THQ\Dawn of War - Dark Crusade Demo\DarkCrusade.exe:*:Disabled:DarkCrusade
"C:\Program Files\Auxiliary Power\Demo\DerbyDemo.exe" = C:\Program Files\Auxiliary Power\Demo\DerbyDemo.exe:*:Disabled:Demolition Derby & Figure 8 Race Application
"C:\Dynamix\DesertFightersPrev\africa.exe" = C:\Dynamix\DesertFightersPrev\africa.exe:*:Disabled:Desert Fighters Preview
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe" = C:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe:*:Enabled:Medieval_TW
"C:\Documents and Settings\Z-girl\Local Settings\Temp\ImInstaller\incredimail_installer.exe" = C:\Documents and Settings\Z-girl\Local Settings\Temp\ImInstaller\incredimail_installer.exe:*:Enabled:IncrediMail Installer
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgtray.exe" = C:\Program Files\AVG\AVG8\avgtray.exe:*:Enabled:avgtray
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe" = C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe:*:Enabled:Acrotray -- (Adobe Systems Inc.)
"C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" = C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE:*:Enabled:SUPERAntiSpyware -- (SUPERAntiSpyware.com)
"C:\Documents and Settings\MOM\Local Settings\Temp\SSUPDATE.EXE" = C:\Documents and Settings\MOM\Local Settings\Temp\SSUPDATE.EXE:*:Enabled:SSUPDATE -- (SUPERAntiSpyware.com)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- ()
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{0305052F-141B-FCEC-62B2-FB5668E7933E}" = Catalyst Control Center Graphics Full New
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam™
"{05410044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19754346-BF3D-F1FC-9AF3-B84C216E93D7}" = Catalyst Control Center Graphics Full Existing
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{296554E6-A322-EEC8-2185-DF6E624CA990}" = Skins
"{2A97D5B3-A989-47E1-B207-1CA9E3635655}" = aioprnt
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2EF3EE49-516F-407A-A591-34EF546E1F98}" = HPS France '40
"{30120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 (Beta)
"{30120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 (Beta)
"{30120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 (Beta)
"{30120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web Designer Beta 1
"{30120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web Designer MUI (English) Beta 1
"{30120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 (Beta)
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36A16C77-45DD-42B5-BC28-5CA7379FC803}" = HPS Campaign Waterloo
"{37619E80-7FBC-11D3-B344-00500417F684}" = HPS Napoleon's Russian Campaign
"{39F55A85-B356-64D7-F2BC-1E6C70A73FB8}" = CCC Help English
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3BED0238-3A25-41AE-BC23-316914B5B048}" = aioocr
"{3C31BC70-FAEB-457E-92A2-17FFF1F7ED58}" = HPS Dien Bien Phu
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4D826618-59C6-11D4-976E-00C04F8EEB39}" = Macromedia FreeHand 10
"{56CD95AF-0131-49F2-B6CE-4021771DB97E}" = HPS Soviet-Afghan War
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A040A21-FA9D-11D3-B345-0050DAD5EC65}" = HPS Campaign Gettysburg
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{62B002C5-1AB3-11D8-8092-00E018B21FC0}" = USB Mass Storage Toolbox
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F1681F-ADE1-461F-9F18-B7640507D395}" = ksdip
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{771221C5-FD0B-1197-355C-B2AFAA860483}" = ccc-core-preinstall
"{7745E06E-F364-4419-BCC9-108746F9FC00}" = HPS Campaign Jena-Auerstedt
"{791E3D44-33D3-4446-82AD-5CD4B0169083}" = aiofw
"{796C0DC0-6233-409C-869D-74534284F2F0}" = HPS El Alamein '42
"{79E41D91-BA1C-44B9-9358-48E598263ECF}" = center
"{7C573746-C964-44D3-8657-275BF2A5CA0A}" = HPS Stalingrad '42
"{80F88145-BCE5-11D5-B348-0050DAD5EC65}" = HPS Modern War
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = eMachines Bay Reader
"{836D8D90-584D-4AB8-BEC2-D6D1E779B69A}" = HPS Moscow '41
"{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{856002E1-138F-11D4-B345-0050DAD5EC65}" = HPS Tobruk '41
"{868F24EB-5CA7-4285-B39B-3617CF37462A}" = D2300_Help
"{86DDF3B9-413E-47FD-B577-79C3207161B5}" = HPS Salerno '43
"{86E24A00-A59A-11D3-B344-00500417F684}" = HPS Kharkov '42
"{882EE1CB-C2FB-657F-AA98-7DC91FC72447}" = Catalyst Control Center Core Implementation
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89D2879E-F327-3B5F-F7C6-6E107C816671}" = ccc-utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8BA7D25B-5B45-11D5-B346-0050DAD5EC65}" = HPS Campaign Wagram
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90170409-6000-11D3-8CFE-0050048383C9}" = Microsoft FrontPage 2002
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9EB93CA0-B2DE-11D3-B344-00500417F684}" = HPS Campaign Eckmuhl
"{9F185C48-595B-401A-A1D6-AAB324890DC4}" = GiPo@MoveOnBoot 1.9.5
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3605265-0861-4456-A104-A055C9F79986}" = HPS Campaign Peninsula
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AACDE433-670D-429B-B90B-A177AFAFD610}" = Sonic Foundry Vegas 4.0
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF534A85-B28A-11D5-B348-0050DAD5EC65}" = HPS The Proud And The Few
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B3AEF776-7FFF-4C50-A402-9119E3849EE0}" = AVG 2011
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BA2EA735-6F21-4F50-BE37-78E68C996D2F}" = HPS Red Victory
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0251585-1BE8-4278-B3CB-964B6E01C59D}" = aioscnnr
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4B7FD4E-6AFD-AE07-FB7E-B9AB9B39232E}" = ccc-core-static
"{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D13D0C87-46BA-E646-BC40-C7B0D305A75F}" = Catalyst Control Center Graphics Previews Common
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = KODAK EASYSHARE 5000 Series All-in-One Software
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB2CD9A0-9139-11D4-B346-0050DAD5EC65}" = HPS Kursk '43
"{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E2147135-7E6A-11D3-B344-00500417F684}" = HPS Smolensk '41
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4252F20-6CD4-446F-B9B6-0CAC86A9044B}" = HPS Winter War
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E8071E0E-D0B0-474C-8605-8E4CE39200F1}" = ENFUNS Updater
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1362843-0E0E-4F74-8662-724CF101ADCE}" = Skype web features
"{F1A54D01-5DD4-4D80-AA71-DA300081041F}" = HPS War on the Southern Front
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F40F05BE-47BB-72E2-4064-078B69F39BDA}" = Catalyst Control Center Graphics Light
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"All ATI Software" = ATI - Software Uninstall Utility
"Ashampoo UnInstaller 4_is1" = Ashampoo UnInstaller 4 v.4.15
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2011
"Bartlett's Familiar Quotations" = Bartlett's Familiar Quotations
"CanonCreativeDeinstallKey" = Canon Creative v2.2
"cccenterDeinstKey" = the Canon Creative Center
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"ColorDeskDeinstKey" = ColorDesk 1.52
"ColorStoreDeinstallKey" = ColorStore
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"CreataCard Special Edition" = CreataCard Special Edition
"Defraggler" = Defraggler
"DVD and CD Cover Print" = DVD and CD Cover Print
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Greetings Workshop" = Greetings Workshop
"GTK 2.0" = GTK+ Runtime 2.12.1 rev b (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IncrediMail" = IncrediMail
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = eMachines Bay Reader
"InstallShield_{E8071E0E-D0B0-474C-8605-8E4CE39200F1}" = ENFUNS Updater
"Magentic" = Magentic
"MagicDisc 2.5.74" = MagicDisc 2.5.74
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"MRW!UninstallKey" = InCD EasyWrite Reader
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MySpaceIM" = MySpaceIM
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PayPal Shopping Cart" = PayPal Shopping Cart
"PROSet" = Intel® PRO Network Adapters and Drivers
"RNCompiler 6.0" = Advanced RealMedia Export Plug-in for Premiere 6.0
"Shockwave" = Shockwave
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TalonSoft's West Front: Operation Sea Lion" = TalonSoft's West Front: Operation Sea Lion
"The File Splitter 1.31_is1" = The File Splitter 1.31
"TripMaker" = Rand McNally TripMaker 2000
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6b
"WebDesigner" = Microsoft Expression Web Designer Beta 1
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xvid" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"7de8484297ebd72f" = CoC Lobby
"Call of Combat" = Call of Combat
"Call of Combat Lobby" = Call of Combat Lobby
"Call of Combat Map Editor" = Call of Combat Map Editor
"dac3de22478ba5a7" = CoC Lobby - 1
"Puzzle Pirates" = Puzzle Pirates
"Sea Battle Damage Counter" = Sea Battle Damage Counter

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/11/2010 3:48:15 PM | Computer Name = MOONDOGS | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
gcswf32.dll, version 10.1.85.3, fault address 0x0017e66c.

Error - 10/24/2010 11:09:07 AM | Computer Name = MOONDOGS | Source = Application Hang | ID = 1002
Description = Hanging application MySpaceIM.exe, version 1.0.823.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/24/2010 11:52:31 AM | Computer Name = MOONDOGS | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6829.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/19/2010 2:17:31 PM | Computer Name = MOONDOGS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 2/27/2011 8:31:02 PM | Computer Name = MOONDOGS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/2/2011 5:39:33 PM | Computer Name = MOONDOGS | Source = Application Hang | ID = 1002
Description = Hanging application MySpaceIM.exe, version 1.0.823.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/6/2011 9:48:13 AM | Computer Name = MOONDOGS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/6/2011 9:48:13 AM | Computer Name = MOONDOGS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 4/13/2011 7:05:34 PM | Computer Name = MOONDOGS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/13/2011 7:12:18 PM | Computer Name = MOONDOGS | Source = Application Error | ID = 1000
Description = Faulting application easyshare.exe, version 6.21.25.62, faulting module
unknown, version 0.0.0.0, fault address 0xca4a33ee.

[ System Events ]
Error - 4/1/2011 9:20:55 AM | Computer Name = MOONDOGS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 0013204F8608 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/3/2011 10:15:12 PM | Computer Name = MOONDOGS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 0013204F8608 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/12/2011 6:34:45 PM | Computer Name = MOONDOGS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 0013204F8608 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/13/2011 5:44:53 PM | Computer Name = MOONDOGS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 0013204F8608 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/13/2011 7:09:51 PM | Computer Name = MOONDOGS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 0013204F8608 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/13/2011 7:20:49 PM | Computer Name = MOONDOGS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 0013204F8608 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/13/2011 7:59:22 PM | Computer Name = MOONDOGS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 0013204F8608 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/13/2011 8:04:40 PM | Computer Name = MOONDOGS | Source = Service Control Manager | ID = 7034
Description = The Kodak AiO Device Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 4/13/2011 8:04:46 PM | Computer Name = MOONDOGS | Source = Service Control Manager | ID = 7034
Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).

Error - 4/13/2011 9:00:10 PM | Computer Name = MOONDOGS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.103 for the Network Card with network
address 0013204F8608 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >



thanks

dog
  • 0

Advertisements

#2
Salagubang
Posted 20 April 2011 - 04:47 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi moondog830,

Sorry for the delay.

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

+++++++++++++++++++++++++++++++++++++++++++

Are you still experiencing issues?

P.S. I prefer black colored text.
  • 0

#3
moondog830
Posted 20 April 2011 - 06:50 PM

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts
Hello Salagubang,
I will remember to follow all of your directions. Believe me, if I don't understand, I WILL ask questions. At times I'm sure you will wonder what is or is not running through my head. To answer your question, yes, I am still having issues. I received a private message stating that what I have already posted is NOT what is needed. I am ready to follow your directions.

moondog
  • 0

#4
Salagubang
Posted 20 April 2011 - 07:02 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
StepOne

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Standard Output at the top
  • Under the Extra Registry sectionm ensure that Safelist is selected
  • Select All Users
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the
    Quick Scan
    button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Step Two

GMER Rootkit Scanner
  • Posted Image GMER Rootkit Scanner - Download - Homepage
  • Download GMER
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)

    NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.

    Posted Image
    Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.

**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.


  • 0

#5
moondog830
Posted 20 April 2011 - 09:18 PM

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts
I ran OTL ... but it only created the OTL.txt file. I re-checked my settings and am running a scan again. I will have to work more on this tomorrow ... it is 11:17pm and I have to substitute teach tomorrow. thanks
  • 0

#6
Salagubang
Posted 20 April 2011 - 09:21 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts

I ran OTL ... but it only created the OTL.txt file. I re-checked my settings and am running a scan again. I will have to work more on this tomorrow ... it is 11:17pm and I have to substitute teach tomorrow. thanks


Its alright, just post what is available for review and we'll continue when you're back and available. :D
  • 0

#7
moondog830
Posted 20 April 2011 - 09:39 PM

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts
Here is the OTL.txt file


OTL logfile created on: 4/20/2011 11:13:01 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = L:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 424.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.34 Gb Total Space | 83.51 Gb Free Space | 36.74% Space Free | Partition Type: NTFS
Drive D: | 5.53 Gb Total Space | 1.65 Gb Free Space | 29.80% Space Free | Partition Type: FAT32
Drive L: | 7.47 Gb Total Space | 4.77 Gb Free Space | 63.83% Space Free | Partition Type: FAT32

Computer Name: MOONDOGS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/14 21:50:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- L:\OTL.exe
PRC - [2011/01/07 02:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 02:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 16:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/05 17:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 17:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 05:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/07/12 08:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2009/12/28 11:34:57 | 000,122,880 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2008/05/02 13:28:55 | 000,369,272 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2008/04/23 03:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/07 09:53:54 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
PRC - [2007/08/01 14:29:52 | 003,822,624 | ---- | M] (Paessler GmbH) -- C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
PRC - [2007/05/05 21:58:57 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\UAService7.exe
PRC - [2007/03/22 19:04:18 | 000,009,728 | ---- | M] (SDSD) -- C:\Program Files\Kodak\Printer\Center\KodakSvc.exe
PRC - [2007/02/20 06:10:26 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2006/07/26 12:03:30 | 000,443,904 | ---- | M] () -- C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/02/02 18:10:46 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS


========== Modules (SafeList) ==========

MOD - [2011/04/14 21:50:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- L:\OTL.exe
MOD - [2010/11/09 10:52:35 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbc32.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/07/25 11:17:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
MOD - [2008/06/14 22:11:09 | 000,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MOD - [2008/04/13 20:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/13 20:12:07 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sti.dll
MOD - [2008/04/13 20:12:02 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/13 20:12:02 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/13 20:12:02 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/13 20:12:01 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008/04/13 20:11:59 | 000,997,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msgina.dll
MOD - [2008/04/13 20:11:52 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008/04/13 20:11:51 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2008/04/13 13:26:05 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbcint.dll
MOD - [2006/10/18 21:47:18 | 000,284,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\PortableDeviceApi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/25 10:01:42 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2008/05/02 13:28:55 | 000,369,272 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2007/10/07 09:53:54 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2007/08/01 14:29:52 | 003,822,624 | ---- | M] (Paessler GmbH) [Auto | Running] -- C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe -- (PRTGService)
SRV - [2007/05/05 21:58:57 | 000,126,976 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7) SecuROM User Access Service (V7)
SRV - [2007/03/22 19:04:18 | 000,009,728 | ---- | M] (SDSD) [Auto | Running] -- C:\Program Files\Kodak\printer\center\KodakSvc.exe -- (KodakSvc)
SRV - [2006/07/26 12:03:30 | 000,443,904 | ---- | M] () [Auto | Running] -- C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe -- (prtgwatchservice)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/08/02 17:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [Disabled | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2005/02/02 18:10:46 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 14:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 04:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 04:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/04/18 09:50:16 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2008/06/14 22:11:09 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/12/05 01:26:40 | 002,782,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/03/01 19:54:22 | 000,021,056 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2006/10/18 04:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/18 04:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/09/22 14:06:10 | 000,092,160 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2006/06/28 10:41:56 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006/06/28 10:38:10 | 000,642,560 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/03/26 08:22:14 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006/03/24 12:27:01 | 000,050,176 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2006/03/13 05:38:23 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2006/02/16 16:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2005/08/10 10:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/08/02 17:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2005/01/05 17:43:06 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/09/03 13:23:10 | 000,115,680 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/09/03 13:19:07 | 000,054,368 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/08/26 13:12:34 | 002,241,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/08/04 15:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 15:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/06/17 18:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 18:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 18:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/06/04 04:27:46 | 000,840,960 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2004/04/01 17:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004/03/22 15:27:20 | 000,042,936 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/03/22 15:01:38 | 000,040,564 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2003/12/30 08:38:52 | 000,028,080 | ---- | M] (Ahead Software AG) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
DRV - [2003/12/01 11:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/21 20:48:06 | 000,130,192 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/21 20:47:38 | 000,178,672 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2001/09/26 12:20:38 | 000,047,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AP_USB.SYS -- (HNLXU) Intel® AnyPoint™
DRV - [2001/08/23 15:00:00 | 000,022,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
DRV - [2001/08/17 13:12:40 | 000,019,017 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8029.sys -- (rtl8029) Realtek RTL8029(AS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.gatewaybiz.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.gatewaybiz.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.moondographics.com/
IE - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = systemcontrolcenter.com;192.168.0.1;<local>
IE - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.0.1:87

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Template Shares Torrent Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.moondogra...om/kadence.htm"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3290
FF - prefs.js..network.proxy.http: "192.168.0.1"
FF - prefs.js..network.proxy.http_port: 87
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/01/05 21:36:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/01 09:32:04 | 000,000,000 | ---D | M]

[2008/09/15 21:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/09/05 20:11:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions
[2006/12/04 23:11:32 | 000,000,000 | ---D | M] ("Woopig.net") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\{0146b1d0-71d3-11db-9fe1-0800200c9a66}
[2007/10/19 07:31:08 | 000,000,000 | ---D | M] ("Mostly Crystal") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\{0cdfdd5e-eea6-45ff-b035-81243cf02efb}
[2009/09/05 20:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/07/08 22:15:51 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/03/03 20:41:51 | 000,000,000 | ---D | M] (Walnut for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
[2007/10/22 19:38:35 | 000,000,000 | ---D | M] (OldFactory Black) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\{69D30031-F4A8-452a-A5B3-5D6787C3C5CF}
[2007/11/03 12:32:49 | 000,000,000 | ---D | M] (Accessibar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\{81487e5d-d4e7-441b-b702-ab29eb3af951}
[2007/12/23 10:37:43 | 000,000,000 | ---D | M] (Aluminium Kai 2) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c}
[2006/06/15 19:27:17 | 000,000,000 | ---D | M] ("Firefox Vista") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\{C1CCF2A6-D735-4817-866A-993A66CF9A3D}
[2007/10/19 07:31:10 | 000,000,000 | ---D | M] ("Web Developer") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2007/10/19 07:31:10 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2007/10/19 07:31:08 | 000,000,000 | ---D | M] ("Red Cats (green flavor)") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\{dd30bf68-268a-4815-ad48-8740b774c764}
[2007/10/19 07:31:00 | 000,000,000 | ---D | M] ("Google Browser Sync") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\[email protected]
[2007/10/19 07:31:03 | 000,000,000 | ---D | M] ("ErrorZilla Mod") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\ErrorZillaMod@jaybaldwin
[2007/10/19 07:31:06 | 000,000,000 | ---D | M] ("Firebug") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\[email protected]
[2009/09/05 20:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\staged-xpis
[2008/06/27 10:57:22 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\searchplugins\ask.xml
[2008/02/14 08:01:48 | 000,002,904 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\searchplugins\template-shares-torrent-search.xml
[2008/06/27 10:57:22 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\searchplugins\wikipedia.xml
[2010/09/28 21:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/10/02 15:21:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\azerty_iii-3.1.1-fx\mozapps\extensions
[2006/12/04 22:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\mostly_crystal_for_firefox_-2.0.0.9-fx\browser\extensions
[2006/12/04 22:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\mostly_crystal_for_firefox_-2.0.0.9-fx\browser\extensions\icons
[2006/12/04 22:49:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\mostly_crystal_for_firefox_-2.0.0.9-fx\mozapps\extensions
[2006/11/14 15:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\noia_2.0_extreme_-3.34-fx\mozapps\extensions
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX
[2004/07/02 15:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\components\np32asw.dll
[2004/07/02 15:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32asw.dll

O1 HOSTS File: ([2007/04/29 22:56:10 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-21-2025213858-2358470224-48696532-1003..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Bandwidth Meter.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\..Trusted Domains: //@signup.mar@ ([]money in My Computer)
O15 - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\..Trusted Domains: //@surf.mar@ ([]money in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=48835 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...DC_1_0_0_44.cab (FilePlanet Download Control Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1144844827656 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} http://www.ksolo.com/getPlugin.do (kSoloCntrlIE Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.142.173.10 67.142.173.11
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (kataliwo.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\miwegire.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\awtqoNFw: DllName - awtqoNFw.dll - File not found
O20 - Winlogon\Notify\WB: DllName - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\fastload.dll (Stardock)
O24 - Desktop WallPaper: C:\WINDOWS\FeatherTexture.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\FeatherTexture.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\khfDtQGv) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 14:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 11:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{4ecdc349-7b7e-11d9-b19d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4ecdc349-7b7e-11d9-b19d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4ecdc349-7b7e-11d9-b19d-806d6172696f}\Shell\AutoRun\command - "" = F:\run.exe East Front II
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: VIDC.IV50 - C:\WINDOWS\System32\Ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "WebrootSpySweeperService"
MsConfig - Services: "rpcapd"
MsConfig - Services: "ose"
MsConfig - Services: "odserv"
MsConfig - Services: "Adobe LM Service"
MsConfig - Services: "wuauserv"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Free WebSite Tools.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Grouper.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe - (Eastman Kodak Company)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Greetings Workshop Reminders.lnk - C:\Program Files\Greetings Workshop\GWREMIND.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe - ()
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: AlcWzrd - hkey= - key= - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
MsConfig - StartUpReg: ATIPTA - hkey= - key= - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
MsConfig - StartUpReg: AVG7_CC - hkey= - key= - File not found
MsConfig - StartUpReg: ClocX - hkey= - key= - File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: CursorXP - hkey= - key= - File not found
MsConfig - StartUpReg: DAEMON Tools - hkey= - key= - C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
MsConfig - StartUpReg: High Definition Audio Property Page Shortcut - hkey= - key= - File not found
MsConfig - StartUpReg: HP Lamp - hkey= - key= - File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: IncrediMail - hkey= - key= - C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: Magentic - hkey= - key= - C:\Program Files\Magentic\bin\Magentic.exe ()
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NBJ - hkey= - key= - C:\Program Files\Ahead\Nero BackItUp\nbj.exe (Ahead Software AG)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: Rainlendar2 - hkey= - key= - File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SpySweeper - hkey= - key= - File not found
MsConfig - StartUpReg: Steam - hkey= - key= - c:\Program Files\Valve\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SunKistEM - hkey= - key= - C:\Program Files\eMachines Bay Reader\shwiconem.exe (Alcor Micro, Corp.)
MsConfig - StartUpReg: Yahoo! Pager - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2



ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3fe8dce3-19f0-35c9-aaf2-efc830dc2105} -
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {76EBC1F0-4E9C-4B7F-7D8F-BBA9CE079B14} - Vector Graphics Rendering (VML)
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {7B53B7E2-B63D-9A62-7E71-FE0E5BDAED5A} - DirectAnimation
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F599EF65-2394-9EA9-BA89-733DE156B057} - Microsoft Windows Media Player
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

========== Files/Folders - Created Within 30 Days ==========

[2011/04/14 22:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2011/04/14 18:53:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ashampoo
[2011/04/14 18:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ashampoo
[2011/04/14 18:52:44 | 000,039,776 | ---- | C] (mst software GmbH, Germany) -- C:\WINDOWS\System32\DfSdkBt64.exe
[2011/04/14 18:52:44 | 000,033,632 | ---- | C] (mst software GmbH, Germany) -- C:\WINDOWS\System32\DfSdkBt32.exe
[2011/04/14 18:52:41 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2011/04/14 18:48:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/04/01 10:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2011/04/01 10:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2006/10/08 10:05:55 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[2005/07/21 12:37:56 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[42 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/20 23:09:00 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2011/04/20 23:06:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/20 22:06:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/20 22:05:06 | 000,293,019 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/04/20 21:00:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\teyzedvi.job
[2011/04/20 20:38:05 | 002,831,544 | ---- | M] () -- C:\logfile
[2011/04/20 20:37:22 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/20 20:33:23 | 039,106,560 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/04/20 20:33:22 | 017,122,304 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/04/20 20:32:37 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/20 20:30:58 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/04/20 20:30:21 | 000,001,217 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2011/04/20 20:29:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/14 18:52:46 | 000,001,848 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Drag & Drop Deinstallation.lnk
[2011/04/14 18:52:46 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo UnInstaller 4.lnk
[2011/04/14 18:51:32 | 000,034,308 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mazuki.dll
[2011/04/14 18:48:03 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/13 17:47:53 | 112,368,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/04/11 21:53:30 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/01 09:32:04 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[42 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/20 22:07:35 | 000,293,019 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/04/14 18:52:46 | 000,001,848 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Drag & Drop Deinstallation.lnk
[2011/04/14 18:52:46 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo UnInstaller 4.lnk
[2011/04/14 18:51:32 | 000,034,308 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mazuki.dll
[2011/04/14 18:48:03 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2009/07/10 19:33:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/04/05 11:34:09 | 000,105,984 | ---- | C] () -- C:\WINDOWS\System32\c_dll.dll
[2008/04/14 09:35:51 | 000,175,600 | -HS- | C] () -- C:\WINDOWS\System32\vGQtDfhk.ini2
[2008/04/14 09:35:51 | 000,175,600 | -HS- | C] () -- C:\WINDOWS\System32\vGQtDfhk.ini
[2008/02/10 23:48:23 | 000,000,343 | ---- | C] () -- C:\WINDOWS\DcmLtBox.ini
[2008/02/06 15:06:23 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2008/01/10 23:07:30 | 000,001,369 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/01/10 14:26:50 | 000,000,883 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007/12/08 19:28:11 | 000,000,208 | ---- | C] () -- C:\WINDOWS\EFICOLOR.INI
[2007/12/08 19:28:11 | 000,000,200 | ---- | C] () -- C:\WINDOWS\CDPHOTO.INI
[2007/12/08 19:27:58 | 000,000,072 | ---- | C] () -- C:\WINDOWS\visguide.ini
[2007/12/08 19:27:29 | 000,000,048 | ---- | C] () -- C:\WINDOWS\bartcan.ini
[2007/12/04 22:33:27 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/12/04 22:33:27 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007/12/04 22:33:27 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007/10/20 16:12:53 | 000,123,996 | ---- | C] () -- C:\WINDOWS\HPHins12.dat.temp
[2007/10/20 16:12:53 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat.temp
[2007/10/07 09:53:55 | 000,001,217 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2007/10/07 09:53:54 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2007/10/07 09:53:54 | 000,002,560 | ---- | C] () -- C:\WINDOWS\Runservice.exe
[2007/07/30 21:34:59 | 000,001,372 | ---- | C] () -- C:\WINDOWS\ForgeOfFreedom.ini
[2007/07/24 22:30:21 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2007/07/24 14:20:45 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\bassmod.dll
[2007/07/16 09:56:18 | 000,024,575 | ---- | C] () -- C:\WINDOWS\System32\Mpwinapppiobas69.dll
[2007/07/16 09:55:57 | 000,112,156 | ---- | C] () -- C:\WINDOWS\System32\Msdts325.dat
[2007/06/08 13:53:50 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/05/10 22:36:00 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\shctxex.dll
[2007/05/05 21:58:57 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\UAService7.exe
[2007/03/28 06:55:21 | 000,000,026 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/02/08 13:43:20 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\micr0st.dll
[2007/02/07 20:07:49 | 000,000,028 | ---- | C] () -- C:\WINDOWS\SciFi3.ini
[2007/01/29 08:28:19 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2006/10/29 16:25:09 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/10/29 16:25:09 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/08 10:05:55 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ezpinst.exe
[2006/10/08 10:05:55 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2006/10/08 10:05:55 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2006/09/14 13:53:38 | 000,000,210 | ---- | C] () -- C:\WINDOWS\bgw.ini
[2006/09/04 21:38:10 | 000,000,253 | ---- | C] () -- C:\WINDOWS\nir.ini
[2006/09/02 23:20:07 | 000,000,391 | ---- | C] () -- C:\WINDOWS\crownofglory.ini
[2006/07/23 19:33:11 | 000,000,249 | ---- | C] () -- C:\WINDOWS\bgs.ini
[2006/06/28 10:41:56 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2006/06/28 10:38:10 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd7213.sys
[2006/06/13 12:19:21 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\BW32000C.DLL
[2006/05/30 23:20:42 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\MSSud6OCX.dll
[2006/05/05 23:46:52 | 000,000,402 | ---- | C] () -- C:\WINDOWS\player_army_stats.ini
[2006/04/02 18:25:57 | 000,000,031 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/03/15 10:20:57 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2006/03/15 09:35:43 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2006/03/15 09:35:43 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/02/15 22:21:28 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\BAD6A17DE8.dll
[2006/02/11 14:18:09 | 000,000,098 | ---- | C] () -- C:\WINDOWS\creation.INI
[2006/02/06 16:19:08 | 000,005,996 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/02/06 16:15:27 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\teulKit.dll
[2006/01/19 08:55:48 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/01/12 00:04:14 | 000,000,228 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2005/12/26 13:46:05 | 000,000,249 | ---- | C] () -- C:\WINDOWS\bgn.ini
[2005/12/05 19:53:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2005/11/10 14:42:05 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/10/19 15:15:21 | 000,000,078 | ---- | C] () -- C:\WINDOWS\PrezoPlayer.INI
[2005/10/19 10:55:49 | 000,000,085 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/10/18 19:33:30 | 000,000,055 | ---- | C] () -- C:\WINDOWS\WinFTP.INI
[2005/09/28 21:48:38 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/09/28 21:48:38 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/09/28 21:48:38 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/09/23 06:56:22 | 000,304,128 | ---- | C] () -- C:\WINDOWS\System32\keygen.dll
[2005/09/16 00:06:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\mgsnhDemo_32.dll
[2005/08/23 22:55:44 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2005/08/02 17:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/07/21 12:37:56 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2005/07/21 12:37:55 | 000,060,928 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/07/11 17:31:32 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/07/09 23:32:06 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2005/06/12 13:10:22 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/05/16 18:56:17 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2005/05/16 18:56:17 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005/05/03 16:18:54 | 000,158,080 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/05/02 18:07:44 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/04/13 13:15:39 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2005/03/14 20:38:05 | 000,000,059 | ---- | C] () -- C:\WINDOWS\cleandrv.INI
[2005/03/12 22:48:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/03/07 20:52:23 | 000,000,082 | ---- | C] () -- C:\WINDOWS\wb.ini
[2005/02/22 04:24:05 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/02/21 02:02:21 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/02/19 16:49:10 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2005/02/17 21:28:28 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/15 18:37:20 | 000,031,264 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2005/02/14 10:29:56 | 000,000,268 | ---- | C] () -- C:\WINDOWS\ui_mv32.ini
[2005/02/14 10:29:43 | 000,250,368 | ---- | C] () -- C:\WINDOWS\System32\imagxpr3.dll
[2005/02/14 10:25:48 | 000,000,335 | ---- | C] () -- C:\WINDOWS\Trpmaker.INI
[2005/02/14 10:23:51 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PlugFile.dll
[2005/02/14 10:23:50 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2005/02/14 10:23:50 | 000,038,688 | ---- | C] () -- C:\WINDOWS\System32\Leaddib.drv
[2005/02/14 10:23:50 | 000,011,136 | ---- | C] () -- C:\WINDOWS\System32\Fprun300.dll
[2005/02/13 15:04:13 | 000,000,579 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2005/02/12 23:26:51 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/02/12 14:45:17 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FASTWiz.html
[2005/02/10 22:19:40 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2005/02/10 21:43:57 | 000,000,293 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2005/02/10 21:38:43 | 000,000,222 | ---- | C] () -- C:\WINDOWS\ENations.ini
[2005/02/10 19:36:50 | 000,000,249 | ---- | C] () -- C:\WINDOWS\bgg.ini
[2005/02/10 19:30:55 | 000,000,239 | ---- | C] () -- C:\WINDOWS\bgr.ini
[2005/02/10 19:21:13 | 000,001,048 | ---- | C] () -- C:\WINDOWS\EReg192.dat
[2005/02/10 12:31:35 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2005/02/10 12:11:36 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\hpgt34.dll
[2005/02/02 17:55:23 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/02/02 17:55:19 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2005/02/02 17:53:41 | 000,518,520 | ---- | C] () -- C:\WINDOWS\vidres.exe
[2005/02/02 17:50:51 | 000,471,298 | ---- | C] () -- C:\WINDOWS\wallpg.exe
[2005/02/02 17:48:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/02 17:41:41 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/02/02 17:41:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll
[2005/02/02 17:41:40 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/08/27 06:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/27 05:54:47 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/08/26 14:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/26 14:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/26 12:12:43 | 000,000,543 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/26 12:12:43 | 000,000,465 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 12:12:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/26 12:12:10 | 000,441,902 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/26 12:12:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/26 12:12:10 | 000,071,854 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/26 12:12:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/26 12:12:08 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/26 12:12:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/26 12:12:05 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/26 12:12:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/26 12:11:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/26 12:11:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/26 12:11:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/26 06:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/26 06:54:01 | 001,355,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/03/28 22:11:10 | 000,067,428 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2003/03/04 04:29:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2001/08/23 15:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2000/04/11 21:44:56 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

========== LOP Check ==========

[2005/02/02 17:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MOONDOGS\Application Data\SampleView
[2011/04/14 18:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashampoo
[2011/04/14 22:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/12/19 14:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2006/04/06 16:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chasing Dogs Studios
[2010/12/19 14:16:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/05/12 08:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dyvozgfa
[2008/02/06 16:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2005/12/24 14:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameBlend
[2007/09/25 19:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2009/07/29 17:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2009/07/28 08:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2008/02/06 16:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2010/12/19 14:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/02/25 15:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/02/02 17:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/02/02 17:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2007/12/24 19:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SDSD
[2010/03/01 04:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOM\Application Data\Facebook
[2008/09/02 07:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOM\Application Data\NetMedia Providers
[2008/09/02 07:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOM\Application Data\Publish Providers
[2005/02/02 17:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOM\Application Data\SampleView
[2006/05/07 01:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.bittorrent
[2008/02/19 18:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.purple
[2011/04/14 22:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2008/06/18 22:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Black Sea Studios
[2006/04/06 16:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Chasing Dogs Studios
[2007/04/25 09:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ethereal
[2006/01/12 00:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FTW
[2006/07/12 12:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gena01
[2007/11/30 11:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2007/10/10 07:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HTNetMeter
[2007/08/29 21:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
[2007/08/29 08:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
[2007/09/25 18:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jane s Hotel
[2008/02/25 00:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Legends of pirates
[2008/01/24 00:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2006/05/30 23:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MPS-Sudoku2006
[2006/11/28 08:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2006/03/03 13:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NetMedia Providers
[2006/04/08 23:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nology
[2007/02/26 15:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2007/09/09 20:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2006/03/03 13:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers
[2006/06/19 21:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RecordPad
[2005/02/02 17:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2007/09/28 23:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sandlot Games
[2007/01/29 07:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SlySoft
[2006/06/15 20:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thunderbird
[2006/11/02 22:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uk.co.planetside
[2006/01/20 14:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uqm
[2008/03/16 23:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2008/03/17 10:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2007/07/16 08:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\XnView
[2006/10/28 16:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\yoclient
[2010/12/19 14:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Z-girl\Application Data\AVG10
[2005/02/02 17:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Z-girl\Application Data\SampleView
[2011/04/14 19:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Z-girl\Application Data\Vso
[2011/04/20 21:00:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\teyzedvi.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:525DFE14
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:554C6431
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A6BC948
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81405BF2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D282CC2B
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7B98566
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E412AAF2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80B291A7
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9547F1DB
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94F67F32
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81653DC8
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A875255B
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13A59596

< End of report >
  • 0

#8
Salagubang
Posted 20 April 2011 - 10:38 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Step One


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\RunOnceEx: [] File not found
O20 - AppInit_DLLs: (kataliwo.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\miwegire.dll) - File not found
O20 - Winlogon\Notify\awtqoNFw: DllName - awtqoNFw.dll - File not found
O33 - MountPoints2\{4ecdc349-7b7e-11d9-b19d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4ecdc349-7b7e-11d9-b19d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4ecdc349-7b7e-11d9-b19d-806d6172696f}\Shell\AutoRun\command - "" = F:\run.exe East Front II
[2011/04/20 21:00:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\teyzedvi.job
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:525DFE14
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:554C6431
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A6BC948
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81405BF2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D282CC2B
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7B98566
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E412AAF2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80B291A7
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9547F1DB
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94F67F32
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81653DC8
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A875255B
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13A59596

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Step Two

We need to temporarily remove your Anti-Virus, as it interes with the fix I want to run. You can reinstall it again later. If you are not happy about doing this, please let me know before proceding

Download AppRemover and run it.

Click Next >>
Posted Image


Ensure "Remove Security Application" is collected and click Next >>
Posted Image


AppRemover will scan all the security applications on your PC
Posted Image

Select Any AVG entries from the applications offered and click Next >> twice.
Posted Image

Follow any further on-screen instructions. If asked to reboot,please do so.

Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed


Step Three

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#9
moondog830
Posted 21 April 2011 - 02:36 PM

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts
Still working on Step One ... here is the scan AFTER the fix you gave me.


OTL logfile created on: 4/21/2011 4:09:35 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 377.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.34 Gb Total Space | 86.40 Gb Free Space | 38.01% Space Free | Partition Type: NTFS
Drive D: | 5.53 Gb Total Space | 1.65 Gb Free Space | 29.80% Space Free | Partition Type: FAT32
Drive L: | 7.47 Gb Total Space | 4.77 Gb Free Space | 63.83% Space Free | Partition Type: FAT32

Computer Name: MOONDOGS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/14 21:50:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/01/07 02:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 02:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 16:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/05 17:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 17:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 05:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2009/12/28 11:34:57 | 000,122,880 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2008/05/02 13:28:55 | 000,369,272 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2008/04/23 03:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/15 03:40:39 | 000,032,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/07 09:53:54 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
PRC - [2007/08/01 14:29:52 | 003,822,624 | ---- | M] (Paessler GmbH) -- C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
PRC - [2007/05/05 21:58:57 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\UAService7.exe
PRC - [2007/03/22 19:04:18 | 000,009,728 | ---- | M] (SDSD) -- C:\Program Files\Kodak\Printer\Center\KodakSvc.exe
PRC - [2007/02/20 06:10:26 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2006/07/26 12:03:30 | 000,443,904 | ---- | M] () -- C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/02/02 18:10:46 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS


========== Modules (SafeList) ==========

MOD - [2011/04/14 21:50:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/25 10:01:42 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2008/05/02 13:28:55 | 000,369,272 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2007/10/07 09:53:54 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2007/08/01 14:29:52 | 003,822,624 | ---- | M] (Paessler GmbH) [Auto | Running] -- C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe -- (PRTGService)
SRV - [2007/05/05 21:58:57 | 000,126,976 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7) SecuROM User Access Service (V7)
SRV - [2007/03/22 19:04:18 | 000,009,728 | ---- | M] (SDSD) [Auto | Running] -- C:\Program Files\Kodak\printer\center\KodakSvc.exe -- (KodakSvc)
SRV - [2006/07/26 12:03:30 | 000,443,904 | ---- | M] () [Auto | Running] -- C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe -- (prtgwatchservice)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/08/02 17:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [Disabled | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2005/02/02 18:10:46 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 14:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 04:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 04:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/04/18 09:50:16 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2008/06/14 22:11:09 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/12/05 01:26:40 | 002,782,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/03/01 19:54:22 | 000,021,056 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2006/10/18 04:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/18 04:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/09/22 14:06:10 | 000,092,160 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2006/06/28 10:41:56 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006/06/28 10:38:10 | 000,642,560 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/03/26 08:22:14 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006/03/24 12:27:01 | 000,050,176 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2006/03/13 05:38:23 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2006/02/16 16:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2005/08/10 10:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/08/02 17:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2005/01/05 17:43:06 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/09/03 13:23:10 | 000,115,680 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/09/03 13:19:07 | 000,054,368 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/08/26 13:12:34 | 002,241,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/08/04 15:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 15:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/06/17 18:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 18:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 18:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/06/04 04:27:46 | 000,840,960 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2004/04/01 17:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004/03/22 15:27:20 | 000,042,936 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/03/22 15:01:38 | 000,040,564 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2003/12/30 08:38:52 | 000,028,080 | ---- | M] (Ahead Software AG) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
DRV - [2003/12/01 11:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/21 20:48:06 | 000,130,192 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/21 20:47:38 | 000,178,672 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2001/09/26 12:20:38 | 000,047,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AP_USB.SYS -- (HNLXU) Intel® AnyPoint™
DRV - [2001/08/23 15:00:00 | 000,022,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
DRV - [2001/08/17 13:12:40 | 000,019,017 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8029.sys -- (rtl8029) Realtek RTL8029(AS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.gatewaybiz.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.gatewaybiz.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.moondographics.com/
IE - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = systemcontrolcenter.com;192.168.0.1;<local>
IE - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.0.1:87

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Template Shares Torrent Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.moondogra...om/kadence.htm"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3290
FF - prefs.js..network.proxy.http: "192.168.0.1"
FF - prefs.js..network.proxy.http_port: 87
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/01/05 21:36:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/01 09:32:04 | 000,000,000 | ---D | M]

[2008/09/15 21:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/09/05 20:11:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions
[2006/12/04 23:11:32 | 000,000,000 | ---D | M] ("Woopig.net") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\{0146b1d0-71d3-11db-9fe1-0800200c9a66}
[2007/10/19 07:31:08 | 000,000,000 | ---D | M] ("Mostly Crystal") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\{0cdfdd5e-eea6-45ff-b035-81243cf02efb}
[2009/09/05 20:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/07/08 22:15:51 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/03/03 20:41:51 | 000,000,000 | ---D | M] (Walnut for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
[2007/10/22 19:38:35 | 000,000,000 | ---D | M] (OldFactory Black) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\{69D30031-F4A8-452a-A5B3-5D6787C3C5CF}
[2007/11/03 12:32:49 | 000,000,000 | ---D | M] (Accessibar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\{81487e5d-d4e7-441b-b702-ab29eb3af951}
[2007/12/23 10:37:43 | 000,000,000 | ---D | M] (Aluminium Kai 2) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c}
[2006/06/15 19:27:17 | 000,000,000 | ---D | M] ("Firefox Vista") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\{C1CCF2A6-D735-4817-866A-993A66CF9A3D}
[2007/10/19 07:31:10 | 000,000,000 | ---D | M] ("Web Developer") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2007/10/19 07:31:10 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2007/10/19 07:31:08 | 000,000,000 | ---D | M] ("Red Cats (green flavor)") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\{dd30bf68-268a-4815-ad48-8740b774c764}
[2007/10/19 07:31:00 | 000,000,000 | ---D | M] ("Google Browser Sync") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\[email protected]
[2007/10/19 07:31:03 | 000,000,000 | ---D | M] ("ErrorZilla Mod") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\ErrorZillaMod@jaybaldwin
[2007/10/19 07:31:06 | 000,000,000 | ---D | M] ("Firebug") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\[email protected]
[2009/09/05 20:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\extensions\staged-xpis
[2008/06/27 10:57:22 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\searchplugins\ask.xml
[2008/02/14 08:01:48 | 000,002,904 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\searchplugins\template-shares-torrent-search.xml
[2008/06/27 10:57:22 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vk675i5h.default\searchplugins\wikipedia.xml
[2010/09/28 21:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/10/02 15:21:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\azerty_iii-3.1.1-fx\mozapps\extensions
[2006/12/04 22:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\mostly_crystal_for_firefox_-2.0.0.9-fx\browser\extensions
[2006/12/04 22:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\mostly_crystal_for_firefox_-2.0.0.9-fx\browser\extensions\icons
[2006/12/04 22:49:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\mostly_crystal_for_firefox_-2.0.0.9-fx\mozapps\extensions
[2006/11/14 15:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\noia_2.0_extreme_-3.34-fx\mozapps\extensions
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX
[2004/07/02 15:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\components\np32asw.dll
[2004/07/02 15:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32asw.dll

O1 HOSTS File: ([2011/04/21 09:04:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-21-2025213858-2358470224-48696532-1003..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Bandwidth Meter.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\..Trusted Domains: //@signup.mar@ ([]money in My Computer)
O15 - HKU\S-1-5-21-2025213858-2358470224-48696532-1003\..Trusted Domains: //@surf.mar@ ([]money in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=48835 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...DC_1_0_0_44.cab (FilePlanet Download Control Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1144844827656 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} http://www.ksolo.com/getPlugin.do (kSoloCntrlIE Class)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WB: DllName - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\fastload.dll (Stardock)
O24 - Desktop WallPaper: C:\WINDOWS\FeatherTexture.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\FeatherTexture.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\khfDtQGv) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 14:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 11:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/21 16:07:57 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/14 22:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2011/04/14 18:53:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ashampoo
[2011/04/14 18:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ashampoo
[2011/04/14 18:52:44 | 000,039,776 | ---- | C] (mst software GmbH, Germany) -- C:\WINDOWS\System32\DfSdkBt64.exe
[2011/04/14 18:52:44 | 000,033,632 | ---- | C] (mst software GmbH, Germany) -- C:\WINDOWS\System32\DfSdkBt32.exe
[2011/04/14 18:52:41 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2011/04/14 18:48:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/04/01 10:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2011/04/01 10:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2006/10/08 10:05:55 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[2005/07/21 12:37:56 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[1 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/21 16:13:15 | 002,832,321 | ---- | M] () -- C:\logfile
[2011/04/21 16:06:37 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/04/21 16:06:16 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/21 16:06:13 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/21 16:06:07 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/21 15:56:20 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/21 15:56:11 | 000,001,217 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2011/04/21 15:55:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/21 09:04:02 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/21 09:02:43 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/04/21 09:02:43 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/20 23:09:00 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2011/04/20 22:05:06 | 000,293,019 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/04/20 20:33:25 | 017,122,304 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/04/20 20:33:23 | 039,106,560 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/04/14 21:50:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/14 18:52:46 | 000,001,848 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Drag & Drop Deinstallation.lnk
[2011/04/14 18:52:46 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo UnInstaller 4.lnk
[2011/04/14 18:51:32 | 000,034,308 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mazuki.dll
[2011/04/14 18:48:03 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/13 17:47:53 | 112,368,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/04/11 21:53:30 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/01 09:32:04 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk

========== Files Created - No Company Name ==========

[2011/04/21 09:02:43 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/04/21 09:02:43 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/20 22:07:35 | 000,293,019 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/04/14 18:52:46 | 000,001,848 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Drag & Drop Deinstallation.lnk
[2011/04/14 18:52:46 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo UnInstaller 4.lnk
[2011/04/14 18:51:32 | 000,034,308 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mazuki.dll
[2011/04/14 18:48:03 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2009/07/10 19:33:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/04/05 11:34:09 | 000,105,984 | ---- | C] () -- C:\WINDOWS\System32\c_dll.dll
[2008/04/14 09:35:51 | 000,175,600 | -HS- | C] () -- C:\WINDOWS\System32\vGQtDfhk.ini2
[2008/04/14 09:35:51 | 000,175,600 | -HS- | C] () -- C:\WINDOWS\System32\vGQtDfhk.ini
[2008/02/10 23:48:23 | 000,000,343 | ---- | C] () -- C:\WINDOWS\DcmLtBox.ini
[2008/02/06 15:06:23 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2008/01/10 23:07:30 | 000,001,369 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/01/10 14:26:50 | 000,000,883 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007/12/08 19:28:11 | 000,000,208 | ---- | C] () -- C:\WINDOWS\EFICOLOR.INI
[2007/12/08 19:28:11 | 000,000,200 | ---- | C] () -- C:\WINDOWS\CDPHOTO.INI
[2007/12/08 19:27:58 | 000,000,072 | ---- | C] () -- C:\WINDOWS\visguide.ini
[2007/12/08 19:27:29 | 000,000,048 | ---- | C] () -- C:\WINDOWS\bartcan.ini
[2007/12/04 22:33:27 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/12/04 22:33:27 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007/12/04 22:33:27 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007/10/20 16:12:53 | 000,123,996 | ---- | C] () -- C:\WINDOWS\HPHins12.dat.temp
[2007/10/20 16:12:53 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat.temp
[2007/10/07 09:53:55 | 000,001,217 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2007/10/07 09:53:54 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2007/10/07 09:53:54 | 000,002,560 | ---- | C] () -- C:\WINDOWS\Runservice.exe
[2007/07/30 21:34:59 | 000,001,372 | ---- | C] () -- C:\WINDOWS\ForgeOfFreedom.ini
[2007/07/24 22:30:21 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2007/07/24 14:20:45 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\bassmod.dll
[2007/07/16 09:56:18 | 000,024,575 | ---- | C] () -- C:\WINDOWS\System32\Mpwinapppiobas69.dll
[2007/07/16 09:55:57 | 000,112,156 | ---- | C] () -- C:\WINDOWS\System32\Msdts325.dat
[2007/06/08 13:53:50 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/05/10 22:36:00 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\shctxex.dll
[2007/05/05 21:58:57 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\UAService7.exe
[2007/03/28 06:55:21 | 000,000,026 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/02/08 13:43:20 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\micr0st.dll
[2007/02/07 20:07:49 | 000,000,028 | ---- | C] () -- C:\WINDOWS\SciFi3.ini
[2007/01/29 08:28:19 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2006/10/29 16:25:09 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/10/29 16:25:09 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/08 10:05:55 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ezpinst.exe
[2006/10/08 10:05:55 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2006/10/08 10:05:55 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2006/09/14 13:53:38 | 000,000,210 | ---- | C] () -- C:\WINDOWS\bgw.ini
[2006/09/04 21:38:10 | 000,000,253 | ---- | C] () -- C:\WINDOWS\nir.ini
[2006/09/02 23:20:07 | 000,000,391 | ---- | C] () -- C:\WINDOWS\crownofglory.ini
[2006/07/23 19:33:11 | 000,000,249 | ---- | C] () -- C:\WINDOWS\bgs.ini
[2006/06/28 10:41:56 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2006/06/28 10:38:10 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd7213.sys
[2006/06/13 12:19:21 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\BW32000C.DLL
[2006/05/30 23:20:42 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\MSSud6OCX.dll
[2006/05/05 23:46:52 | 000,000,402 | ---- | C] () -- C:\WINDOWS\player_army_stats.ini
[2006/04/02 18:25:57 | 000,000,031 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/03/15 10:20:57 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2006/03/15 09:35:43 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2006/03/15 09:35:43 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/02/15 22:21:28 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\BAD6A17DE8.dll
[2006/02/11 14:18:09 | 000,000,098 | ---- | C] () -- C:\WINDOWS\creation.INI
[2006/02/06 16:19:08 | 000,005,996 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/02/06 16:15:27 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\teulKit.dll
[2006/01/19 08:55:48 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/01/12 00:04:14 | 000,000,228 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2005/12/26 13:46:05 | 000,000,249 | ---- | C] () -- C:\WINDOWS\bgn.ini
[2005/12/05 19:53:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2005/11/10 14:42:05 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/10/19 15:15:21 | 000,000,078 | ---- | C] () -- C:\WINDOWS\PrezoPlayer.INI
[2005/10/19 10:55:49 | 000,000,085 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/10/18 19:33:30 | 000,000,055 | ---- | C] () -- C:\WINDOWS\WinFTP.INI
[2005/09/28 21:48:38 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/09/28 21:48:38 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/09/28 21:48:38 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/09/23 06:56:22 | 000,304,128 | ---- | C] () -- C:\WINDOWS\System32\keygen.dll
[2005/09/16 00:06:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\mgsnhDemo_32.dll
[2005/08/23 22:55:44 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2005/08/02 17:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/07/21 12:37:56 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2005/07/21 12:37:55 | 000,060,928 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/07/11 17:31:32 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/07/09 23:32:06 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2005/06/12 13:10:22 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/05/16 18:56:17 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2005/05/16 18:56:17 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005/05/03 16:18:54 | 000,158,080 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/05/02 18:07:44 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/04/13 13:15:39 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2005/03/14 20:38:05 | 000,000,059 | ---- | C] () -- C:\WINDOWS\cleandrv.INI
[2005/03/12 22:48:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/03/07 20:52:23 | 000,000,082 | ---- | C] () -- C:\WINDOWS\wb.ini
[2005/02/22 04:24:05 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/02/21 02:02:21 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/02/19 16:49:10 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2005/02/17 21:28:28 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/15 18:37:20 | 000,031,264 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2005/02/14 10:29:56 | 000,000,268 | ---- | C] () -- C:\WINDOWS\ui_mv32.ini
[2005/02/14 10:29:43 | 000,250,368 | ---- | C] () -- C:\WINDOWS\System32\imagxpr3.dll
[2005/02/14 10:25:48 | 000,000,335 | ---- | C] () -- C:\WINDOWS\Trpmaker.INI
[2005/02/14 10:23:51 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PlugFile.dll
[2005/02/14 10:23:50 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2005/02/14 10:23:50 | 000,038,688 | ---- | C] () -- C:\WINDOWS\System32\Leaddib.drv
[2005/02/14 10:23:50 | 000,011,136 | ---- | C] () -- C:\WINDOWS\System32\Fprun300.dll
[2005/02/13 15:04:13 | 000,000,579 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2005/02/12 23:26:51 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/02/12 14:45:17 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FASTWiz.html
[2005/02/10 22:19:40 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2005/02/10 21:43:57 | 000,000,293 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2005/02/10 21:38:43 | 000,000,222 | ---- | C] () -- C:\WINDOWS\ENations.ini
[2005/02/10 19:36:50 | 000,000,249 | ---- | C] () -- C:\WINDOWS\bgg.ini
[2005/02/10 19:30:55 | 000,000,239 | ---- | C] () -- C:\WINDOWS\bgr.ini
[2005/02/10 19:21:13 | 000,001,048 | ---- | C] () -- C:\WINDOWS\EReg192.dat
[2005/02/10 12:31:35 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2005/02/10 12:11:36 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\hpgt34.dll
[2005/02/02 17:55:23 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/02/02 17:55:19 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2005/02/02 17:53:41 | 000,518,520 | ---- | C] () -- C:\WINDOWS\vidres.exe
[2005/02/02 17:50:51 | 000,471,298 | ---- | C] () -- C:\WINDOWS\wallpg.exe
[2005/02/02 17:48:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/02 17:41:41 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/02/02 17:41:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll
[2005/02/02 17:41:40 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/08/27 06:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/27 05:54:47 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/08/26 14:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/26 14:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/26 12:12:43 | 000,000,543 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/26 12:12:43 | 000,000,465 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 12:12:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/26 12:12:10 | 000,441,902 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/26 12:12:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/26 12:12:10 | 000,071,854 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/26 12:12:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/26 12:12:08 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/26 12:12:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/26 12:12:05 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/26 12:12:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/26 12:11:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/26 12:11:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/26 12:11:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/26 06:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/26 06:54:01 | 001,355,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/03/28 22:11:10 | 000,067,428 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2003/03/04 04:29:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2001/08/23 15:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2000/04/11 21:44:56 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

========== LOP Check ==========

[2005/02/02 17:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MOONDOGS\Application Data\SampleView
[2011/04/14 18:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashampoo
[2011/04/14 22:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/12/19 14:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2006/04/06 16:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chasing Dogs Studios
[2010/12/19 14:16:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/05/12 08:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dyvozgfa
[2008/02/06 16:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2005/12/24 14:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameBlend
[2007/09/25 19:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2009/07/29 17:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2009/07/28 08:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2008/02/06 16:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2010/12/19 14:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/02/25 15:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/02/02 17:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/02/02 17:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2007/12/24 19:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SDSD
[2010/03/01 04:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOM\Application Data\Facebook
[2008/09/02 07:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOM\Application Data\NetMedia Providers
[2008/09/02 07:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOM\Application Data\Publish Providers
[2005/02/02 17:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MOM\Application Data\SampleView
[2006/05/07 01:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.bittorrent
[2008/02/19 18:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.purple
[2011/04/14 22:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2008/06/18 22:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Black Sea Studios
[2006/04/06 16:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Chasing Dogs Studios
[2007/04/25 09:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ethereal
[2006/01/12 00:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FTW
[2006/07/12 12:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gena01
[2007/11/30 11:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2007/10/10 07:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HTNetMeter
[2007/08/29 21:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
[2007/08/29 08:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
[2007/09/25 18:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jane s Hotel
[2008/02/25 00:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Legends of pirates
[2008/01/24 00:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2006/05/30 23:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MPS-Sudoku2006
[2006/11/28 08:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2006/03/03 13:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NetMedia Providers
[2006/04/08 23:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nology
[2007/02/26 15:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2007/09/09 20:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2006/03/03 13:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers
[2006/06/19 21:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RecordPad
[2005/02/02 17:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2007/09/28 23:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sandlot Games
[2007/01/29 07:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SlySoft
[2006/06/15 20:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thunderbird
[2006/11/02 22:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uk.co.planetside
[2006/01/20 14:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uqm
[2008/03/16 23:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2008/03/17 10:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2007/07/16 08:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\XnView
[2006/10/28 16:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\yoclient
[2010/12/19 14:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Z-girl\Application Data\AVG10
[2005/02/02 17:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Z-girl\Application Data\SampleView
[2011/04/14 19:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Z-girl\Application Data\Vso

========== Purity Check ==========



< End of report >
  • 0

#10
moondog830
Posted 22 April 2011 - 06:56 AM

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts
I'm sorry, but at this point, I'm just a bit confused ... there are 2 Step Two's above ... one is for using GMER Rootkit Scanner and the other for App Remover. Do I run them both? Which one first?

dog
  • 0

Advertisements

#11
Salagubang
Posted 22 April 2011 - 07:00 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
You may follow my last set of instructions, i.e., app remover, combofix.

:D
  • 0

#12
moondog830
Posted 22 April 2011 - 04:02 PM

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts
I finished Step Two and moved on to Step Three ... however, when I tried to run ComboFix I got the following error

Posted Image

I do not currently have access to the internet with this computer. it's one of the reasons I'm here in the first place. What do I do now?

going to see if I can download it and then transfer it to my troubled computer.

dog
  • 0

#13
Salagubang
Posted 22 April 2011 - 04:04 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image


  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image


  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.
  • 0

#14
moondog830
Posted 23 April 2011 - 06:07 PM

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts
ComboFix Results


ComboFix 11-04-21.04 - Owner 04/23/2011 19:01:18.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.640 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator.MOONDOGS\WINDOWS
c:\documents and settings\All Users\Application Data\mazuki.dll
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\MOM\WINDOWS
c:\documents and settings\Owner\WINDOWS
c:\documents and settings\Z-girl\Application Data\pcouffin.sys
c:\documents and settings\Z-girl\WINDOWS
C:\ipconfig.txt
C:\readme.txt
c:\windows\system32\c_dll.dll
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\vGQtDfhk.ini
c:\windows\system32\vGQtDfhk.ini2
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-03-23 to 2011-04-23 )))))))))))))))))))))))))))))))
.
.
2011-04-14 23:12 . 2011-04-14 23:12 81920 ----a-w- c:\documents and settings\Z-girl\Application Data\ezpinst.exe
2011-04-14 23:12 . 2011-04-14 23:12 -------- d-----w- c:\documents and settings\Z-girl\Application Data\Vso
2011-04-14 22:53 . 2011-04-14 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Ashampoo
2011-04-14 22:52 . 2010-05-13 14:28 33632 ----a-w- c:\windows\system32\DfSdkBt32.exe
2011-04-14 22:52 . 2010-03-13 17:16 39776 ----a-w- c:\windows\system32\DfSdkBt64.exe
2011-04-14 22:52 . 2011-04-14 22:52 -------- d-----w- c:\program files\Ashampoo
2011-04-01 14:14 . 2011-04-01 14:14 -------- d-----w- c:\program files\Coupons
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-18 17:33 . 2011-02-14 22:05 71072 ----a-w- c:\windows\CouponPrinter.ocx
2011-02-09 13:53 . 2004-08-26 16:12 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-26 16:11 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2004-08-26 18:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-26 18:00 677888 ----a-w- c:\windows\system32\mstsc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-28 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-08-03 1626112]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-12-28 122880]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Bandwidth Meter.lnk - c:\program files\Wizard Software\Bandwidth Meter\BandMeter.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-6-15 25214]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-15 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-23 04:01 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 03:34 24576 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Free WebSite Tools.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Free WebSite Tools.lnk
backup=c:\windows\pss\Free WebSite Tools.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Grouper.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Grouper.lnk
backup=c:\windows\pss\Grouper.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Greetings Workshop Reminders.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Greetings Workshop Reminders.lnk
backup=c:\windows\pss\Greetings Workshop Reminders.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-07-20 14:22 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2004-08-24 18:01 2552320 ----a-w- c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-05-13 01:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-12-10 14:57 133016 ----a-w- c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-07 21:07 61952 ----a-w- c:\windows\system32\HdAShCut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 06:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
2009-07-15 15:36 251264 ----a-w- c:\program files\IncrediMail\bin\IncMail.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
2006-08-06 15:46 315436 ----a-w- c:\progra~1\Magentic\bin\Magentic.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2006-09-15 17:27 2048000 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 21:47 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-08-24 18:14 77824 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2007-12-09 01:31 1266936 ----a-w- c:\progra~1\Valve\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 07:43 83608 ----a-w- c:\program files\Java\jre1.6.0_01\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
2004-03-11 23:18 135168 ----a-w- c:\program files\eMachines Bay Reader\shwiconEM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WebrootSpySweeperService"=2 (0x2)
"rpcapd"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"wuauserv"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Adobe\\Adobe GoLive CS\\GoLive.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\moondog830\\dedicated server\\hlds.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\moondog830\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\moondog830\\condition zero\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\moondog830\\day of defeat\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\moondog830\\condition zero deleted scenes\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\PRTG Traffic Grapher\\PRTG Traffic Grapher.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwuSchd2.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\acrotray.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"=
"c:\\WINDOWS\\system32\\imapi.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"62363:TCP"= 62363:TCP:utorrent
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/28/2006 10:38 AM 642560]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 12:53 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 11:39 AM 55024]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [6/27/2007 9:07 AM 369272]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [3/22/2007 7:04 PM 9728]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [10/7/2007 9:53 AM 2560]
R2 PRTGService;PRTG Service;c:\program files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe [10/10/2007 7:10 AM 3822624]
R2 prtgwatchservice;PRTG Watchdog;c:\program files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe [10/10/2007 7:10 AM 443904]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/28/2009 11:36 AM 133104]
S3 HNLXU;Intel® AnyPoint™ USB 1 Mbps Network Adapter Driver;c:\windows\system32\drivers\AP_USB.SYS [9/26/2001 12:20 PM 47096]
S3 iatmunin;iatmunin;\??\c:\docume~1\Owner\LOCALS~1\Temp\iatmunin.sys --> c:\docume~1\Owner\LOCALS~1\Temp\iatmunin.sys [?]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\DRIVERS\mr97310v.sys --> c:\windows\system32\DRIVERS\mr97310v.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 5:10 PM 32512]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-04-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-28 13:58]
.
2011-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 15:36]
.
2011-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 15:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.moondographics.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=192.168.0.1:87
uInternet Settings,ProxyOverride = systemcontrolcenter.com;192.168.0.1;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: {1484381A-8C03-4F23-8B75-6037DDF5668C} = 66.82.4.8
DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} - hxxp://www.ksolo.com/getPlugin.do
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe
MSConfigStartUp-ClocX - c:\program files\ClocX\ClocX.exe
MSConfigStartUp-CursorXP - c:\program files\CursorXP\CursorXP.exe
MSConfigStartUp-HP Lamp - c:\program files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
MSConfigStartUp-Rainlendar2 - c:\program files\Rainlendar2\Rainlendar2.exe
MSConfigStartUp-SpySweeper - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
AddRemove-TalonSoft's West Front: Operation Sea Lion - c:\program files\TalonSoft\West Front\Uninst.isu
AddRemove-WS_FTP Pro - c:\program files\WS_FTP Pro\uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-23 19:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2025213858-2358470224-48696532-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a2,e5,e2,c4,22,66,b9,3a,15,c1,8d,ba,71,a4,39,f4,e8,be,76,19,24,c7,06,
bf,d6,f3,37,86,74,1a,de,b7,67,d8,e9,b6,88,3c,2a,17,1f,8e,58,34,f3,9c,9e,74,\
"??"=hex:4b,2e,12,ea,48,29,89,90,73,8f,de,3b,ba,28,0d,03
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5C082286-DD56-6B96-110FABAC317C22E3}\{17077DA0-F2D9-EF48-DBC13F521337D931}\{A783887F-564D-BBBA-662193019693FEBC}*]
"526BA65ZPQS4U365YNAELLJ5XA1"=hex:01,00,01,00,00,00,00,00,50,bd,9f,8a,7e,a0,d0,
fa,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{95b7291e-dce2-459f-a967-8de58e8182ac}\InprocServer32]
@DACL=(02 0000)
@="c:\\windows\\system32\\miwegire.dll"
"ThreadingModel"="Both"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F9E7FB8A-7FC0-F5C6-C2C005BCC6E52A75}\{38D64012-6403-EA81-41E60280EAB79558}\{8D4E630B-001F-4733-DF87B943421629E7}*]
"526BA65ZPQS4U365YNAELLJ5XA1"=hex:01,00,01,00,00,00,00,00,50,bd,9f,8a,7e,a0,d0,
fa,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347]
"1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
25
"2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
c3
"3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\0685B4039E83FFC215FE6F791AF60AF7]
"1"=hex:e4,aa,f8,f3,74,8d,9e,c8,87,9d,1b,26,37,fe,f3,a9,e1,65,0b,4e,76,5e,be,
cc,22,d3,ec,74,16,8a,da,65,11,e3,07,bb,51,b8,fc,76
"2"=hex:1b,a7,03,51,01,06,3c,c9
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:93,41,de,56,34,94,a7,b2,fc,ed,3e,91,10,66,4e,1a,c6,31,42,b5,d7,5d,59,
d2,15,2d,46,f0,84,ba,60,d2,1d,15,55,8f,94,36,ff,d9,13,fd,dc,f4,43,be,c7,61,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2e,4e,96,8c,7e,a3,52,
64,0b,26,ce,91,53,4b,53,9a,85,70,6c,f0,9f,1f,18,c9,f3,fb,e2,b4,f6,a7,d8,a5,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:b6,dd,00,4d,9d,38,11,d1
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(820)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
.
- - - - - - - > 'explorer.exe'(3068)
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2011-04-23 19:37:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-23 23:37
ComboFix2.txt 2007-02-14 23:19
.
Pre-Run: 93,078,085,632 bytes free
Post-Run: 92,895,895,552 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - D58A32C7A7BBB23ABDAF69F5632BAD6D
  • 0

#15
Salagubang
Posted 23 April 2011 - 06:12 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Check if internet has been restored on this machine.

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

next

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP