Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

XP Anti Spyware 2011

Started by rshaffer61 , May 11 2011 07:14 AM

  • This topic is locked This topic is locked

#1
rshaffer61
Posted 11 May 2011 - 07:14 AM

rshaffer61

    Moderator

  • Moderator
  • 34,114 posts
This is for my wife's system. She allows a friend to use her system and I believe it has caused this infection to happen through the download of games, music and such. She cannot get any Internet browser to work since this started yesterday which includes IE, FF and Google chrome. I am transferring files back and forth through my system via a flash drive.
Below I am including the OTL and MBAM logs for review.

OTL logfile created on: 5/11/2011 7:59:14 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = G:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 160.63 Gb Free Space | 68.98% Space Free | Partition Type: NTFS
Drive E: | 76.33 Gb Total Space | 52.19 Gb Free Space | 68.38% Space Free | Partition Type: NTFS
Drive G: | 243.24 Mb Total Space | 119.09 Mb Free Space | 48.96% Space Free | Partition Type: FAT

Computer Name: KELLY | User Name: Klown | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/11 07:54:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2011/05/10 21:07:34 | 000,232,854 | -HS- | M] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\ewb.exe
PRC - [2011/02/23 09:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/27 19:36:03 | 000,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/07/10 13:49:24 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2008/09/20 23:13:46 | 000,941,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WGATray.exe
PRC - [2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/11 07:54:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
MOD - [2011/02/23 09:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2008/04/13 19:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [On_Demand | Stopped] -- -- (IDriverT)
SRV - [2011/05/06 21:18:52 | 003,274,328 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Akamai/netsession_win_3f211bc.dll -- (Akamai)
SRV - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/05/06 13:23:56 | 000,090,296 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/02/06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2001/08/06 07:41:48 | 000,028,672 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe -- (nhksrv)


========== Driver Services (SafeList) ==========

DRV - [2011/03/07 15:58:40 | 000,715,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/02/23 08:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 08:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 08:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 08:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 08:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 08:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 08:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/25 17:04:06 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/25 23:28:21 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/25 23:28:21 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/28 11:35:10 | 005,937,152 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/18 18:04:20 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/02/12 16:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dddsk.sys -- (ElRawDisk)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/12/12 14:04:56 | 000,034,963 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hid7906.sys -- (hid7906)
DRV - [2007/12/03 08:46:12 | 000,037,024 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hid8101.sys -- (hid8101)
DRV - [2007/11/28 10:52:46 | 000,034,587 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hid8103.sys -- (hid8103)
DRV - [2007/10/18 05:28:52 | 000,052,224 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ViPrt.sys -- (ViPrt)
DRV - [2007/10/18 05:28:30 | 000,016,896 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ViBus.sys -- (ViBus)
DRV - [2007/09/21 04:49:10 | 000,009,216 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2007/07/11 13:08:46 | 000,714,240 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/03/16 01:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2005/01/14 11:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004/12/03 05:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004/10/28 05:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/08/04 07:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/08/04 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 07:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/04 07:00:00 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2004/08/04 07:00:00 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 07:00:00 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntapm.sys -- (NtApm)
DRV - [2004/08/04 07:00:00 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2004/05/13 08:00:04 | 000,111,808 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/05/13 06:19:36 | 000,079,488 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003/12/01 10:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/06 07:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003/01/17 03:59:56 | 000,001,984 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\papycpu2.sys -- (papycpu2)
DRV - [2002/09/16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001/12/20 10:02:12 | 000,006,656 | ---- | M] (Netropa Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Msikbd2k.sys -- (msikbd2k)
DRV - [2001/08/17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2001/08/17 07:50:00 | 000,320,384 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mgaum.sys -- (mgau)
DRV - [2001/08/17 07:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001/08/17 07:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [1998/10/06 09:36:26 | 000,001,984 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\papycpu.sys -- (papycpu)
DRV - [1998/10/06 09:36:26 | 000,001,888 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\papyjoy.sys -- (papyjoy)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook....home.php?ref=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.searchqu....ystemid=406&q="


FF - HKLM\software\mozilla\Firefox\extensions\\{C013B787-9962-42CC-B9AE-CFAAC8D8124A}: C:\Documents and Settings\Klown\Local Settings\Application Data\{C013B787-9962-42CC-B9AE-CFAAC8D8124A}\ [2011/05/10 09:51:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 18:23:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/05 18:23:38 | 000,000,000 | ---D | M]

[2011/04/26 21:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Klown\Application Data\Mozilla\Extensions
[2011/04/26 21:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Klown\Application Data\Mozilla\Firefox\Profiles\bjfuz40g.default\extensions
[2011/04/26 21:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Klown\Application Data\Mozilla\Firefox\Profiles\bjfuz40g.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}-trash
[2011/03/23 07:24:21 | 000,005,529 | ---- | M] () -- C:\Documents and Settings\Klown\Application Data\Mozilla\Firefox\Profiles\bjfuz40g.default\searchplugins\SearchquWebSearch.xml
[2011/05/05 17:56:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/25 17:31:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/08 17:18:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/10 09:51:50 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\KLOWN\LOCAL SETTINGS\APPLICATION DATA\{C013B787-9962-42CC-B9AE-CFAAC8D8124A}
[2010/12/08 17:18:33 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/05 18:23:25 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/10/23 11:30:53 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2010/10/23 11:30:53 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
[2010/12/08 17:18:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2011/05/05 18:23:28 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/03/23 07:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml

O1 HOSTS File: ([2010/08/15 15:03:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\Klown\Start Menu\Programs\Startup\AutorunsDisabled [2010/12/16 22:39:31 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} http://housecall60.t...all/xscan60.cab (HouseCall Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.8.cab (DLM Control)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinn...d/bejeweled.cab (Bejeweled Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1281909565671 (WUWebControl Class)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinn...ll/freecell.cab (FreeCell Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1255611893908 (MUWebControl Class)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} http://housecall65.t...ivex/hcImpl.cab (Housecall ActiveX 6.5)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai...all/xscan53.cab (HouseCall Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinn...eweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcp...ols/pcmatic.cab (PCMaticVer Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} https://ediagnostics....com/serval.cab (Lexmark eDiagnostics Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...aploader_v6.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Klown\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Klown\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/15 16:05:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Klown\Local Settings\Application Data\ewb.exe" -a "%1" %* ()
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Klown\Local Settings\Application Data\ewb.exe" -a "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2011/05/10 23:21:07 | 000,000,000 | ---D | C] -- C:\Malwarebytes
[2011/05/10 11:43:45 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/05/10 09:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Local Settings\Application Data\{C013B787-9962-42CC-B9AE-CFAAC8D8124A}
[2011/05/10 09:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\My Documents\Links 2003
[2011/05/10 08:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games
[2011/05/10 08:45:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Links 2003
[2011/05/10 08:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2011/05/06 21:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2011/05/06 18:59:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS
[2011/05/06 18:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Application Data\WinRAR
[2011/05/06 18:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Application Data\Gygan
[2011/05/06 18:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Local Settings\Application Data\Xenocode
[2011/05/06 17:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Local Settings\Application Data\DFUserRoot
[2011/05/03 11:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\My Documents\NHL09
[2011/05/03 11:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EA Sports
[2011/05/03 11:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports
[2011/05/02 19:49:16 | 000,438,272 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2011/05/02 19:49:09 | 000,327,680 | ---- | C] (On2.com Inc.) -- C:\WINDOWS\System32\vp6dec.ax
[2011/05/02 19:49:09 | 000,118,832 | ---- | C] (MicroQuill Software Publishing, Inc.) -- C:\WINDOWS\System32\SHW32.DLL
[2011/05/02 18:39:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EA Games
[2011/05/02 18:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games
[2011/04/27 20:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Application Data\Unity
[2011/04/27 20:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Local Settings\Application Data\Unity
[2011/04/26 18:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2011/04/26 14:04:46 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\WINDOWS\System32\tm20dec.ax
[2011/04/26 11:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Local Settings\Application Data\Ilivid Player
[2011/04/26 11:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Local Settings\Application Data\PackageAware
[2011/04/25 13:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools
[2011/04/25 13:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools
[2011/04/25 13:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/04/25 10:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Application Data\URSoft
[2011/04/25 09:54:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/04/25 09:40:48 | 000,000,000 | ---D | C] -- C:\Splash
[2011/04/24 18:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2011/04/24 18:56:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\World of Warcraft
[2011/04/24 18:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2011/04/24 18:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2011/04/23 18:58:53 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2011/04/16 20:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2011/04/16 20:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Application Data\McGraw-HillLicensing
[2011/04/13 20:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/04/13 20:05:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Application Data\SystemRequirementsLab
[2011/04/13 19:26:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TerraGame Shared
[2011/04/13 18:50:04 | 000,034,587 | ---- | C] (Compuware Corporation) -- C:\WINDOWS\System32\drivers\hid8103.sys
[2011/04/13 18:50:03 | 000,037,024 | ---- | C] (Compuware Corporation) -- C:\WINDOWS\System32\drivers\hid8101.sys
[2011/04/13 18:50:03 | 000,034,963 | ---- | C] (Compuware Corporation) -- C:\WINDOWS\System32\drivers\hid7906.sys
[2011/04/13 18:50:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\USB Vibration
[2011/04/13 18:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\USB Vibration
[2011/04/12 16:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2 C:\Documents and Settings\Klown\My Documents\*.tmp files -> C:\Documents and Settings\Klown\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/11 07:51:08 | 000,014,072 | -HS- | M] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\5162qny2ob203v1p2ryg257h14
[2011/05/11 07:51:08 | 000,014,072 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5162qny2ob203v1p2ryg257h14
[2011/05/11 07:50:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/11 07:50:12 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/05/11 07:49:55 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\tasks\LCFGRAIJ.job
[2011/05/11 07:49:55 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\tasks\Xtltrhk.job
[2011/05/11 07:49:55 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\EFFTL.job
[2011/05/11 07:49:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/11 07:18:03 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1060284298-854245398-1003UA.job
[2011/05/10 21:47:41 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/10 21:44:34 | 000,105,984 | ---- | M] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/10 21:07:34 | 000,232,854 | -HS- | M] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\ewb.exe
[2011/05/10 18:18:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1060284298-854245398-1003Core.job
[2011/05/10 13:48:18 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/10 12:04:45 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2011/05/10 12:02:44 | 000,416,279 | ---- | M] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\census.cache
[2011/05/10 12:02:25 | 000,217,861 | ---- | M] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\ars.cache
[2011/05/10 11:42:57 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\housecall.guid.cache
[2011/05/10 11:28:10 | 000,000,245 | ---- | M] () -- C:\WINDOWS\Msiosd.ini
[2011/05/05 21:57:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/05 18:20:15 | 000,001,526 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2011/05/02 14:10:18 | 000,000,485 | ---- | M] () -- C:\WINDOWS\EReg072.dat
[2011/05/02 13:39:57 | 000,000,034 | -H-- | M] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2011/04/26 14:04:45 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\Klown\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/04/26 14:04:44 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/04/26 14:04:44 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/04/25 18:41:23 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/04/25 14:00:31 | 000,000,632 | ---- | M] () -- C:\WINDOWS\CoDUO.INI
[2011/04/25 13:08:31 | 000,465,402 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/25 13:08:31 | 000,079,162 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/18 21:53:10 | 000,000,902 | ---- | M] () -- C:\WINDOWS\LEXSTAT.INI
[2011/04/18 19:39:50 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\00000830.LCS
[2011/04/14 18:08:53 | 000,000,143 | ---- | M] () -- C:\Documents and Settings\Klown\default.pls
[2011/04/13 19:33:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\LiveBilliards.INI
[2011/04/12 16:17:13 | 000,000,200 | ---- | M] () -- C:\WINDOWS\slotcars.ini
[2011/04/11 16:24:38 | 000,000,282 | -HS- | M] () -- C:\boot.ini
[2011/04/11 16:19:44 | 000,000,648 | ---- | M] () -- C:\WINDOWS\Sierra.ini
[2011/04/11 12:14:48 | 000,000,183 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2 C:\Documents and Settings\Klown\My Documents\*.tmp files -> C:\Documents and Settings\Klown\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/10 21:07:37 | 000,014,072 | -HS- | C] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\5162qny2ob203v1p2ryg257h14
[2011/05/10 21:07:37 | 000,014,072 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5162qny2ob203v1p2ryg257h14
[2011/05/10 21:07:34 | 000,232,854 | -HS- | C] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\ewb.exe
[2011/05/10 13:48:18 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/10 12:04:45 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2011/05/10 12:02:44 | 000,416,279 | ---- | C] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\census.cache
[2011/05/10 12:02:25 | 000,217,861 | ---- | C] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\ars.cache
[2011/05/10 11:42:57 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\housecall.guid.cache
[2011/05/10 09:49:48 | 000,000,310 | -HS- | C] () -- C:\WINDOWS\tasks\LCFGRAIJ.job
[2011/05/10 09:49:44 | 000,000,304 | -HS- | C] () -- C:\WINDOWS\tasks\EFFTL.job
[2011/05/10 09:49:38 | 000,000,306 | -HS- | C] () -- C:\WINDOWS\tasks\Xtltrhk.job
[2011/05/05 18:23:42 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/02 13:39:57 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2011/04/28 21:31:04 | 000,000,485 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2011/04/26 14:04:37 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2011/04/26 14:04:37 | 000,005,672 | ---- | C] () -- C:\WINDOWS\System32\quartz.vxd
[2011/04/25 18:13:27 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1060284298-854245398-1003UA.job
[2011/04/25 18:13:27 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1060284298-854245398-1003Core.job
[2011/04/25 12:36:29 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/25 11:14:31 | 000,000,632 | ---- | C] () -- C:\WINDOWS\CoDUO.INI
[2011/04/18 16:32:56 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\00000830.LCS
[2011/04/13 19:33:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LiveBilliards.INI
[2011/04/12 16:16:59 | 000,000,200 | ---- | C] () -- C:\WINDOWS\slotcars.ini
[2011/04/11 15:33:20 | 000,001,874 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2011/04/11 12:47:19 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\papycpu.sys
[2011/04/11 12:47:19 | 000,001,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\papyjoy.sys
[2011/04/09 17:17:19 | 000,001,526 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/04/08 19:11:56 | 000,044,648 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2011/04/06 22:18:45 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\papycpu2.sys
[2011/04/06 22:16:26 | 000,000,648 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2011/04/05 16:27:43 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2011/04/05 16:27:43 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2011/03/28 10:57:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/25 21:59:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2011/03/17 19:36:35 | 000,000,253 | ---- | C] () -- C:\WINDOWS\RealRace.INI
[2011/03/15 10:01:09 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\fusioncache.dat
[2011/03/14 19:09:32 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2011/03/07 22:14:40 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/03/07 14:28:54 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\.mpid
[2011/03/05 10:15:27 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/03/05 10:10:58 | 000,323,296 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/24 19:40:31 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/02/23 18:28:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2011/01/24 19:50:34 | 000,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2010/10/23 23:34:57 | 000,667,136 | R--- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2010/08/15 14:53:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/15 14:53:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/15 14:53:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/15 14:53:29 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/15 14:53:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/12 11:48:10 | 000,000,100 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2009/08/30 15:19:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/03 22:16:57 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/04/18 19:34:17 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\kodakpcd.ini
[2009/04/03 00:47:45 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/09/20 23:13:46 | 000,530,976 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/02/01 20:36:21 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Klown.ini
[2006/06/16 11:55:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/01/30 07:42:22 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2006/01/06 08:56:51 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2005/12/28 16:41:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/12/28 16:32:51 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2005/08/09 17:13:59 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/08/09 17:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 17:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/16 22:22:15 | 000,000,019 | ---- | C] () -- C:\WINDOWS\wp.ini
[2005/07/16 22:22:14 | 000,002,059 | ---- | C] () -- C:\WINDOWS\wp2.ini
[2005/07/16 22:07:50 | 000,002,059 | ---- | C] () -- C:\WINDOWS\dom2.ini
[2005/06/11 14:06:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/05/28 10:13:13 | 000,000,004 | ---- | C] () -- C:\WINDOWS\RM_RESULT.DAT
[2005/05/28 10:12:41 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/05/28 10:11:11 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2005/05/03 11:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 11:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/02/19 16:39:16 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2005/02/12 11:58:43 | 000,000,183 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/02/12 11:58:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2005/02/12 11:58:37 | 000,000,245 | ---- | C] () -- C:\WINDOWS\Msiosd.ini
[2005/02/07 23:46:44 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/02/07 20:09:25 | 000,105,984 | ---- | C] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/07 00:19:31 | 000,000,902 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2005/02/06 22:30:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/06 22:05:14 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2005/02/06 15:13:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/02/06 14:58:53 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/02/06 08:46:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/02/06 08:43:56 | 000,276,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\mfcl31d.dll
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,465,402 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,079,162 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/05/24 13:33:16 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\LEXPING.EXE
[2002/11/13 02:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2002/11/01 16:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/14 13:34:46 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/01/19 02:50:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== LOP Check ==========

[2010/05/12 21:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/30 17:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2008/07/03 20:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2011/04/01 18:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2011/01/22 20:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/04/25 13:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/02/23 19:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/07/13 15:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLAC to MP3
[2011/05/10 09:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Links 2003
[2011/04/26 20:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2011/05/10 12:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2005/04/03 16:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/03/07 17:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/03/05 18:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2011/04/25 10:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/10/07 20:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/03/15 10:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VRCGameUpdater
[2011/03/19 21:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/09 16:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Aim
[2009/04/02 21:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Auslogics
[2010/10/30 17:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Broderbund
[2011/01/22 20:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Canneverbe Limited
[2010/10/23 11:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Catalina Marketing Corp
[2011/03/13 18:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\DAEMON Tools Lite
[2011/02/23 19:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\DAEMON Tools Pro
[2010/08/03 18:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\E-centives
[2011/03/13 19:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\fotw
[2005/08/16 19:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\FUJIFILM
[2011/05/06 19:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Gygan
[2011/04/06 18:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Iqtafe
[2011/02/24 19:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Leadertech
[2011/04/16 20:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\McGraw-HillLicensing
[2011/03/18 17:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Nordic Games
[2009/04/18 16:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Skinux
[2011/04/13 20:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\SystemRequirementsLab
[2011/04/27 20:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Unity
[2011/04/25 10:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\URSoft
[2011/04/06 18:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Usifu
[2011/05/11 08:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\uTorrent
[2010/01/10 20:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\WeatherBug
[2009/04/02 20:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Windows Desktop Search
[2009/04/03 00:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Windows Search
[2011/05/11 07:49:55 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\Tasks\EFFTL.job
[2011/05/11 07:49:55 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\Tasks\LCFGRAIJ.job
[2011/05/11 07:49:55 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\Tasks\Xtltrhk.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C265C458
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95

< End of report >







OTL Extras logfile created on: 5/11/2011 7:59:14 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = G:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 160.63 Gb Free Space | 68.98% Space Free | Partition Type: NTFS
Drive E: | 76.33 Gb Total Space | 52.19 Gb Free Space | 68.38% Space Free | Partition Type: NTFS
Drive G: | 243.24 Mb Total Space | 119.09 Mb Free Space | 48.96% Space Free | Partition Type: FAT

Computer Name: KELLY | User Name: Klown | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Documents and Settings\Klown\Local Settings\Application Data\ewb.exe ()

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Add to Converter List] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "E:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "E:\Winamp\UninstWA.exe\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Winamp\UninstWA.exe\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Winamp\UninstWA.exe\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1039:TCP" = 1039:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\1124997359\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1124997359\ee\AOLServiceHost.exe:*:Enabled:AOL Services
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\WinMX\WinMX.exe" = C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application -- (Frontcode Technologies)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Audio Bible Ambassador\ABA3.exe" = C:\Program Files\Audio Bible Ambassador\ABA3.exe:*:Enabled:Audio Bible Ambassador -- ()
"C:\Program Files\Audio Bible Ambassador\webupdater.exe" = C:\Program Files\Audio Bible Ambassador\webupdater.exe:*:Enabled:Audio Bible Ambassador Updater -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Documents and Settings\Klown\Desktop\solutoinstaller.exe" = C:\Documents and Settings\Klown\Desktop\solutoinstaller.exe:*:Enabled:SolutoInstaller


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{0208A7E3-0D30-11D4-A1FC-00508B9D1BA2}" = Smart Office Keyboard
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java™ SE Development Kit 6 Update 23
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58F9D852-9443-4955-A1ED-12C9E0504DD0}" = Mavis Beacon Teaches Typing Platinum 20
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66ED8E01-C915-41F5-B33E-C5C31F27B885}" = USB Network Driver
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8B4F2108-7395-4951-A7BE-86DA108A001C}" = OGA Notifier 1.7.0105.14.0
"{8C4504A1-9280-11D5-9F7E-00902712427E}" = Sid Meier's SimGolf
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}" = The Sims Complete Collection
"{F2B5A2A7-2DF9-4361-8BD5-362714528B51}" = NHL® 09
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Akamai" = Akamai NetSession Interface
"Audio Bible Ambassador_is1" = Audio Bible Ambassador 1.0
"avast" = avast! Free Antivirus
"Bible Scenes Screen Saver" = Bible Scenes Screen Saver
"DivXLand Media Subtitler" = DivXLand Media Subtitler
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FTW" = Family Tree Maker
"Google Updater" = Google Updater
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"Lexmark 1200 Series" = Lexmark 1200 Series
"Links 2003 1.0" = Microsoft Links 2003
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Medical Terminology: A Programmed Approach" = Medical Terminology: A Programmed Approach
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"PC Matic_is1" = PC Matic 1.0.0.17
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealRace" = RealRace Simulator
"Speccy" = Speccy
"UltraISO_is1" = UltraISO Premium V9.36
"uTorrent" = µTorrent
"VIA Chrome9 HC IGP Family Display" = VIA Display Driver 6.14.10.0099
"Virtual RC Racing_is1" = Virtual RC Racing 3.5
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"mpowerplayer" = mpowerplayer
"MXpie Patch" = MXpie Patch for WinMX Network/WPNP 3.3.3.4
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/10/2011 9:11:54 PM | Computer Name = KELLY | Source = ESENT | ID = 454
Description = wuauclt (3084) Database recovery/restore failed with unexpected error
-551.

Error - 5/10/2011 9:11:55 PM | Computer Name = KELLY | Source = ESENT | ID = 454
Description = wuauclt (1808) Database recovery/restore failed with unexpected error
-551.

Error - 5/10/2011 9:11:55 PM | Computer Name = KELLY | Source = ESENT | ID = 454
Description = wuauclt (1252) Database recovery/restore failed with unexpected error
-551.

Error - 5/10/2011 9:41:56 PM | Computer Name = KELLY | Source = ESENT | ID = 454
Description = wuauclt (2476) Database recovery/restore failed with unexpected error
-551.

Error - 5/10/2011 9:41:57 PM | Computer Name = KELLY | Source = ESENT | ID = 454
Description = wuauclt (2608) Database recovery/restore failed with unexpected error
-551.

Error - 5/10/2011 9:41:57 PM | Computer Name = KELLY | Source = ESENT | ID = 454
Description = wuauclt (3696) Database recovery/restore failed with unexpected error
-551.

Error - 5/10/2011 9:41:58 PM | Computer Name = KELLY | Source = ESENT | ID = 454
Description = wuauclt (1828) Database recovery/restore failed with unexpected error
-551.

Error - 5/10/2011 9:41:59 PM | Computer Name = KELLY | Source = ESENT | ID = 454
Description = wuauclt (3676) Database recovery/restore failed with unexpected error
-551.

Error - 5/10/2011 9:41:59 PM | Computer Name = KELLY | Source = ESENT | ID = 454
Description = wuauclt (2740) Database recovery/restore failed with unexpected error
-551.

Error - 5/10/2011 11:33:57 PM | Computer Name = KELLY | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\KLOWN\MY DOCUMENTS\DOWNLOADS\GAMES\[PC]
LINKS GOLF 2003 +33 COURSES [DOPEMAN]\LINKS2003_V1.02_NOCD.ZIP> in the hash map
cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached
to the system is not functioning. (0x8007001f)

[ System Events ]
Error - 5/8/2011 12:11:31 PM | Computer Name = KELLY | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 5/8/2011 12:11:50 PM | Computer Name = KELLY | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 5/8/2011 12:11:55 PM | Computer Name = KELLY | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 5/8/2011 12:12:01 PM | Computer Name = KELLY | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 5/8/2011 12:12:06 PM | Computer Name = KELLY | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 5/8/2011 12:12:20 PM | Computer Name = KELLY | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 5/8/2011 12:12:30 PM | Computer Name = KELLY | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 5/8/2011 12:12:50 PM | Computer Name = KELLY | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 5/8/2011 12:24:39 PM | Computer Name = KELLY | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 5/8/2011 1:10:20 PM | Computer Name = KELLY | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058


< End of report >







Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6547

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

5/11/2011 7:46:07 AM
mbam-log-2011-05-11 (07-46-07).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 201105
Time elapsed: 31 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Klown\Local Settings\Application Data\ewb.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Klown\Local Settings\Application Data\ewb.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Klown\Local Settings\Application Data\ewb.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Documents and Settings\Klown\Local Settings\Application Data\ewb.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements

#2
Render
Posted 11 May 2011 - 08:38 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, rshaffer61! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyze and fix your PC in the long run.

Please perform the following steps below:

Step 1

Do this on your clean machine:
  • Please download Panda USB Vaccine here (you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
  • Install and run it.
  • Plug in USB drive and click on Vaccinate USB and Vaccinate computer.

Step 2

Download RogueKiller to your USB drive on your clean machine to transfer it to your infected machine's desktop.
On your infected machine please do the following:
  • Quit all running programs
  • Copy RogueKiller.exe from your USB drive to your desktop.
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please copy RKreport.txt to your USB drive and post the contents of it in your next Reply from your clean machine.

Step 3

We need to run an OTL Fix

  • Please download attached fix.txt file to your USB drive on your clean machine. Attached File  fix.txt   1.23KB   138 downloads
  • Plug-in that USB drive in your infected machine.
  • Please reopen Posted Image on infected machine.
  • Double click on Run fix button.
  • Click on OK and navigate to your USB drive, select fix.txt file and open it.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Copy that file to your USB drive and post the contents of it in your next Reply from your clean machine.

When completed the above, please post back the following in the order asked for:
  • Content of RKreport.txt file
  • OTL fix log
  • Please check if you can run browsers on your infected machine.

  • 0

#3
rshaffer61
Posted 11 May 2011 - 10:11 AM

rshaffer61

    Moderator

  • Topic Starter
  • Moderator
  • 34,114 posts
RogueKiller V5.1.1 [05/05/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Klown [Admin rights]
Mode: Scan -- Date : 05/11/2011 10:59:56

Bad processes: 1
[APPDT/TMP/DESKTOP] ewb.exe -- c:\documents and settings\klown\local settings\application data\ewb.exe -> KILLED

Registry Entries: 7
[FILEASSO] HKCU\[...]Software\Classes\.exe\shell\open\command : ("C:\Documents and Settings\Klown\Local Settings\Application Data\ewb.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCU\[...]Software\Classes\exefile\shell\open\command : ("C:\Documents and Settings\Klown\Local Settings\Application Data\ewb.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCR\[...]exefile\shell\open\command : ("C:\Documents and Settings\Klown\Local Settings\Application Data\ewb.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCR\[...].exe\shell\open\command : ("C:\Documents and Settings\Klown\Local Settings\Application Data\ewb.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command : ("C:\Documents and Settings\Klown\Local Settings\Application Data\ewb.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") -> FOUND
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command : ("C:\Documents and Settings\Klown\Local Settings\Application Data\ewb.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) -> FOUND
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Documents and Settings\Klown\Local Settings\Application Data\ewb.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") -> FOUND

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt



OTL FIX


All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Classes\exefile\shell\open\command\\'' updated successfully.
C:\Documents and Settings\Klown\Local Settings\Application Data\ewb.exe moved successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Documents and Settings\Klown\Local Settings\Application Data\5162qny2ob203v1p2ryg257h14 moved successfully.
C:\Documents and Settings\All Users\Application Data\5162qny2ob203v1p2ryg257h14 moved successfully.
C:\WINDOWS\tasks\LCFGRAIJ.job moved successfully.
C:\WINDOWS\tasks\Xtltrhk.job moved successfully.
C:\WINDOWS\tasks\EFFTL.job moved successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\Klown\Local Settings\Application Data\ewb.exe not found.
File\Folder C:\Documents and Settings\Klown\Local Settings\Application Data\5162qny2ob203v1p2ryg257h14 not found.
File\Folder C:\Documents and Settings\All Users\Application Data\5162qny2ob203v1p2ryg257h14 not found.
File\Folder C:\WINDOWS\tasks\LCFGRAIJ.job not found.
File\Folder C:\WINDOWS\tasks\Xtltrhk.job not found.
File\Folder C:\WINDOWS\tasks\EFFTL.job not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
G:\cmd.bat deleted successfully.
G:\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Elvis

User: Klown
->Temp folder emptied: 1276105597 bytes
->Temporary Internet Files folder emptied: 13235293 bytes
->Java cache emptied: 8485632 bytes
->FireFox cache emptied: 46207427 bytes
->Google Chrome cache emptied: 8409039 bytes
->Flash cache emptied: 575461 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 830498 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 164112 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 174704861 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 5096 bytes

Total Files Cleaned = 1,458.00 mb


[EMPTYFLASH]

User: Admin

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Elvis

User: Klown
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 05112011_110128

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_2a0.dat not found!

Registry entries deleted on Reboot...


Browsers are now functional. The little XP Anti Spyware2001 icon on bottom right is now gone. Also no more popups. :)
  • 0

#4
Render
Posted 11 May 2011 - 10:33 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

The little XP Anti Spyware2001 icon on bottom right is now gone.

I wonder where it was hiding for so long. Is it not 2011? :)

OK. So now we can work on infected machine. Please follow these steps from infected one:

Step 1

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 2

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

When completed the above, please post back the following in the order asked for:
  • aswMBR log
  • Fresh OTL log

  • 0

#5
rshaffer61
Posted 11 May 2011 - 11:26 AM

rshaffer61

    Moderator

  • Topic Starter
  • Moderator
  • 34,114 posts
aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-11 12:15:06
-----------------------------
12:15:06.328 OS Version: Windows 5.1.2600 Service Pack 2
12:15:06.328 Number of processors: 2 586 0xF0D
12:15:06.328 ComputerName: KELLY UserName: Klown
12:15:07.000 Initialize success
12:15:15.484 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-5
12:15:15.484 Disk 0 Vendor: Maxtor_6Y080P0 YAR41BW0 Size: 78167MB BusType: 3
12:15:15.484 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000090
12:15:15.484 Disk 1 Vendor: achi_HDP725025GLA380_________________ OA52A Size: 238475MB BusType: 3
12:15:17.484 Disk 1 MBR read successfully
12:15:17.484 Disk 1 MBR scan
12:15:17.484 Disk 1 Windows XP default MBR code
12:15:19.500 Disk 1 scanning sectors +488392065
12:15:19.531 Disk 1 scanning C:\WINDOWS\system32\drivers
12:15:26.937 Service scanning
12:15:27.750 Disk 1 trace - called modules:
12:15:27.765 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x8b1061f8]<<
12:15:27.765 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8b051ab8]
12:15:27.765 3 CLASSPNP.SYS[ba10905b] -> nt!IofCallDriver -> \Device\00000091[0x8b023978]
12:15:27.781 5 ACPI.sys[b9e69620] -> nt!IofCallDriver -> \Device\00000090[0x8b05cda8]
12:15:27.781 \Driver\ViPrt[0x8b028230] -> IRP_MJ_CREATE -> 0x8b1061f8
12:15:27.781 Scan finished successfully
12:16:06.015 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Klown\Desktop\MBR.dat"
12:16:06.015 The log file has been saved successfully to "C:\Documents and Settings\Klown\Desktop\aswMBR.txt"












OTL logfile created on: 5/11/2011 12:18:57 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Klown\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 161.99 Gb Free Space | 69.56% Space Free | Partition Type: NTFS
Drive E: | 76.33 Gb Total Space | 52.19 Gb Free Space | 68.38% Space Free | Partition Type: NTFS

Computer Name: KELLY | User Name: Klown | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/11 12:17:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Klown\Desktop\OTL.exe
PRC - [2011/05/05 18:23:26 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/23 09:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/27 19:36:03 | 000,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/07/10 13:49:24 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2008/09/20 23:13:46 | 000,941,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WGATray.exe
PRC - [2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/11 12:17:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Klown\Desktop\OTL.exe
MOD - [2011/02/23 09:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2008/04/13 19:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [On_Demand | Stopped] -- -- (IDriverT)
SRV - [2011/05/06 21:18:52 | 003,274,328 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Akamai/netsession_win_3f211bc.dll -- (Akamai)
SRV - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/05/06 13:23:56 | 000,090,296 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/02/06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2001/08/06 07:41:48 | 000,028,672 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe -- (nhksrv)


========== Driver Services (SafeList) ==========

DRV - [2011/03/07 15:58:40 | 000,715,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/02/23 08:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 08:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 08:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 08:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 08:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 08:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 08:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/25 17:04:06 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/25 23:28:21 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/25 23:28:21 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/28 11:35:10 | 005,937,152 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/18 18:04:20 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/02/12 16:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dddsk.sys -- (ElRawDisk)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/12/12 14:04:56 | 000,034,963 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hid7906.sys -- (hid7906)
DRV - [2007/12/03 08:46:12 | 000,037,024 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hid8101.sys -- (hid8101)
DRV - [2007/11/28 10:52:46 | 000,034,587 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hid8103.sys -- (hid8103)
DRV - [2007/10/18 05:28:52 | 000,052,224 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ViPrt.sys -- (ViPrt)
DRV - [2007/10/18 05:28:30 | 000,016,896 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ViBus.sys -- (ViBus)
DRV - [2007/09/21 04:49:10 | 000,009,216 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2007/07/11 13:08:46 | 000,714,240 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/03/16 01:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2005/01/14 11:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004/12/03 05:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004/10/28 05:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/08/04 07:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/08/04 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 07:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/04 07:00:00 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2004/08/04 07:00:00 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 07:00:00 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntapm.sys -- (NtApm)
DRV - [2004/08/04 07:00:00 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2004/05/13 08:00:04 | 000,111,808 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/05/13 06:19:36 | 000,079,488 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003/12/01 10:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/06 07:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003/01/17 03:59:56 | 000,001,984 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\papycpu2.sys -- (papycpu2)
DRV - [2002/09/16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001/12/20 10:02:12 | 000,006,656 | ---- | M] (Netropa Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Msikbd2k.sys -- (msikbd2k)
DRV - [2001/08/17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2001/08/17 07:50:00 | 000,320,384 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mgaum.sys -- (mgau)
DRV - [2001/08/17 07:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001/08/17 07:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [1998/10/06 09:36:26 | 000,001,984 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\papycpu.sys -- (papycpu)
DRV - [1998/10/06 09:36:26 | 000,001,888 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\papyjoy.sys -- (papyjoy)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1214440339-1060284298-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1214440339-1060284298-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1214440339-1060284298-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1214440339-1060284298-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook....home.php?ref=hp
IE - HKU\S-1-5-21-1214440339-1060284298-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKU\S-1-5-21-1214440339-1060284298-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1214440339-1060284298-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1214440339-1060284298-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.searchqu....ystemid=406&q="


FF - HKLM\software\mozilla\Firefox\extensions\\{C013B787-9962-42CC-B9AE-CFAAC8D8124A}: C:\Documents and Settings\Klown\Local Settings\Application Data\{C013B787-9962-42CC-B9AE-CFAAC8D8124A}\ [2011/05/10 09:51:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 18:23:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/05 18:23:38 | 000,000,000 | ---D | M]

[2011/04/26 21:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Klown\Application Data\Mozilla\Extensions
[2011/04/26 21:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Klown\Application Data\Mozilla\Firefox\Profiles\bjfuz40g.default\extensions
[2011/04/26 21:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Klown\Application Data\Mozilla\Firefox\Profiles\bjfuz40g.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}-trash
[2011/03/23 07:24:21 | 000,005,529 | ---- | M] () -- C:\Documents and Settings\Klown\Application Data\Mozilla\Firefox\Profiles\bjfuz40g.default\searchplugins\SearchquWebSearch.xml
[2011/05/05 17:56:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/25 17:31:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/08 17:18:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/10 09:51:50 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\KLOWN\LOCAL SETTINGS\APPLICATION DATA\{C013B787-9962-42CC-B9AE-CFAAC8D8124A}
[2010/12/08 17:18:33 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/05 18:23:25 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/10/23 11:30:53 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2010/10/23 11:30:53 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
[2010/12/08 17:18:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2011/05/05 18:23:28 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/03/23 07:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml

O1 HOSTS File: ([2011/05/11 11:01:33 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-1060284298-854245398-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-1214440339-1060284298-854245398-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\Klown\Start Menu\Programs\Startup\AutorunsDisabled [2010/12/16 22:39:31 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1060284298-854245398-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1214440339-1060284298-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1214440339-1060284298-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1214440339-1060284298-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} http://housecall60.t...all/xscan60.cab (HouseCall Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.8.cab (DLM Control)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinn...d/bejeweled.cab (Bejeweled Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1281909565671 (WUWebControl Class)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinn...ll/freecell.cab (FreeCell Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1255611893908 (MUWebControl Class)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} http://housecall65.t...ivex/hcImpl.cab (Housecall ActiveX 6.5)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai...all/xscan53.cab (HouseCall Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinn...eweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcp...ols/pcmatic.cab (PCMaticVer Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} https://ediagnostics....com/serval.cab (Lexmark eDiagnostics Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...aploader_v6.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Klown\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Klown\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/15 16:05:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/11 12:17:05 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Klown\Desktop\OTL.exe
[2011/05/11 12:14:50 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Klown\Desktop\aswMBR.exe
[2011/05/11 10:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Desktop\RK_Quarantine
[2011/05/10 23:21:07 | 000,000,000 | ---D | C] -- C:\Malwarebytes
[2011/05/10 11:43:45 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/05/10 09:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Local Settings\Application Data\{C013B787-9962-42CC-B9AE-CFAAC8D8124A}
[2011/05/10 09:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\My Documents\Links 2003
[2011/05/10 08:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games
[2011/05/10 08:45:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Links 2003
[2011/05/10 08:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2011/05/06 21:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2011/05/06 18:59:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS
[2011/05/06 18:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Application Data\WinRAR
[2011/05/06 18:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Application Data\Gygan
[2011/05/06 18:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Local Settings\Application Data\Xenocode
[2011/05/06 17:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Local Settings\Application Data\DFUserRoot
[2011/05/03 11:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\My Documents\NHL09
[2011/05/03 11:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EA Sports
[2011/05/03 11:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports
[2011/05/02 19:49:16 | 000,438,272 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2011/05/02 19:49:09 | 000,327,680 | ---- | C] (On2.com Inc.) -- C:\WINDOWS\System32\vp6dec.ax
[2011/05/02 19:49:09 | 000,118,832 | ---- | C] (MicroQuill Software Publishing, Inc.) -- C:\WINDOWS\System32\SHW32.DLL
[2011/05/02 18:39:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EA Games
[2011/05/02 18:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games
[2011/04/27 20:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Application Data\Unity
[2011/04/27 20:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Local Settings\Application Data\Unity
[2011/04/26 18:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2011/04/26 14:04:47 | 000,038,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LMRTREND.dll
[2011/04/26 14:04:46 | 000,182,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft3.dll
[2011/04/26 14:04:46 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\WINDOWS\System32\tm20dec.ax
[2011/04/26 14:04:41 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unam4ie.exe
[2011/04/26 14:04:37 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mciqtz.drv
[2011/04/26 14:04:36 | 000,194,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcut.dll
[2011/04/26 14:04:36 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w95inf32.dll
[2011/04/26 14:04:36 | 000,002,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w95inf16.dll
[2011/04/26 11:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Local Settings\Application Data\Ilivid Player
[2011/04/26 11:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Local Settings\Application Data\PackageAware
[2011/04/25 13:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools
[2011/04/25 13:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools
[2011/04/25 13:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/04/25 10:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Application Data\URSoft
[2011/04/25 09:54:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/04/25 09:40:48 | 000,000,000 | ---D | C] -- C:\Splash
[2011/04/24 18:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2011/04/24 18:56:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\World of Warcraft
[2011/04/24 18:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2011/04/24 18:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2011/04/23 18:58:53 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2011/04/16 20:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2011/04/16 20:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Application Data\McGraw-HillLicensing
[2011/04/13 20:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/04/13 20:05:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Application Data\SystemRequirementsLab
[2011/04/13 19:26:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TerraGame Shared
[2011/04/13 18:50:04 | 000,034,587 | ---- | C] (Compuware Corporation) -- C:\WINDOWS\System32\drivers\hid8103.sys
[2011/04/13 18:50:03 | 000,037,024 | ---- | C] (Compuware Corporation) -- C:\WINDOWS\System32\drivers\hid8101.sys
[2011/04/13 18:50:03 | 000,034,963 | ---- | C] (Compuware Corporation) -- C:\WINDOWS\System32\drivers\hid7906.sys
[2011/04/13 18:50:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\USB Vibration
[2011/04/13 18:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\USB Vibration
[2011/04/12 16:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2 C:\Documents and Settings\Klown\My Documents\*.tmp files -> C:\Documents and Settings\Klown\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/11 12:18:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1060284298-854245398-1003UA.job
[2011/05/11 12:17:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Klown\Desktop\OTL.exe
[2011/05/11 12:16:06 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Klown\Desktop\MBR.dat
[2011/05/11 12:14:55 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Klown\Desktop\aswMBR.exe
[2011/05/11 11:04:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/11 11:04:11 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/05/11 11:03:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/11 11:01:33 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/11 10:57:20 | 000,551,424 | ---- | M] () -- C:\Documents and Settings\Klown\Desktop\RogueKiller.exe
[2011/05/10 21:47:41 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/10 21:44:34 | 000,105,984 | ---- | M] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/10 18:18:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1060284298-854245398-1003Core.job
[2011/05/10 13:48:18 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/10 12:04:45 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2011/05/10 12:02:44 | 000,416,279 | ---- | M] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\census.cache
[2011/05/10 12:02:25 | 000,217,861 | ---- | M] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\ars.cache
[2011/05/10 11:42:57 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\housecall.guid.cache
[2011/05/10 11:28:10 | 000,000,245 | ---- | M] () -- C:\WINDOWS\Msiosd.ini
[2011/05/05 21:57:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/05 18:20:15 | 000,001,526 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2011/05/02 14:10:18 | 000,000,485 | ---- | M] () -- C:\WINDOWS\EReg072.dat
[2011/05/02 13:39:57 | 000,000,034 | -H-- | M] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2011/04/26 14:04:45 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\Klown\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/04/26 14:04:44 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/04/26 14:04:44 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/04/26 14:04:35 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\w95inf32.dll
[2011/04/26 14:04:35 | 000,002,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\w95inf16.dll
[2011/04/25 18:41:23 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/04/25 14:00:31 | 000,000,632 | ---- | M] () -- C:\WINDOWS\CoDUO.INI
[2011/04/25 13:08:31 | 000,465,402 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/25 13:08:31 | 000,079,162 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/18 21:53:10 | 000,000,902 | ---- | M] () -- C:\WINDOWS\LEXSTAT.INI
[2011/04/18 19:39:50 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\00000830.LCS
[2011/04/14 18:08:53 | 000,000,143 | ---- | M] () -- C:\Documents and Settings\Klown\default.pls
[2011/04/13 19:33:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\LiveBilliards.INI
[2011/04/12 16:17:13 | 000,000,200 | ---- | M] () -- C:\WINDOWS\slotcars.ini
[2011/04/11 16:24:38 | 000,000,282 | -HS- | M] () -- C:\boot.ini
[2011/04/11 16:19:44 | 000,000,648 | ---- | M] () -- C:\WINDOWS\Sierra.ini
[2 C:\Documents and Settings\Klown\My Documents\*.tmp files -> C:\Documents and Settings\Klown\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/11 12:16:06 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Klown\Desktop\MBR.dat
[2011/05/11 10:59:46 | 000,551,424 | ---- | C] () -- C:\Documents and Settings\Klown\Desktop\RogueKiller.exe
[2011/05/10 13:48:18 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/10 12:04:45 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2011/05/10 12:02:44 | 000,416,279 | ---- | C] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\census.cache
[2011/05/10 12:02:25 | 000,217,861 | ---- | C] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\ars.cache
[2011/05/10 11:42:57 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\housecall.guid.cache
[2011/05/05 18:23:42 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/02 13:39:57 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2011/04/28 21:31:04 | 000,000,485 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2011/04/26 14:04:37 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2011/04/26 14:04:37 | 000,005,672 | ---- | C] () -- C:\WINDOWS\System32\quartz.vxd
[2011/04/25 18:13:27 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1060284298-854245398-1003UA.job
[2011/04/25 18:13:27 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1060284298-854245398-1003Core.job
[2011/04/25 12:36:29 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/25 11:14:31 | 000,000,632 | ---- | C] () -- C:\WINDOWS\CoDUO.INI
[2011/04/18 16:32:56 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\00000830.LCS
[2011/04/13 19:33:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LiveBilliards.INI
[2011/04/12 16:16:59 | 000,000,200 | ---- | C] () -- C:\WINDOWS\slotcars.ini
[2011/04/11 15:33:20 | 000,001,874 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2011/04/11 12:47:19 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\papycpu.sys
[2011/04/11 12:47:19 | 000,001,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\papyjoy.sys
[2011/04/09 17:17:19 | 000,001,526 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/04/08 19:11:56 | 000,044,648 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2011/04/06 22:18:45 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\papycpu2.sys
[2011/04/06 22:16:26 | 000,000,648 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2011/04/05 16:27:43 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2011/04/05 16:27:43 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2011/03/28 10:57:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/25 21:59:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2011/03/17 19:36:35 | 000,000,253 | ---- | C] () -- C:\WINDOWS\RealRace.INI
[2011/03/15 10:01:09 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\fusioncache.dat
[2011/03/14 19:09:32 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2011/03/07 22:14:40 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/03/07 14:28:54 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\.mpid
[2011/03/05 10:15:27 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/03/05 10:10:58 | 000,323,296 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/24 19:40:31 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/02/23 18:28:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2011/01/24 19:50:34 | 000,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2010/10/23 23:34:57 | 000,667,136 | R--- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2010/08/15 14:53:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/15 14:53:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/15 14:53:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/15 14:53:29 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/15 14:53:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/12 11:48:10 | 000,000,100 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2009/08/30 15:19:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/03 22:16:57 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/04/18 19:34:17 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\kodakpcd.ini
[2009/04/03 00:47:45 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/09/20 23:13:46 | 000,530,976 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/02/01 20:36:21 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Klown.ini
[2006/06/16 11:55:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/01/30 07:42:22 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2006/01/06 08:56:51 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2005/12/28 16:41:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/12/28 16:32:51 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2005/08/09 17:13:59 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/08/09 17:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 17:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/16 22:22:15 | 000,000,019 | ---- | C] () -- C:\WINDOWS\wp.ini
[2005/07/16 22:22:14 | 000,002,059 | ---- | C] () -- C:\WINDOWS\wp2.ini
[2005/07/16 22:07:50 | 000,002,059 | ---- | C] () -- C:\WINDOWS\dom2.ini
[2005/06/11 14:06:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/05/28 10:13:13 | 000,000,004 | ---- | C] () -- C:\WINDOWS\RM_RESULT.DAT
[2005/05/28 10:12:41 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/05/28 10:11:11 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2005/05/03 11:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 11:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/02/19 16:39:16 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2005/02/12 11:58:43 | 000,000,183 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/02/12 11:58:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2005/02/12 11:58:37 | 000,000,245 | ---- | C] () -- C:\WINDOWS\Msiosd.ini
[2005/02/07 23:46:44 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/02/07 20:09:25 | 000,105,984 | ---- | C] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/07 00:19:31 | 000,000,902 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2005/02/06 22:30:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/06 22:05:14 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2005/02/06 15:13:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/02/06 14:58:53 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/02/06 08:46:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/02/06 08:43:56 | 000,276,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\mfcl31d.dll
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,465,402 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,079,162 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/05/24 13:33:16 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\LEXPING.EXE
[2002/11/13 02:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2002/11/01 16:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/14 13:34:46 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/01/19 02:50:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== LOP Check ==========

[2006/01/20 09:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Aim
[2009/04/26 06:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Skinux
[2009/04/26 06:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Windows Desktop Search
[2005/10/06 13:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Aim
[2010/05/12 21:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/30 17:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2008/07/03 20:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2011/04/01 18:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2011/01/22 20:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/04/25 13:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/02/23 19:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/07/13 15:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLAC to MP3
[2011/05/10 09:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Links 2003
[2011/04/26 20:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2011/05/10 12:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2005/04/03 16:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/03/07 17:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/03/05 18:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2011/04/25 10:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/10/07 20:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/03/15 10:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VRCGameUpdater
[2011/03/19 21:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/24 19:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elvis\Application Data\Skinux
[2009/05/24 19:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elvis\Application Data\Windows Desktop Search
[2009/05/09 16:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Aim
[2009/04/02 21:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Auslogics
[2010/10/30 17:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Broderbund
[2011/01/22 20:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Canneverbe Limited
[2010/10/23 11:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Catalina Marketing Corp
[2011/03/13 18:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\DAEMON Tools Lite
[2011/02/23 19:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\DAEMON Tools Pro
[2010/08/03 18:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\E-centives
[2011/03/13 19:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\fotw
[2005/08/16 19:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\FUJIFILM
[2011/05/06 19:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Gygan
[2011/04/06 18:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Iqtafe
[2011/02/24 19:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Leadertech
[2011/04/16 20:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\McGraw-HillLicensing
[2011/03/18 17:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Nordic Games
[2009/04/18 16:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Skinux
[2011/04/13 20:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\SystemRequirementsLab
[2011/04/27 20:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Unity
[2011/04/25 10:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\URSoft
[2011/04/06 18:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Usifu
[2011/05/11 12:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\uTorrent
[2010/01/10 20:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\WeatherBug
[2009/04/02 20:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Windows Desktop Search
[2009/04/03 00:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Windows Search

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/09/29 13:51:50 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe


< MD5 for: EXPLORER.EXE >
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2011/05/06 19:00:01 | 000,017,408 | ---- | M] () MD5=B34ECB5B096290383DB87563ABA0794C -- C:\Documents and Settings\Klown\Local Settings\Application Data\Xenocode\Sandbox\Gygan\0.7.2.3\2011.03.23T02.21\Native\STUBEXE\8.0.1112\@WINDIR@\explorer.exe

< MD5 for: SVCHOST.EXE >
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/05 18:23:29 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/05 18:23:29 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/05 18:23:29 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/05 18:23:26 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Klown\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/06 14:21:41 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Klown\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/06 14:21:41 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Klown\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/06 14:21:41 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Klown\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/06 14:21:41 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C265C458
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95

< End of report >
  • 0

#6
Render
Posted 11 May 2011 - 12:48 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
I noticed you are using P2P programs. Please either uninstall, or do not use them while we are working to clean your computer as P2P programs are known to bring malware to computer.

Please follow the steps below:

Step 1

  • On your desktop should be a file MBR.dat.
  • Please rename that file from MBR.dat to MBR.txt and attach it in your next reply.

How to add an attachment to a new topic or reply

Step 2

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    :OTL
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..keyword.URL: "http://www.searchqu....ystemid=406&q="
    FF - HKLM\software\mozilla\Firefox\extensions\\{C013B787-9962-42CC-B9AE-CFAAC8D8124A}: C:\Documents and Settings\Klown\Local Settings\Application Data\{C013B787-9962-42CC-B9AE-CFAAC8D8124A}\ [2011/05/10 09:51:50 | 000,000,000 | ---D | M]
    [2011/04/26 21:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Klown\Application Data\Mozilla\Firefox\Profiles\bjfuz40g.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}-trash
    [2011/03/23 07:24:21 | 000,005,529 | ---- | M] () -- C:\Documents and Settings\Klown\Application Data\Mozilla\Firefox\Profiles\bjfuz40g.default\searchplugins\SearchquWebSearch.xml
    [2010/05/25 17:31:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/12/08 17:18:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/05/10 09:51:50 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\KLOWN\LOCAL SETTINGS\APPLICATION DATA\{C013B787-9962-42CC-B9AE-CFAAC8D8124A}
    [2011/03/23 07:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...aploader_v6.cab (Reg Error: Key error.)

    :Files
    C:\Documents and Settings\Klown\Local Settings\Application Data\{C013B787-9962-42CC-B9AE-CFAAC8D8124A}
    C:\Documents and Settings\All Users\Application Data\Viewpoint
    C:\StubInstaller.exe
    C:\Documents and Settings\Klown\Local Settings\Application Data\Xenocode\Sandbox\Gygan\0.7.2.3\2011.03.23T02.21\Native\STUBEXE\8.0.1112\@WINDIR@\explorer.exe
    ipconfig /flushdns /c

    :Reg
    [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command]
    ""="C:\Program Files\Mozilla Firefox\firefox.exe"

    [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command]
    ""=""C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode"

    [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command]
    ""="C:\Program Files\Internet Explorer\iexplore.exe"

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 3

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

Step 4

Posted Image Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware.
  • Select the Update tab.
  • Click on Check for Updates button.
  • Click on OK.
  • Select the Scanner tab.
  • Select Perform quick scan, then click on Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

When completed the above, please post back the following in the order asked for:
  • Attached MBR file
  • OTL fix log
  • Fresh OTL scan log
  • MBAM log

  • 0

#7
rshaffer61
Posted 11 May 2011 - 01:15 PM

rshaffer61

    Moderator

  • Topic Starter
  • Moderator
  • 34,114 posts
All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: "http://www.searchqu....ystemid=406&q=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{C013B787-9962-42CC-B9AE-CFAAC8D8124A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C013B787-9962-42CC-B9AE-CFAAC8D8124A}\ not found.
C:\Documents and Settings\Klown\Local Settings\Application Data\{C013B787-9962-42CC-B9AE-CFAAC8D8124A}\chrome\content folder moved successfully.
C:\Documents and Settings\Klown\Local Settings\Application Data\{C013B787-9962-42CC-B9AE-CFAAC8D8124A}\chrome folder moved successfully.
C:\Documents and Settings\Klown\Local Settings\Application Data\{C013B787-9962-42CC-B9AE-CFAAC8D8124A} folder moved successfully.
C:\Documents and Settings\Klown\Application Data\Mozilla\Firefox\Profiles\bjfuz40g.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}-trash\components folder moved successfully.
C:\Documents and Settings\Klown\Application Data\Mozilla\Firefox\Profiles\bjfuz40g.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}-trash folder moved successfully.
C:\Documents and Settings\Klown\Application Data\Mozilla\Firefox\Profiles\bjfuz40g.default\searchplugins\SearchquWebSearch.xml moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
Folder C:\DOCUMENTS AND SETTINGS\KLOWN\LOCAL SETTINGS\APPLICATION DATA\{C013B787-9962-42CC-B9AE-CFAAC8D8124A}\ not found.
C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
C:\WINDOWS\Downloaded Program Files\popcaploader.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
========== FILES ==========
File\Folder C:\Documents and Settings\Klown\Local Settings\Application Data\{C013B787-9962-42CC-B9AE-CFAAC8D8124A} not found.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\StubInstaller.exe moved successfully.
C:\Documents and Settings\Klown\Local Settings\Application Data\Xenocode\Sandbox\Gygan\0.7.2.3\2011.03.23T02.21\Native\STUBEXE\8.0.1112\@WINDIR@\explorer.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Klown\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Klown\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\""|"C:\Program Files\Mozilla Firefox\firefox.exe" /E : value set successfully!
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\""|""C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode" /E : value set successfully!
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\""|"C:\Program Files\Internet Explorer\iexplore.exe" /E : value set successfully!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Elvis

User: Klown
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 55917194 bytes
->Google Chrome cache emptied: 6099312 bytes
->Flash cache emptied: 931 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 59.00 mb


[EMPTYFLASH]

User: Admin

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Elvis

User: Klown
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 05112011_135600

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_250.dat not found!




OTL logfile created on: 5/11/2011 2:02:44 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Klown\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 161.84 Gb Free Space | 69.50% Space Free | Partition Type: NTFS
Drive E: | 76.33 Gb Total Space | 52.19 Gb Free Space | 68.38% Space Free | Partition Type: NTFS

Computer Name: KELLY | User Name: Klown | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/11 12:17:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Klown\Desktop\OTL.exe
PRC - [2011/05/10 07:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/05/05 18:23:26 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/10 13:49:24 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2008/09/20 23:13:46 | 000,941,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WGATray.exe
PRC - [2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/11 12:17:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Klown\Desktop\OTL.exe
MOD - [2011/05/10 07:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2008/04/13 19:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [On_Demand | Stopped] -- -- (IDriverT)
SRV - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/05/06 21:18:52 | 003,274,328 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Akamai/netsession_win_3f211bc.dll -- (Akamai)
SRV - [2010/05/06 13:23:56 | 000,090,296 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/02/06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2001/08/06 07:41:48 | 000,028,672 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe -- (nhksrv)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 07:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 07:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 07:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 07:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 06:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 06:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 06:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/03/07 15:58:40 | 000,715,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/25 17:04:06 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/25 23:28:21 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/25 23:28:21 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/28 11:35:10 | 005,937,152 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/18 18:04:20 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/02/12 16:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dddsk.sys -- (ElRawDisk)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/12/12 14:04:56 | 000,034,963 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hid7906.sys -- (hid7906)
DRV - [2007/12/03 08:46:12 | 000,037,024 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hid8101.sys -- (hid8101)
DRV - [2007/11/28 10:52:46 | 000,034,587 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hid8103.sys -- (hid8103)
DRV - [2007/10/18 05:28:52 | 000,052,224 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ViPrt.sys -- (ViPrt)
DRV - [2007/10/18 05:28:30 | 000,016,896 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ViBus.sys -- (ViBus)
DRV - [2007/09/21 04:49:10 | 000,009,216 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2007/07/11 13:08:46 | 000,714,240 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/03/16 01:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2005/01/14 11:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004/12/03 05:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004/10/28 05:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/08/04 07:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/08/04 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 07:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/04 07:00:00 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2004/08/04 07:00:00 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 07:00:00 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntapm.sys -- (NtApm)
DRV - [2004/08/04 07:00:00 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2004/05/13 08:00:04 | 000,111,808 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/05/13 06:19:36 | 000,079,488 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003/12/01 10:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/06 07:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003/01/17 03:59:56 | 000,001,984 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\papycpu2.sys -- (papycpu2)
DRV - [2002/09/16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001/12/20 10:02:12 | 000,006,656 | ---- | M] (Netropa Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Msikbd2k.sys -- (msikbd2k)
DRV - [2001/08/17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2001/08/17 07:50:00 | 000,320,384 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mgaum.sys -- (mgau)
DRV - [2001/08/17 07:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001/08/17 07:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [1998/10/06 09:36:26 | 000,001,984 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\papycpu.sys -- (papycpu)
DRV - [1998/10/06 09:36:26 | 000,001,888 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\papyjoy.sys -- (papyjoy)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1214440339-1060284298-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1214440339-1060284298-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1214440339-1060284298-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1214440339-1060284298-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook....home.php?ref=hp
IE - HKU\S-1-5-21-1214440339-1060284298-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKU\S-1-5-21-1214440339-1060284298-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1214440339-1060284298-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1214440339-1060284298-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 18:23:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/05 18:23:38 | 000,000,000 | ---D | M]

[2011/04/26 21:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Klown\Application Data\Mozilla\Extensions
[2011/05/11 13:56:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Klown\Application Data\Mozilla\Firefox\Profiles\bjfuz40g.default\extensions
[2011/05/11 13:15:37 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Klown\Application Data\Mozilla\Firefox\Profiles\bjfuz40g.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2011/05/11 13:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2010/12/08 17:18:33 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/05 18:23:25 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/10/23 11:30:53 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2010/10/23 11:30:53 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
[2010/12/08 17:18:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2011/05/05 18:23:28 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/11 13:56:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKU\S-1-5-21-1214440339-1060284298-854245398-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-1214440339-1060284298-854245398-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\Klown\Start Menu\Programs\Startup\AutorunsDisabled [2010/12/16 22:39:31 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1060284298-854245398-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1214440339-1060284298-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1214440339-1060284298-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1214440339-1060284298-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} http://housecall60.t...all/xscan60.cab (HouseCall Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.8.cab (DLM Control)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinn...d/bejeweled.cab (Bejeweled Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1281909565671 (WUWebControl Class)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinn...ll/freecell.cab (FreeCell Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1255611893908 (MUWebControl Class)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} http://housecall65.t...ivex/hcImpl.cab (Housecall ActiveX 6.5)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai...all/xscan53.cab (HouseCall Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinn...eweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcp...ols/pcmatic.cab (PCMaticVer Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} https://ediagnostics....com/serval.cab (Lexmark eDiagnostics Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Klown\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Klown\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/15 16:05:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/11 13:56:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/11 12:17:05 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Klown\Desktop\OTL.exe
[2011/05/11 12:14:50 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Klown\Desktop\aswMBR.exe
[2011/05/11 10:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Desktop\RK_Quarantine
[2011/05/10 23:21:07 | 000,000,000 | ---D | C] -- C:\Malwarebytes
[2011/05/10 11:43:45 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/05/10 09:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\My Documents\Links 2003
[2011/05/10 08:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games
[2011/05/10 08:45:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Links 2003
[2011/05/10 08:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2011/05/06 21:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2011/05/06 18:59:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS
[2011/05/06 18:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Application Data\WinRAR
[2011/05/06 18:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Application Data\Gygan
[2011/05/06 18:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Local Settings\Application Data\Xenocode
[2011/05/06 17:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Local Settings\Application Data\DFUserRoot
[2011/05/03 11:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\My Documents\NHL09
[2011/05/03 11:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EA Sports
[2011/05/03 11:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports
[2011/05/02 19:49:16 | 000,438,272 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2011/05/02 19:49:09 | 000,327,680 | ---- | C] (On2.com Inc.) -- C:\WINDOWS\System32\vp6dec.ax
[2011/05/02 19:49:09 | 000,118,832 | ---- | C] (MicroQuill Software Publishing, Inc.) -- C:\WINDOWS\System32\SHW32.DLL
[2011/05/02 18:39:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EA Games
[2011/05/02 18:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games
[2011/04/27 20:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Application Data\Unity
[2011/04/27 20:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Local Settings\Application Data\Unity
[2011/04/26 18:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2011/04/26 14:04:47 | 000,038,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LMRTREND.dll
[2011/04/26 14:04:46 | 000,182,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft3.dll
[2011/04/26 14:04:46 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\WINDOWS\System32\tm20dec.ax
[2011/04/26 14:04:41 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unam4ie.exe
[2011/04/26 14:04:37 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mciqtz.drv
[2011/04/26 14:04:36 | 000,194,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcut.dll
[2011/04/26 14:04:36 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w95inf32.dll
[2011/04/26 14:04:36 | 000,002,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w95inf16.dll
[2011/04/26 11:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Local Settings\Application Data\Ilivid Player
[2011/04/26 11:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Local Settings\Application Data\PackageAware
[2011/04/25 13:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools
[2011/04/25 13:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools
[2011/04/25 13:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/04/25 10:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Application Data\URSoft
[2011/04/25 09:54:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/04/25 09:40:48 | 000,000,000 | ---D | C] -- C:\Splash
[2011/04/24 18:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2011/04/24 18:56:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\World of Warcraft
[2011/04/24 18:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2011/04/24 18:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2011/04/23 18:58:53 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2011/04/16 20:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2011/04/16 20:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Application Data\McGraw-HillLicensing
[2011/04/13 20:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/04/13 20:05:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Klown\Application Data\SystemRequirementsLab
[2011/04/13 19:26:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TerraGame Shared
[2011/04/13 18:50:04 | 000,034,587 | ---- | C] (Compuware Corporation) -- C:\WINDOWS\System32\drivers\hid8103.sys
[2011/04/13 18:50:03 | 000,037,024 | ---- | C] (Compuware Corporation) -- C:\WINDOWS\System32\drivers\hid8101.sys
[2011/04/13 18:50:03 | 000,034,963 | ---- | C] (Compuware Corporation) -- C:\WINDOWS\System32\drivers\hid7906.sys
[2011/04/13 18:50:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\USB Vibration
[2011/04/13 18:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\USB Vibration
[2011/04/12 16:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2 C:\Documents and Settings\Klown\My Documents\*.tmp files -> C:\Documents and Settings\Klown\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/11 13:59:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/11 13:58:47 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/05/11 13:58:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/11 13:56:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/11 13:54:32 | 000,000,097 | ---- | M] () -- C:\Documents and Settings\Klown\default.pls
[2011/05/11 13:54:20 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/11 13:18:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1060284298-854245398-1003UA.job
[2011/05/11 12:27:16 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/11 12:17:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Klown\Desktop\OTL.exe
[2011/05/11 12:14:55 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Klown\Desktop\aswMBR.exe
[2011/05/11 10:57:20 | 000,551,424 | ---- | M] () -- C:\Documents and Settings\Klown\Desktop\RogueKiller.exe
[2011/05/10 21:44:34 | 000,105,984 | ---- | M] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/10 18:18:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1060284298-854245398-1003Core.job
[2011/05/10 13:48:18 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/10 12:04:45 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2011/05/10 12:02:44 | 000,416,279 | ---- | M] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\census.cache
[2011/05/10 12:02:25 | 000,217,861 | ---- | M] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\ars.cache
[2011/05/10 11:42:57 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\housecall.guid.cache
[2011/05/10 11:28:10 | 000,000,245 | ---- | M] () -- C:\WINDOWS\Msiosd.ini
[2011/05/10 07:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/10 07:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/10 07:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/10 07:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/10 07:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/10 07:02:25 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/10 07:02:22 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/10 06:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/10 06:59:37 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/10 06:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/05 21:57:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/05 18:20:15 | 000,001,526 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2011/05/02 14:10:18 | 000,000,485 | ---- | M] () -- C:\WINDOWS\EReg072.dat
[2011/05/02 13:39:57 | 000,000,034 | -H-- | M] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2011/04/26 14:04:45 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\Klown\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/04/26 14:04:44 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/04/26 14:04:44 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/04/26 14:04:35 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\w95inf32.dll
[2011/04/26 14:04:35 | 000,002,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\w95inf16.dll
[2011/04/25 18:41:23 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/04/25 14:00:31 | 000,000,632 | ---- | M] () -- C:\WINDOWS\CoDUO.INI
[2011/04/25 13:08:31 | 000,465,402 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/25 13:08:31 | 000,079,162 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/18 21:53:10 | 000,000,902 | ---- | M] () -- C:\WINDOWS\LEXSTAT.INI
[2011/04/18 19:39:50 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\00000830.LCS
[2011/04/13 19:33:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\LiveBilliards.INI
[2011/04/12 16:17:13 | 000,000,200 | ---- | M] () -- C:\WINDOWS\slotcars.ini
[2011/04/11 16:24:38 | 000,000,282 | -HS- | M] () -- C:\boot.ini
[2011/04/11 16:19:44 | 000,000,648 | ---- | M] () -- C:\WINDOWS\Sierra.ini
[2 C:\Documents and Settings\Klown\My Documents\*.tmp files -> C:\Documents and Settings\Klown\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/11 10:59:46 | 000,551,424 | ---- | C] () -- C:\Documents and Settings\Klown\Desktop\RogueKiller.exe
[2011/05/10 13:48:18 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/10 12:04:45 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2011/05/10 12:02:44 | 000,416,279 | ---- | C] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\census.cache
[2011/05/10 12:02:25 | 000,217,861 | ---- | C] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\ars.cache
[2011/05/10 11:42:57 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\housecall.guid.cache
[2011/05/05 18:23:42 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/02 13:39:57 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2011/04/28 21:31:04 | 000,000,485 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2011/04/26 14:04:37 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2011/04/26 14:04:37 | 000,005,672 | ---- | C] () -- C:\WINDOWS\System32\quartz.vxd
[2011/04/25 18:13:27 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1060284298-854245398-1003UA.job
[2011/04/25 18:13:27 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1060284298-854245398-1003Core.job
[2011/04/25 12:36:29 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/25 11:14:31 | 000,000,632 | ---- | C] () -- C:\WINDOWS\CoDUO.INI
[2011/04/18 16:32:56 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\00000830.LCS
[2011/04/13 19:33:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LiveBilliards.INI
[2011/04/12 16:16:59 | 000,000,200 | ---- | C] () -- C:\WINDOWS\slotcars.ini
[2011/04/11 15:33:20 | 000,001,874 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2011/04/11 12:47:19 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\papycpu.sys
[2011/04/11 12:47:19 | 000,001,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\papyjoy.sys
[2011/04/09 17:17:19 | 000,001,526 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/04/08 19:11:56 | 000,044,648 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2011/04/06 22:18:45 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\papycpu2.sys
[2011/04/06 22:16:26 | 000,000,648 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2011/04/05 16:27:43 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2011/04/05 16:27:43 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2011/03/28 10:57:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/25 21:59:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2011/03/17 19:36:35 | 000,000,253 | ---- | C] () -- C:\WINDOWS\RealRace.INI
[2011/03/15 10:01:09 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\fusioncache.dat
[2011/03/14 19:09:32 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2011/03/07 22:14:40 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/03/07 14:28:54 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\.mpid
[2011/03/05 10:15:27 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/03/05 10:10:58 | 000,323,296 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/24 19:40:31 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/02/23 18:28:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2011/01/24 19:50:34 | 000,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2010/10/23 23:34:57 | 000,667,136 | R--- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2010/08/15 14:53:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/15 14:53:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/15 14:53:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/15 14:53:29 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/15 14:53:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/12 11:48:10 | 000,000,100 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2009/08/30 15:19:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/03 22:16:57 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/04/18 19:34:17 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\kodakpcd.ini
[2009/04/03 00:47:45 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/09/20 23:13:46 | 000,530,976 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/02/01 20:36:21 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Klown.ini
[2006/06/16 11:55:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/01/30 07:42:22 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2006/01/06 08:56:51 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2005/12/28 16:41:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/12/28 16:32:51 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2005/08/09 17:13:59 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/08/09 17:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 17:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/16 22:22:15 | 000,000,019 | ---- | C] () -- C:\WINDOWS\wp.ini
[2005/07/16 22:22:14 | 000,002,059 | ---- | C] () -- C:\WINDOWS\wp2.ini
[2005/07/16 22:07:50 | 000,002,059 | ---- | C] () -- C:\WINDOWS\dom2.ini
[2005/06/11 14:06:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/05/28 10:13:13 | 000,000,004 | ---- | C] () -- C:\WINDOWS\RM_RESULT.DAT
[2005/05/28 10:12:41 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/05/28 10:11:11 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2005/05/03 11:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 11:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/02/19 16:39:16 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2005/02/12 11:58:43 | 000,000,183 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/02/12 11:58:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2005/02/12 11:58:37 | 000,000,245 | ---- | C] () -- C:\WINDOWS\Msiosd.ini
[2005/02/07 23:46:44 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/02/07 20:09:25 | 000,105,984 | ---- | C] () -- C:\Documents and Settings\Klown\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/07 00:19:31 | 000,000,902 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2005/02/06 22:30:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/06 22:05:14 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2005/02/06 15:13:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/02/06 14:58:53 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/02/06 08:46:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/02/06 08:43:56 | 000,276,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\mfcl31d.dll
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,465,402 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,079,162 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/05/24 13:33:16 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\LEXPING.EXE
[2002/11/13 02:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2002/11/01 16:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/14 13:34:46 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/01/19 02:50:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== LOP Check ==========

[2006/01/20 09:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Aim
[2009/04/26 06:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Skinux
[2009/04/26 06:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Windows Desktop Search
[2005/10/06 13:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Aim
[2010/05/12 21:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/30 17:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2008/07/03 20:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2011/04/01 18:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2011/01/22 20:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/04/25 13:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/02/23 19:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/07/13 15:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLAC to MP3
[2011/05/10 09:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Links 2003
[2011/04/26 20:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2011/05/10 12:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2005/04/03 16:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/03/07 17:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/03/05 18:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2011/04/25 10:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/15 10:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VRCGameUpdater
[2011/03/19 21:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/24 19:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elvis\Application Data\Skinux
[2009/05/24 19:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elvis\Application Data\Windows Desktop Search
[2009/05/09 16:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Aim
[2009/04/02 21:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Auslogics
[2010/10/30 17:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Broderbund
[2011/01/22 20:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Canneverbe Limited
[2010/10/23 11:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Catalina Marketing Corp
[2011/03/13 18:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\DAEMON Tools Lite
[2011/02/23 19:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\DAEMON Tools Pro
[2010/08/03 18:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\E-centives
[2011/03/13 19:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\fotw
[2005/08/16 19:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\FUJIFILM
[2011/05/06 19:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Gygan
[2011/04/06 18:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Iqtafe
[2011/02/24 19:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Leadertech
[2011/04/16 20:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\McGraw-HillLicensing
[2011/03/18 17:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Nordic Games
[2009/04/18 16:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Skinux
[2011/04/13 20:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\SystemRequirementsLab
[2011/04/27 20:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Unity
[2011/04/25 10:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\URSoft
[2011/04/06 18:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Usifu
[2011/05/11 14:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\uTorrent
[2010/01/10 20:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\WeatherBug
[2009/04/02 20:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Windows Desktop Search
[2009/04/03 00:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Klown\Application Data\Windows Search

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2011/05/06 19:00:01 | 000,017,408 | ---- | M] () MD5=B34ECB5B096290383DB87563ABA0794C -- C:\_OTL\MovedFiles\05112011_135600\C_Documents and Settings\Klown\Local Settings\Application Data\Xenocode\Sandbox\Gygan\0.7.2.3\2011.03.23T02.21\Native\STUBEXE\8.0.1112\@WINDIR@\explorer.exe

< MD5 for: SVCHOST.EXE >
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/05 18:23:29 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/05 18:23:29 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/05 18:23:29 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/05 18:23:26 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/05 18:23:26 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/05 18:23:26 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Klown\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/06 14:21:41 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Klown\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/06 14:21:41 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Klown\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/06 14:21:41 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Klown\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/06 14:21:41 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/05 18:23:29 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/05 18:23:29 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/05 18:23:29 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/05 18:23:26 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/05 18:23:26 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/05 18:23:26 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Klown\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/06 14:21:41 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Klown\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/06 14:21:41 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Klown\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/06 14:21:41 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Klown\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/06 14:21:41 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C265C458
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95

< End of report >









Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6557

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

5/11/2011 2:14:42 PM
mbam-log-2011-05-11 (14-14-42).txt

Scan type: Quick scan
Objects scanned: 180832
Time elapsed: 3 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Registry entries deleted on Reboot...



  • 0

#8
Render
Posted 11 May 2011 - 01:34 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
On completion of these steps please give me an update on how your computer's running. Are you experiencing any problems?

Step 1

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    :OTL

    :Files
    ipconfig /flushdns /c

    :Reg
    [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command]
    ""=""C:\Program Files\Mozilla Firefox\firefox.exe""

    [HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command]
    ""=""C:\Program Files\Internet Explorer\iexplore.exe""

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 2

Download AVPTool from Here to your desktop

Run the program you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
  • On the first tab select all elements down to Computer and then select start scan
  • Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
  • Select the Manual Disinfection tab
  • Press the Gather System Information button
  • Once done Open the last report saved folder then attach the zip file to your next post zip
  • The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image

How to add an attachment to a new topic or reply

When completed the above, please post back the following in the order asked for:
  • AVP Tool Report
  • Attached avptool_sysinfo.zip file

  • 0

#9
rshaffer61
Posted 11 May 2011 - 03:23 PM

rshaffer61

    Moderator

  • Topic Starter
  • Moderator
  • 34,114 posts
All processes killed
========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Klown\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Klown\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\""|""C:\Program Files\Mozilla Firefox\firefox.exe"" /E : value set successfully!
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\""|""C:\Program Files\Internet Explorer\iexplore.exe"" /E : value set successfully!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Elvis

User: Klown
->Temp folder emptied: 512 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 18822952 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 18.00 mb


[EMPTYFLASH]

User: Admin

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Elvis

User: Klown
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 05112011_143616

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_84.dat not found!

Registry entries deleted on Reboot...


Autoscan: completed 1 minute ago (events: 18, objects: 397070, time: 01:25:34)
5/11/2011 2:51:24 PM Task started
5/11/2011 3:07:15 PM Detected: Trojan-Downloader.Win32.IstBar.nh c:\data
5/11/2011 3:11:15 PM Detected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 C:\Documents and Settings\Klown\.housecall\Quarantine\PrCheck.dll.bac_a03932/CryptFF.b
5/11/2011 3:11:15 PM Detected: not-a-virus:AdWare.Win32.PowerScan.d C:\Documents and Settings\Klown\.housecall\Quarantine\powerscan[1].exe.bac_a03932/CryptFF.b/UPX
5/11/2011 3:17:02 PM Deleted: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 C:\Documents and Settings\Klown\.housecall\Quarantine\PrCheck.dll.bac_a03932
5/11/2011 3:17:02 PM Deleted: Trojan-Downloader.Win32.IstBar.nh C:\data
5/11/2011 3:17:02 PM Deleted: not-a-virus:AdWare.Win32.PowerScan.d C:\Documents and Settings\Klown\.housecall\Quarantine\powerscan[1].exe.bac_a03932
5/11/2011 3:17:03 PM Detected: not-a-virus:AdWare.Win32.SideFind.a C:\Documents and Settings\Klown\.housecall\Quarantine\sidefind13[1].dll.bac_a03932/CryptFF.b
5/11/2011 3:17:03 PM Detected: not-a-virus:AdWare.Win32.SideFind C:\Documents and Settings\Klown\.housecall\Quarantine\sfbho13[1].dll.bac_a03932/CryptFF.b/UPX
5/11/2011 3:17:03 PM Detected: Trojan-Downloader.Win32.IstBar.jm C:\Documents and Settings\Klown\.housecall\Quarantine\sidefind[1].exe.bac_a03932/CryptFF.b/UPX
5/11/2011 3:17:10 PM Deleted: not-a-virus:AdWare.Win32.SideFind.a C:\Documents and Settings\Klown\.housecall\Quarantine\sidefind13[1].dll.bac_a03932
5/11/2011 3:17:11 PM Deleted: not-a-virus:AdWare.Win32.SideFind C:\Documents and Settings\Klown\.housecall\Quarantine\sfbho13[1].dll.bac_a03932
5/11/2011 3:17:11 PM Deleted: Trojan-Downloader.Win32.IstBar.jm C:\Documents and Settings\Klown\.housecall\Quarantine\sidefind[1].exe.bac_a03932
5/11/2011 3:17:11 PM Detected: Trojan-Downloader.Win32.IstBar.ms C:\Documents and Settings\Klown\.housecall\Quarantine\ysb[1].dll.bac_a03932/CryptFF.b/UPX
5/11/2011 3:17:13 PM Deleted: Trojan-Downloader.Win32.IstBar.ms C:\Documents and Settings\Klown\.housecall\Quarantine\ysb[1].dll.bac_a03932
5/11/2011 4:03:56 PM Detected: Trojan-Downloader.Win32.IstBar.nh E:\winboot\data
5/11/2011 4:16:58 PM Deleted: Trojan-Downloader.Win32.IstBar.nh E:\winboot\data
5/11/2011 4:16:58 PM Task completed
  • 0

#10
Render
Posted 11 May 2011 - 03:57 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Now update your system to Windows XP3 as SP2 is no longer supported.

Please go here and follow the instructions.
  • 0

Advertisements

#11
rshaffer61
Posted 11 May 2011 - 04:56 PM

rshaffer61

    Moderator

  • Topic Starter
  • Moderator
  • 34,114 posts
I have tried several times and system will not download nor install SP3.I get the below onupdate site.

The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.
For self-help options:

Frequently Asked Questions

Find Solutions

Windows Update Newsgroup
For assisted support options:

Microsoft Online Assisted Support (no-cost for Windows Update issues)


  • 0

#12
Render
Posted 11 May 2011 - 05:29 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please download Service pack 3 here and install it.
  • 0

#13
rshaffer61
Posted 11 May 2011 - 06:26 PM

rshaffer61

    Moderator

  • Topic Starter
  • Moderator
  • 34,114 posts
SP3 now installed :)
Windows update will not enable. :unsure:
  • 0

#14
Render
Posted 11 May 2011 - 06:36 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. It seems a little too fast. :)

Now let's see if Windows Update works.

  • Using Internet Explorer visit http://windowsupdate.microsoft.com.
  • On the Microsoft Windows Update page, select the option Scan for updates.
  • Please install all critical updates.
When done, please let me know.
  • 0

#15
rshaffer61
Posted 11 May 2011 - 07:26 PM

rshaffer61

    Moderator

  • Topic Starter
  • Moderator
  • 34,114 posts
Same message as before

The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.
For self-help options:

Frequently Asked Questions

Find Solutions

Windows Update Newsgroup
For assisted support options:

Microsoft Online Assisted Support (no-cost for Windows Update issues)


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP