Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows XP recovery virus infected many errors


  • This topic is locked This topic is locked

#1
inferno007

inferno007

    Member

  • Member
  • PipPip
  • 61 posts
Hi i really need help on this!

im infected by a virus im not sure what it is but i am sure im severly infected

everytime i log on i get a windows XP recovery window popping up starting to scan and tellin me of many errors in my sytem i can close that window. My background for my desktop is gone and i can chage it i cannot open task manager and my start menu has lost all its program but i know they are not gone since yhey are still in my c drive program list where i can open them from.

im continually getting errors saying hard disk error and many other error.
can anyone help me please as soon as possible??

this virus is also hiding all my filed and program folders thrying to fool me into thiking they are deleted but ive checked show hidden files and folders and im able to see them and access them

:)

computer is in a bad state

Edited by inferno007, 20 May 2011 - 05:18 AM.

  • 0

Advertisements


#2
inferno007

inferno007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Hi sorry to repost but i just realised that this virus keeps on restarting my system meaning it is going to be hard to scan. i was scanning with avast now and suddenly the system restarted.
  • 0

#3
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, inferno007! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.

Please do the following:

Step 1

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

Step 2

Posted Image OTL Custom Scan

  • Download OTL to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %Temp%\smtmp\*. /mp /s
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
    
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:
  • Contents of the RKreport.txt
  • OTL log
  • Extras log

  • 0

#4
inferno007

inferno007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Hi thanks for your replay

I have managed to get the system running a bit better as i have scanned with malwarebyte and deleted anything which it has found.

im going to now perform the steps you have told me :)
  • 0

#5
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK.
  • 0

#6
inferno007

inferno007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
RKreport:

RogueKiller V5.1.4 [05/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: JAYEN [Admin rights]
Mode: Scan -- Date : 05/20/2011 17:30:32

Bad processes: 0

Registry Entries: 3
[BLACKLIST DLL] HKCU\[...]\Run : Pzocafujahoza (rundll32.exe "C:\WINDOWS\k3pusg.dll",Startup) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-52147570-3994516288-2691582696-1006[...]\Run : Pzocafujahoza (rundll32.exe "C:\WINDOWS\k3pusg.dll",Startup) -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#7
inferno007

inferno007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
OTL log:

OTL logfile created on: 20/05/2011 17:34:10 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Documents and Settings\JAYEN.SN049851020181\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 451.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.99 Gb Total Space | 8.75 Gb Free Space | 29.17% Space Free | Partition Type: NTFS
Drive D: | 119.05 Gb Total Space | 109.07 Gb Free Space | 91.62% Space Free | Partition Type: NTFS

Computer Name: PC-HOME | User Name: JAYEN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/20 17:29:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\JAYEN.SN049851020181\Desktop\OTL.exe
PRC - [2011/05/10 13:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/05/10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/03/30 18:01:50 | 000,671,552 | -H-- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/03/30 18:00:10 | 001,523,008 | -H-- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/03/21 19:56:16 | 001,230,704 | -H-- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/31 17:54:31 | 000,274,608 | -H-- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2009/04/30 16:01:10 | 000,154,136 | -H-- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 08:27:52 | 000,073,728 | -H-- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/02/23 12:09:06 | 000,114,784 | -H-- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
PRC - [2006/02/23 12:09:04 | 000,266,338 | -H-- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
PRC - [2006/02/23 12:08:28 | 001,073,152 | -H-- | M] (Cyberlink) -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2003/01/27 17:16:58 | 000,376,912 | -H-- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe


========== Modules (SafeList) ==========

MOD - [2011/05/20 17:29:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\JAYEN.SN049851020181\Desktop\OTL.exe
MOD - [2011/05/10 13:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/03/30 18:00:10 | 001,523,008 | -H-- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/03/30 17:57:40 | 000,029,504 | -H-- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/01/08 13:22:16 | 000,008,192 | -H-- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\srvany.exe -- (KMService)
SRV - [2009/04/30 16:01:10 | 000,154,136 | -H-- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/08/09 08:27:52 | 000,073,728 | -H-- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/02/23 12:09:06 | 000,114,784 | -H-- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/02/23 12:09:04 | 000,266,338 | -H-- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/02/23 12:08:28 | 001,073,152 | -H-- | M] (Cyberlink) [Auto | Running] -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/08/02 15:18:50 | 000,086,016 | -H-- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 13:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 13:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 13:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 13:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 12:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 12:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 12:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/10/07 13:34:32 | 000,010,064 | -H-- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/07/31 12:04:31 | 000,027,632 | -H-- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2010/07/31 12:04:19 | 000,025,512 | -H-- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010/07/31 12:04:19 | 000,013,224 | -H-- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/05/01 00:03:28 | 000,023,832 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/05/01 00:03:06 | 006,754,712 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Communicate Deluxe(UVC)
DRV - [2009/05/01 00:01:34 | 000,265,496 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 16:00:12 | 000,025,624 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/02/25 23:58:57 | 003,565,568 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 19:53:09 | 000,040,320 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/02/25 12:54:56 | 000,105,088 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/05/12 01:31:20 | 000,041,888 | RH-- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/12 01:30:03 | 001,921,184 | RH-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2005/12/09 17:48:40 | 004,123,136 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/10/18 12:16:00 | 000,905,608 | -H-- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005/08/02 15:10:14 | 000,032,512 | -H-- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/01/07 17:07:16 | 000,145,920 | -H-- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/03 22:31:34 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/04/11 16:21:38 | 000,013,335 | RH-- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbcm.sys -- (usbcm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17159

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3
FF - prefs.js..extensions.enabledItems: {CE494EE3-65A1-4f63-8FC1-645217F86979}:2.2.2009110501
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..keyword.URL: "http://search.babylo...affID=17159&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/31 17:55:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/13 20:54:08 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/13 20:54:08 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 14:18:51 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/23 12:06:00 | 000,000,000 | -H-D | M]

[2009/06/25 09:09:22 | 000,000,000 | -H-D | M] (No name found) -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Mozilla\Extensions
[2011/05/14 21:23:44 | 000,000,000 | -H-D | M] (No name found) -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Mozilla\Firefox\Profiles\c754wgkm.default\extensions
[2010/02/16 11:19:25 | 000,000,000 | -H-D | M] ("Policy Manager") -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Mozilla\Firefox\Profiles\c754wgkm.default\extensions\{CE494EE3-65A1-4f63-8FC1-645217F86979}
[2011/03/13 12:59:13 | 000,000,000 | -H-D | M] (Download Statusbar) -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Mozilla\Firefox\Profiles\c754wgkm.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/04/28 19:36:20 | 000,000,000 | -H-D | M] (British English Dictionary) -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Mozilla\Firefox\Profiles\c754wgkm.default\extensions\[email protected]
[2011/03/13 20:00:42 | 000,000,000 | -H-D | M] (Personas) -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Mozilla\Firefox\Profiles\c754wgkm.default\extensions\[email protected]
[2010/07/27 11:54:39 | 000,000,000 | -H-D | M] (Tab Scope) -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Mozilla\Firefox\Profiles\c754wgkm.default\extensions\[email protected](2).org
[2011/03/23 18:38:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/28 12:25:40 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2009/07/11 11:27:47 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/12/31 17:55:09 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- D:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- D:\DOCUMENTS AND SETTINGS\JAYEN.SN049851020181\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C754WGKM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- D:\DOCUMENTS AND SETTINGS\JAYEN.SN049851020181\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C754WGKM.DEFAULT\EXTENSIONS\[email protected]
[2011/04/30 14:18:40 | 000,142,296 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/04/29 16:10:38 | 000,002,423 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2010/01/01 09:00:00 | 000,002,252 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/07/29 20:03:40 | 000,000,027 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Pzocafujahoza] File not found
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe (VisualTaskTips.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1245921965281 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (D:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities 2011\WinStyler\tu_logonui.exe) - D:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities 2011\WinStyler\tu_logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: D:\Documents and Settings\JAYEN.SN049851020181\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\JAYEN.SN049851020181\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk /k:D *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2011/05/20 17:30:32 | 000,000,000 | ---D | C] -- D:\Documents and Settings\JAYEN.SN049851020181\Desktop\RK_Quarantine
[2011/05/20 17:29:12 | 000,580,608 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\JAYEN.SN049851020181\Desktop\OTL.exe
[2011/05/20 13:34:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/20 13:34:30 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/20 13:34:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/20 13:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/20 13:19:41 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\JAYEN.SN049851020181\My Documents\mbam-setup.exe
[2011/05/20 13:08:04 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\JAYEN.SN049851020181\Recent
[2011/05/19 21:27:25 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\JAYEN.SN049851020181\Start Menu\Programs\Windows XP Recovery
[2011/05/19 21:23:49 | 000,004,224 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\beep.sys
[2011/05/05 19:34:34 | 000,029,504 | -H-- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2011/04/29 19:34:25 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\BabylonToolbar
[2011/04/29 16:10:21 | 000,000,000 | -H-D | C] -- C:\Program Files\Yuna Software
[2011/04/21 18:52:18 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Visual Task Tips
[2011/04/21 18:52:17 | 000,000,000 | -H-D | C] -- C:\Program Files\VisualTaskTips
[2009/09/18 14:46:42 | 568,246,518 | -H-- | C] ([STEALTH] Productions) -- C:\Program Files\Adobe Flash CS4 Portable.exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/20 17:34:12 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-52147570-3994516288-2691582696-1006.job
[2011/05/20 17:34:12 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-52147570-3994516288-2691582696-1006.job
[2011/05/20 17:29:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\JAYEN.SN049851020181\Desktop\OTL.exe
[2011/05/20 17:28:07 | 000,473,088 | ---- | M] () -- D:\Documents and Settings\JAYEN.SN049851020181\Desktop\RogueKiller.exe
[2011/05/20 17:23:07 | 000,000,280 | -H-- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-52147570-3994516288-2691582696-1007.job
[2011/05/20 17:22:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/20 13:34:30 | 000,000,669 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/20 13:32:11 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\JAYEN.SN049851020181\My Documents\mbam-setup.exe
[2011/05/20 12:46:30 | 000,000,136 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\~17751844r
[2011/05/20 12:46:30 | 000,000,112 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\~17751844
[2011/05/20 12:46:05 | 000,000,460 | RHS- | M] () -- C:\BOOT.INI
[2011/05/19 22:15:47 | 000,153,263 | -H-- | M] () -- D:\Documents and Settings\JAYEN.SN049851020181\My Documents\Untitled-1.png
[2011/05/19 22:15:16 | 000,155,830 | -H-- | M] () -- D:\Documents and Settings\JAYEN.SN049851020181\Desktop\Untitled-1.png
[2011/05/19 21:31:22 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/05/19 21:31:18 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/05/19 21:28:06 | 000,000,384 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\17751844
[2011/05/19 17:59:15 | 000,000,288 | -H-- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-52147570-3994516288-2691582696-1007.job
[2011/05/12 19:00:01 | 000,002,626 | -H-- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/10 13:10:59 | 000,040,112 | -H-- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/10 13:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/10 13:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/10 13:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/10 13:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/10 13:02:25 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/10 13:02:22 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/10 12:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/10 12:59:37 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/10 12:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/03 21:03:22 | 000,000,030 | -H-- | M] () -- C:\WINDOWS\Iedit.INI
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/20 17:28:12 | 000,473,088 | ---- | C] () -- D:\Documents and Settings\JAYEN.SN049851020181\Desktop\RogueKiller.exe
[2011/05/20 13:34:30 | 000,000,669 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/19 22:15:45 | 000,153,263 | -H-- | C] () -- D:\Documents and Settings\JAYEN.SN049851020181\My Documents\Untitled-1.png
[2011/05/19 22:15:11 | 000,155,830 | -H-- | C] () -- D:\Documents and Settings\JAYEN.SN049851020181\Desktop\Untitled-1.png
[2011/05/19 21:27:36 | 000,000,136 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\~17751844r
[2011/05/19 21:27:36 | 000,000,112 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\~17751844
[2011/05/19 21:27:17 | 000,000,384 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\17751844
[2011/01/12 11:06:40 | 000,000,199 | -H-- | C] () -- C:\WINDOWS\Streaker 2 no_clock.ini
[2011/01/12 11:06:17 | 000,001,557 | -H-- | C] () -- C:\WINDOWS\unins001.dat
[2011/01/12 11:05:32 | 000,000,186 | -H-- | C] () -- C:\WINDOWS\Harbor Lights ScSv no clock.ini
[2011/01/12 11:04:13 | 000,001,701 | -H-- | C] () -- C:\WINDOWS\unins000.dat
[2011/01/08 13:22:42 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\System32\srvany.exe
[2010/08/08 13:05:02 | 000,010,240 | -H-- | C] () -- C:\WINDOWS\System32\virport.dll
[2009/11/06 22:45:05 | 000,000,025 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/09/18 15:14:42 | 000,000,023 | -H-- | C] () -- C:\WINDOWS\SWFDecompiler.INI
[2009/07/31 21:49:48 | 000,000,030 | -H-- | C] () -- C:\WINDOWS\Iedit.INI
[2009/06/27 15:04:02 | 000,000,005 | -H-- | C] () -- C:\WINDOWS\sbacknt.bin
[2009/06/26 15:20:50 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/06/26 13:53:47 | 000,344,494 | -H-- | C] () -- C:\WINDOWS\uninstall Suction.exe
[2009/06/26 11:59:12 | 000,593,920 | -H-- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/06/26 11:29:56 | 000,000,281 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2009/06/25 14:00:35 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/06/25 11:35:28 | 000,000,143 | -H-- | C] () -- D:\Documents and Settings\JAYEN.SN049851020181\Local Settings\Application Data\fusioncache.dat
[2009/06/25 09:09:22 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/24 11:00:52 | 000,663,552 | -H-- | C] () -- C:\WINDOWS\System32\libeay32_1-1-0_DDR.dll
[2009/06/24 11:00:52 | 000,532,594 | -H-- | C] () -- C:\WINDOWS\System32\xerces-c_1_40_0_DDR.dll
[2009/06/24 11:00:52 | 000,524,377 | -H-- | C] () -- C:\WINDOWS\System32\stlport_4_0_0_DDR.dll
[2009/06/24 11:00:52 | 000,307,329 | -H-- | C] () -- C:\WINDOWS\System32\BJBase_2-2-2_DDR.dll
[2009/06/24 11:00:52 | 000,159,744 | -H-- | C] () -- C:\WINDOWS\System32\ssleay32_1-1-0_DDR.dll
[2009/06/24 10:41:31 | 000,039,424 | -H-- | C] () -- D:\Documents and Settings\JAYEN.SN049851020181\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/24 10:14:18 | 000,082,289 | -H-- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/06/24 10:02:05 | 000,077,824 | RH-- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/06/24 09:58:20 | 000,118,639 | -H-- | C] () -- C:\WINDOWS\hpoins09.dat
[2009/06/24 09:43:39 | 000,001,324 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/24 09:43:17 | 000,198,144 | -H-- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2009/06/24 09:20:17 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/24 09:13:07 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/06/24 09:13:07 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/05/08 10:13:04 | 000,013,584 | -H-- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 16:00:12 | 000,025,624 | -H-- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/02/25 21:58:44 | 003,107,788 | -H-- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/02/25 21:58:44 | 000,887,724 | -H-- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/01/26 18:55:37 | 000,182,995 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/03/09 20:28:40 | 000,011,645 | -H-- | C] () -- C:\WINDOWS\hpomdl09.dat
[2006/03/07 13:35:12 | 000,006,465 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/10/18 12:15:00 | 000,069,632 | -H-- | C] () -- C:\WINDOWS\sm56spn.dll
[2005/10/18 12:15:00 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\sm56jpn.dll
[2005/10/18 12:14:00 | 000,069,632 | -H-- | C] () -- C:\WINDOWS\sm56itl.dll
[2005/10/18 12:14:00 | 000,069,632 | -H-- | C] () -- C:\WINDOWS\sm56eng.dll
[2005/10/18 12:14:00 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\sm56ger.dll
[2005/10/18 12:14:00 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\sm56fra.dll
[2005/10/18 12:13:00 | 000,069,632 | -H-- | C] () -- C:\WINDOWS\sm56brz.dll
[2005/10/18 12:13:00 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\sm56cht.dll
[2005/10/18 12:13:00 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\sm56chs.dll
[2005/08/02 15:24:02 | 000,053,299 | -H-- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2004/08/10 17:13:32 | 000,000,780 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 17:03:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 16:55:57 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 16:48:11 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 16:46:35 | 000,375,264 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 16:38:12 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 16:38:09 | 000,483,904 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 16:38:09 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 16:38:09 | 000,079,918 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 16:38:09 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 16:38:08 | 000,004,613 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 16:38:06 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 16:38:04 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 16:37:57 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 16:37:57 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 16:37:48 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 16:37:40 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/07/07 03:00:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/01/20 18:09:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/31 12:38:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/01/21 21:10:38 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\id Software
[2009/06/26 17:35:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2011/03/26 17:44:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\MFAData
[2010/09/17 11:43:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Nexon
[2009/06/26 15:34:01 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\NexonEU
[2009/06/23 18:26:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\OD2
[2009/06/23 17:43:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/07/28 11:09:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/13 17:44:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/06/23 18:18:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/12/13 17:43:18 | 000,000,000 | -HSD | M] -- D:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/03/25 20:40:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/25 10:15:17 | 000,000,000 | -HSD | M] -- D:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/12/04 21:13:20 | 000,000,000 | -HSD | M] -- D:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/10/26 13:29:45 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\aerix
[2009/10/27 15:36:55 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\AeroSnapApp
[2009/07/09 17:02:47 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Any DVD Converter Professional
[2009/06/29 20:11:55 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\AveDesk
[2011/04/29 19:34:25 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\BabylonToolbar
[2009/11/19 20:09:36 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Bump Technologies, Inc
[2009/10/09 17:46:42 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Easy Thumbnails
[2009/06/24 12:58:48 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\LG Electronics
[2010/12/13 17:21:51 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Local
[2010/06/17 18:11:50 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\MatchWare
[2011/03/26 20:27:31 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\QuickScan
[2010/12/29 13:54:33 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Rainmeter
[2010/02/08 20:23:03 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\SmartDraw
[2010/08/08 13:09:17 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Softland
[2011/04/12 19:06:19 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\TuneUp Software
[2009/06/24 09:35:55 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Ulead Systems
[2011/04/11 16:11:59 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Unity
[2009/06/28 13:43:05 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\vghd
[2009/06/24 09:24:26 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 01:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 01:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %Temp%\smtmp\*. /mp /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/30 14:18:49 | 000,711,672 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/30 14:18:49 | 000,711,672 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/30 14:18:49 | 000,711,672 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/30 14:18:43 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/30 14:18:43 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/30 14:18:43 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/30 14:18:49 | 000,711,672 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/30 14:18:49 | 000,711,672 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/30 14:18:49 | 000,711,672 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/30 14:18:43 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/30 14:18:43 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/30 14:18:43 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 210 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:0C1EFF69
@Alternate Data Stream - 151 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 118 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8

< End of report >
  • 0

#8
inferno007

inferno007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Extras.txt

OTL Extras logfile created on: 20/05/2011 17:34:10 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Documents and Settings\JAYEN.SN049851020181\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 451.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.99 Gb Total Space | 8.75 Gb Free Space | 29.17% Space Free | Partition Type: NTFS
Drive D: | 119.05 Gb Total Space | 109.07 Gb Free Space | 91.62% Space Free | Partition Type: NTFS

Computer Name: PC-HOME | User Name: JAYEN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- (Nexon)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\APPS\Powercinema\PowerCinema.exe" = C:\APPS\Powercinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema -- (CyberLink Corp.)
"C:\APPS\Powercinema\PCMService.exe" = C:\APPS\Powercinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"D:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe" = D:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms EU\NMService.exe" = C:\Nexon\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java™ 6 Update 20
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help
"{5A065EA0-0EEC-4E94-A2A0-40812576C122}" = Ulead PhotoImpact 10 SE
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{843C157F-7570-4D53-A376-321B781B9DA9}" = SM56Tester
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}" = HP Photosmart and Deskjet 7.0.A
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"BroadJump Client Foundation" = BroadJump Client Foundation
"Combat Arms EU" = Combat Arms EU
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Driving Theory Test Express v2.9.0.0_is1" = Driving Theory Test Express v2.9.0.0
"Harbor Lights ScSv_is1" = Harbor Lights ScSv
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"legacyqcam_11.00" = Logitech Legacy USB Camera Driver Package
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus!" = Messenger Plus! 5
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Rainmeter" = Rainmeter (remove only)
"RealPlayer 12.0" = RealPlayer
"Recuva" = Recuva (remove only)
"RocketDock_is1" = RocketDock 1.3.5
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Streaker 2_is1" = Streaker 2
"Suction" = Suction
"Total Video Converter 3.21_is1" = Total Video Converter 3.21 090220
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Visual Task Tips" = Visual Task Tips 3.4
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/04/2011 09:16:15 | Computer Name = PC-HOME | Source = Application Hang | ID = 1002
Description = Hanging application DivX Plus Player.exe, version 10.2.1.20, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 17/04/2011 07:52:57 | Computer Name = PC-HOME | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 03/05/2011 13:12:39 | Computer Name = PC-HOME | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 04/05/2011 07:56:14 | Computer Name = PC-HOME | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 04/05/2011 07:56:30 | Computer Name = PC-HOME | Source = Application Hang | ID = 1001
Description = Fault bucket -1896177309.

Error - 13/05/2011 11:38:28 | Computer Name = PC-HOME | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 19/05/2011 16:35:38 | Computer Name = PC-HOME | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 20/05/2011 07:26:27 | Computer Name = PC-HOME | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 20/05/2011 09:00:24 | Computer Name = PC-HOME | Source = Application Error | ID = 1000
Description = Faulting application sdupdate.exe, version 1.6.0.12, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 20/05/2011 10:23:57 | Computer Name = PC-HOME | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 25/10/2009 12:33:52 | Computer Name = SN049851020181 | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 17/03/2010 14:08:45 | Computer Name = SN049851020181 | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 17/03/2010 14:08:58 | Computer Name = SN049851020181 | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 17/03/2010 14:09:24 | Computer Name = SN049851020181 | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 17/03/2010 14:15:43 | Computer Name = SN049851020181 | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 17/03/2010 16:40:10 | Computer Name = SN049851020181 | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 17/03/2010 16:40:20 | Computer Name = SN049851020181 | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 31/03/2010 09:29:24 | Computer Name = SN049851020181 | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 12/08/2010 07:19:43 | Computer Name = SN049851020181 | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 12/08/2010 07:19:59 | Computer Name = SN049851020181 | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

[ System Events ]
Error - 20/05/2011 10:41:24 | Computer Name = PC-HOME | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 20/05/2011 10:41:26 | Computer Name = PC-HOME | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%3

Error - 20/05/2011 10:41:26 | Computer Name = PC-HOME | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 20/05/2011 10:41:26 | Computer Name = PC-HOME | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5

Error - 20/05/2011 12:23:25 | Computer Name = PC-HOME | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 20/05/2011 12:23:29 | Computer Name = PC-HOME | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%3

Error - 20/05/2011 12:23:29 | Computer Name = PC-HOME | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 20/05/2011 12:23:29 | Computer Name = PC-HOME | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5

Error - 20/05/2011 12:35:12 | Computer Name = PC-HOME | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 20/05/2011 12:35:13 | Computer Name = PC-HOME | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5

[ TuneUp Events ]
Error - 28/06/2009 09:16:47 | Computer Name = SN049851020181 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 28/06/2009 09:16:57 | Computer Name = SN049851020181 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 28/06/2009 09:32:46 | Computer Name = SN049851020181 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 06/12/2009 15:12:52 | Computer Name = SN049851020181 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 06/12/2009 15:13:17 | Computer Name = SN049851020181 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 06/12/2009 15:14:03 | Computer Name = SN049851020181 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 06/12/2009 15:52:02 | Computer Name = SN049851020181 | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 06/12/2009 15:52:02 | Computer Name = SN049851020181 | Source = TuneUp Program Statistics | ID = 131840
Description =


< End of report >
  • 0

#9
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Please repeat OTL scan and make sure to check Scan all users option:

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %Temp%\smtmp\*.* /s
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
    
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

#10
inferno007

inferno007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
OTL text:

OTL logfile created on: 20/05/2011 18:42:57 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Documents and Settings\JAYEN.SN049851020181\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 254.00 Mb Available Physical Memory | 25.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.99 Gb Total Space | 8.75 Gb Free Space | 29.18% Space Free | Partition Type: NTFS
Drive D: | 119.05 Gb Total Space | 109.07 Gb Free Space | 91.62% Space Free | Partition Type: NTFS

Computer Name: PC-HOME | User Name: JAYEN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/20 17:29:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\JAYEN.SN049851020181\Desktop\OTL.exe
PRC - [2011/05/10 13:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/05/10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/04/30 14:18:43 | 000,924,632 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/30 18:01:50 | 000,671,552 | -H-- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/03/30 18:00:10 | 001,523,008 | -H-- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/03/21 19:56:16 | 001,230,704 | -H-- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/31 17:54:31 | 000,274,608 | -H-- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2009/04/30 16:01:10 | 000,154,136 | -H-- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 08:27:52 | 000,073,728 | -H-- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/02/23 12:09:06 | 000,114,784 | -H-- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
PRC - [2006/02/23 12:09:04 | 000,266,338 | -H-- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
PRC - [2006/02/23 12:08:28 | 001,073,152 | -H-- | M] (Cyberlink) -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2003/01/27 17:16:58 | 000,376,912 | -H-- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe


========== Modules (SafeList) ==========

MOD - [2011/05/20 17:29:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\JAYEN.SN049851020181\Desktop\OTL.exe
MOD - [2011/05/10 13:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/12/31 17:55:08 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 01:02:02 | 000,653,120 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/03/30 18:00:10 | 001,523,008 | -H-- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/03/30 17:57:40 | 000,029,504 | -H-- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/01/08 13:22:16 | 000,008,192 | -H-- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\srvany.exe -- (KMService)
SRV - [2009/04/30 16:01:10 | 000,154,136 | -H-- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/08/09 08:27:52 | 000,073,728 | -H-- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/02/23 12:09:06 | 000,114,784 | -H-- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/02/23 12:09:04 | 000,266,338 | -H-- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/02/23 12:08:28 | 001,073,152 | -H-- | M] (Cyberlink) [Auto | Running] -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/08/02 15:18:50 | 000,086,016 | -H-- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 13:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 13:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 13:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 13:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 12:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 12:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 12:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/10/07 13:34:32 | 000,010,064 | -H-- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/07/31 12:04:31 | 000,027,632 | -H-- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2010/07/31 12:04:19 | 000,025,512 | -H-- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010/07/31 12:04:19 | 000,013,224 | -H-- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/05/01 00:03:28 | 000,023,832 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/05/01 00:03:06 | 006,754,712 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Communicate Deluxe(UVC)
DRV - [2009/05/01 00:01:34 | 000,265,496 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 16:00:12 | 000,025,624 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/02/25 23:58:57 | 003,565,568 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 19:53:09 | 000,040,320 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/02/25 12:54:56 | 000,105,088 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/05/12 01:31:20 | 000,041,888 | RH-- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/12 01:30:03 | 001,921,184 | RH-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2005/12/09 17:48:40 | 004,123,136 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/10/18 12:16:00 | 000,905,608 | -H-- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005/08/02 15:10:14 | 000,032,512 | -H-- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/01/07 17:07:16 | 000,145,920 | -H-- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/03 22:31:34 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/04/11 16:21:38 | 000,013,335 | RH-- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbcm.sys -- (usbcm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17159


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-52147570-3994516288-2691582696-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-52147570-3994516288-2691582696-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3
FF - prefs.js..extensions.enabledItems: {CE494EE3-65A1-4f63-8FC1-645217F86979}:2.2.2009110501
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..keyword.URL: "http://search.babylo...affID=17159&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/31 17:55:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/13 20:54:08 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/13 20:54:08 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 14:18:51 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/23 12:06:00 | 000,000,000 | -H-D | M]

[2009/06/25 09:09:22 | 000,000,000 | -H-D | M] (No name found) -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Mozilla\Extensions
[2011/05/14 21:23:44 | 000,000,000 | -H-D | M] (No name found) -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Mozilla\Firefox\Profiles\c754wgkm.default\extensions
[2010/02/16 11:19:25 | 000,000,000 | -H-D | M] ("Policy Manager") -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Mozilla\Firefox\Profiles\c754wgkm.default\extensions\{CE494EE3-65A1-4f63-8FC1-645217F86979}
[2011/03/13 12:59:13 | 000,000,000 | -H-D | M] (Download Statusbar) -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Mozilla\Firefox\Profiles\c754wgkm.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/04/28 19:36:20 | 000,000,000 | -H-D | M] (British English Dictionary) -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Mozilla\Firefox\Profiles\c754wgkm.default\extensions\[email protected]
[2011/03/13 20:00:42 | 000,000,000 | -H-D | M] (Personas) -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Mozilla\Firefox\Profiles\c754wgkm.default\extensions\[email protected]
[2010/07/27 11:54:39 | 000,000,000 | -H-D | M] (Tab Scope) -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Mozilla\Firefox\Profiles\c754wgkm.default\extensions\[email protected](2).org
[2011/03/23 18:38:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/28 12:25:40 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2009/07/11 11:27:47 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/12/31 17:55:09 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- D:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- D:\DOCUMENTS AND SETTINGS\JAYEN.SN049851020181\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C754WGKM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- D:\DOCUMENTS AND SETTINGS\JAYEN.SN049851020181\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C754WGKM.DEFAULT\EXTENSIONS\[email protected]
[2011/04/30 14:18:40 | 000,142,296 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/04/29 16:10:38 | 000,002,423 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2010/01/01 09:00:00 | 000,002,252 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/07/29 20:03:40 | 000,000,027 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-52147570-3994516288-2691582696-1006..\Run: [Pzocafujahoza] File not found
O4 - HKU\S-1-5-21-52147570-3994516288-2691582696-1006..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-52147570-3994516288-2691582696-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-52147570-3994516288-2691582696-1006..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe (VisualTaskTips.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-52147570-3994516288-2691582696-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-52147570-3994516288-2691582696-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-52147570-3994516288-2691582696-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-52147570-3994516288-2691582696-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-52147570-3994516288-2691582696-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1245921965281 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (D:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities 2011\WinStyler\tu_logonui.exe) - D:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities 2011\WinStyler\tu_logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: D:\Documents and Settings\JAYEN.SN049851020181\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\JAYEN.SN049851020181\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk /k:D *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2011/05/20 17:30:32 | 000,000,000 | ---D | C] -- D:\Documents and Settings\JAYEN.SN049851020181\Desktop\RK_Quarantine
[2011/05/20 17:29:12 | 000,580,608 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\JAYEN.SN049851020181\Desktop\OTL.exe
[2011/05/20 13:34:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/20 13:34:30 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/20 13:34:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/20 13:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/20 13:19:41 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\JAYEN.SN049851020181\My Documents\mbam-setup.exe
[2011/05/20 13:08:04 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\JAYEN.SN049851020181\Recent
[2011/05/19 21:27:25 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\JAYEN.SN049851020181\Start Menu\Programs\Windows XP Recovery
[2011/05/19 21:23:49 | 000,004,224 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\beep.sys
[2011/05/05 19:34:34 | 000,029,504 | -H-- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2011/04/29 19:34:25 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\BabylonToolbar
[2011/04/29 16:10:21 | 000,000,000 | -H-D | C] -- C:\Program Files\Yuna Software
[2011/04/21 18:52:18 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Visual Task Tips
[2011/04/21 18:52:17 | 000,000,000 | -H-D | C] -- C:\Program Files\VisualTaskTips
[2009/09/18 14:46:42 | 568,246,518 | -H-- | C] ([STEALTH] Productions) -- C:\Program Files\Adobe Flash CS4 Portable.exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/20 18:43:03 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-52147570-3994516288-2691582696-1006.job
[2011/05/20 18:43:03 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-52147570-3994516288-2691582696-1006.job
[2011/05/20 17:29:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\JAYEN.SN049851020181\Desktop\OTL.exe
[2011/05/20 17:28:07 | 000,473,088 | ---- | M] () -- D:\Documents and Settings\JAYEN.SN049851020181\Desktop\RogueKiller.exe
[2011/05/20 17:23:07 | 000,000,280 | -H-- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-52147570-3994516288-2691582696-1007.job
[2011/05/20 17:22:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/20 13:34:30 | 000,000,669 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/20 13:32:11 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\JAYEN.SN049851020181\My Documents\mbam-setup.exe
[2011/05/20 12:46:30 | 000,000,136 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\~17751844r
[2011/05/20 12:46:30 | 000,000,112 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\~17751844
[2011/05/20 12:46:05 | 000,000,460 | RHS- | M] () -- C:\BOOT.INI
[2011/05/19 22:15:47 | 000,153,263 | -H-- | M] () -- D:\Documents and Settings\JAYEN.SN049851020181\My Documents\Untitled-1.png
[2011/05/19 22:15:16 | 000,155,830 | -H-- | M] () -- D:\Documents and Settings\JAYEN.SN049851020181\Desktop\Untitled-1.png
[2011/05/19 21:31:22 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/05/19 21:31:18 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/05/19 21:28:06 | 000,000,384 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\17751844
[2011/05/19 17:59:15 | 000,000,288 | -H-- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-52147570-3994516288-2691582696-1007.job
[2011/05/12 19:00:01 | 000,002,626 | -H-- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/10 13:10:59 | 000,040,112 | -H-- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/10 13:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/10 13:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/10 13:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/10 13:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/10 13:02:25 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/10 13:02:22 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/10 12:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/10 12:59:37 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/10 12:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/03 21:03:22 | 000,000,030 | -H-- | M] () -- C:\WINDOWS\Iedit.INI
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/20 17:28:12 | 000,473,088 | ---- | C] () -- D:\Documents and Settings\JAYEN.SN049851020181\Desktop\RogueKiller.exe
[2011/05/20 13:34:30 | 000,000,669 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/19 22:15:45 | 000,153,263 | -H-- | C] () -- D:\Documents and Settings\JAYEN.SN049851020181\My Documents\Untitled-1.png
[2011/05/19 22:15:11 | 000,155,830 | -H-- | C] () -- D:\Documents and Settings\JAYEN.SN049851020181\Desktop\Untitled-1.png
[2011/05/19 21:27:36 | 000,000,136 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\~17751844r
[2011/05/19 21:27:36 | 000,000,112 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\~17751844
[2011/05/19 21:27:17 | 000,000,384 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\17751844
[2011/01/12 11:06:40 | 000,000,199 | -H-- | C] () -- C:\WINDOWS\Streaker 2 no_clock.ini
[2011/01/12 11:06:17 | 000,001,557 | -H-- | C] () -- C:\WINDOWS\unins001.dat
[2011/01/12 11:05:32 | 000,000,186 | -H-- | C] () -- C:\WINDOWS\Harbor Lights ScSv no clock.ini
[2011/01/12 11:04:13 | 000,001,701 | -H-- | C] () -- C:\WINDOWS\unins000.dat
[2011/01/08 13:22:42 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\System32\srvany.exe
[2010/08/08 13:05:02 | 000,010,240 | -H-- | C] () -- C:\WINDOWS\System32\virport.dll
[2009/11/06 22:45:05 | 000,000,025 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/09/18 15:14:42 | 000,000,023 | -H-- | C] () -- C:\WINDOWS\SWFDecompiler.INI
[2009/07/31 21:49:48 | 000,000,030 | -H-- | C] () -- C:\WINDOWS\Iedit.INI
[2009/06/27 15:04:02 | 000,000,005 | -H-- | C] () -- C:\WINDOWS\sbacknt.bin
[2009/06/26 15:20:50 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/06/26 13:53:47 | 000,344,494 | -H-- | C] () -- C:\WINDOWS\uninstall Suction.exe
[2009/06/26 11:59:12 | 000,593,920 | -H-- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/06/26 11:29:56 | 000,000,281 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2009/06/25 14:00:35 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/06/25 11:35:28 | 000,000,143 | -H-- | C] () -- D:\Documents and Settings\JAYEN.SN049851020181\Local Settings\Application Data\fusioncache.dat
[2009/06/25 09:09:22 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/24 11:00:52 | 000,663,552 | -H-- | C] () -- C:\WINDOWS\System32\libeay32_1-1-0_DDR.dll
[2009/06/24 11:00:52 | 000,532,594 | -H-- | C] () -- C:\WINDOWS\System32\xerces-c_1_40_0_DDR.dll
[2009/06/24 11:00:52 | 000,524,377 | -H-- | C] () -- C:\WINDOWS\System32\stlport_4_0_0_DDR.dll
[2009/06/24 11:00:52 | 000,307,329 | -H-- | C] () -- C:\WINDOWS\System32\BJBase_2-2-2_DDR.dll
[2009/06/24 11:00:52 | 000,159,744 | -H-- | C] () -- C:\WINDOWS\System32\ssleay32_1-1-0_DDR.dll
[2009/06/24 10:41:31 | 000,039,424 | -H-- | C] () -- D:\Documents and Settings\JAYEN.SN049851020181\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/24 10:14:18 | 000,082,289 | -H-- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/06/24 10:02:05 | 000,077,824 | RH-- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/06/24 09:58:20 | 000,118,639 | -H-- | C] () -- C:\WINDOWS\hpoins09.dat
[2009/06/24 09:43:39 | 000,001,324 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/24 09:43:17 | 000,198,144 | -H-- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2009/06/24 09:20:17 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/24 09:13:07 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/06/24 09:13:07 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/05/08 10:13:04 | 000,013,584 | -H-- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 16:00:12 | 000,025,624 | -H-- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/02/25 21:58:44 | 003,107,788 | -H-- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/02/25 21:58:44 | 000,887,724 | -H-- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/01/26 18:55:37 | 000,182,995 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/03/09 20:28:40 | 000,011,645 | -H-- | C] () -- C:\WINDOWS\hpomdl09.dat
[2006/03/07 13:35:12 | 000,006,465 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/10/18 12:15:00 | 000,069,632 | -H-- | C] () -- C:\WINDOWS\sm56spn.dll
[2005/10/18 12:15:00 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\sm56jpn.dll
[2005/10/18 12:14:00 | 000,069,632 | -H-- | C] () -- C:\WINDOWS\sm56itl.dll
[2005/10/18 12:14:00 | 000,069,632 | -H-- | C] () -- C:\WINDOWS\sm56eng.dll
[2005/10/18 12:14:00 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\sm56ger.dll
[2005/10/18 12:14:00 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\sm56fra.dll
[2005/10/18 12:13:00 | 000,069,632 | -H-- | C] () -- C:\WINDOWS\sm56brz.dll
[2005/10/18 12:13:00 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\sm56cht.dll
[2005/10/18 12:13:00 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\sm56chs.dll
[2005/08/02 15:24:02 | 000,053,299 | -H-- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2004/08/10 17:13:32 | 000,000,780 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 17:03:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 16:55:57 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 16:48:11 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 16:46:35 | 000,375,264 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 16:38:12 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 16:38:09 | 000,483,904 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 16:38:09 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 16:38:09 | 000,079,918 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 16:38:09 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 16:38:08 | 000,004,613 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 16:38:06 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 16:38:04 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 16:37:57 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 16:37:57 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 16:37:48 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 16:37:40 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/07/07 03:00:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/01/20 18:09:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/31 12:38:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/01/21 21:10:38 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\id Software
[2009/06/26 17:35:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2011/03/26 17:44:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\MFAData
[2010/09/17 11:43:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Nexon
[2009/06/26 15:34:01 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\NexonEU
[2009/06/23 18:26:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\OD2
[2009/06/23 17:43:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/07/28 11:09:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/13 17:44:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/06/23 18:18:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/12/13 17:43:18 | 000,000,000 | -HSD | M] -- D:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/03/25 20:40:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/25 10:15:17 | 000,000,000 | -HSD | M] -- D:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/12/04 21:13:20 | 000,000,000 | -HSD | M] -- D:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011/03/26 20:07:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\BHAVIK.SN049851020181\Application Data\Aksal
[2011/04/30 07:40:31 | 000,000,000 | ---D | M] -- D:\Documents and Settings\BHAVIK.SN049851020181\Application Data\BabylonToolbar
[2010/01/21 21:11:38 | 000,000,000 | ---D | M] -- D:\Documents and Settings\BHAVIK.SN049851020181\Application Data\id Software
[2009/09/20 19:10:59 | 000,000,000 | ---D | M] -- D:\Documents and Settings\BHAVIK.SN049851020181\Application Data\LG Electronics
[2011/03/25 13:19:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\BHAVIK.SN049851020181\Application Data\Peacde
[2010/12/31 16:39:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\BHAVIK.SN049851020181\Application Data\Rainmeter
[2010/12/18 21:00:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\BHAVIK.SN049851020181\Application Data\TuneUp Software
[2009/07/31 21:38:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\BHAVIK.SN049851020181\Application Data\Ulead Systems
[2009/06/23 18:05:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JAYEN\Application Data\Ulead Systems
[2010/10/26 13:29:45 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\aerix
[2009/10/27 15:36:55 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\AeroSnapApp
[2009/07/09 17:02:47 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Any DVD Converter Professional
[2009/06/29 20:11:55 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\AveDesk
[2011/04/29 19:34:25 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\BabylonToolbar
[2009/11/19 20:09:36 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Bump Technologies, Inc
[2009/10/09 17:46:42 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Easy Thumbnails
[2009/06/24 12:58:48 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\LG Electronics
[2010/12/13 17:21:51 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Local
[2010/06/17 18:11:50 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\MatchWare
[2011/03/26 20:27:31 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\QuickScan
[2010/12/29 13:54:33 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Rainmeter
[2010/02/08 20:23:03 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\SmartDraw
[2010/08/08 13:09:17 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Softland
[2011/04/12 19:06:19 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\TuneUp Software
[2009/06/24 09:35:55 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Ulead Systems
[2011/04/11 16:11:59 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\Unity
[2009/06/28 13:43:05 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\JAYEN.SN049851020181\Application Data\vghd
[2010/08/08 13:09:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Softland
[2011/03/16 19:54:45 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\TuneUp Software
[2011/04/01 10:02:49 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\TuneUp Software
[2009/06/24 09:24:26 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 01:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 01:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %Temp%\smtmp\*.* /s >
[2009/06/25 12:12:32 | 000,000,272 | -HS- | M] () -- D:\Documents and Settings\JAYEN.SN049851020181\Local Settings\Temp\smtmp\1\desktop.ini
[2010/07/12 18:17:32 | 000,000,612 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Driving Theory Test Express.lnk
[2009/06/24 10:03:53 | 000,000,869 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\HP Solution Center.lnk
[2009/06/24 09:13:24 | 000,001,481 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\TV ON-OFF.lnk
[2004/08/11 00:59:18 | 000,000,398 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
[2004/08/11 00:54:44 | 000,000,609 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Windows Messenger.lnk
[2010/12/13 17:46:05 | 000,001,434 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
[2011/04/23 12:06:00 | 000,002,181 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
[2004/08/11 00:57:02 | 000,000,150 | -HS- | M] () -- D:\Documents and Settings\JAYEN.SN049851020181\Local Settings\Temp\smtmp\1\Programs\desktop.ini
[2011/03/23 18:38:18 | 000,000,625 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox.lnk
[2011/05/05 19:34:31 | 000,001,628 | -H-- | M] () -- D:\Documents and Settings\JAYEN.SN049851020181\Local Settings\Temp\smtmp\1\Programs\TuneUp Utilities 2011
[2010/12/13 17:46:04 | 000,001,419 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
[2009/10/05 20:20:42 | 000,000,255 | -HS- | M] () -- D:\Documents and Settings\JAYEN.SN049851020181\Local Settings\Temp\smtmp\1\Programs\Accessories\desktop.ini
[2010/12/13 17:46:04 | 000,001,430 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
[2011/03/15 18:50:02 | 000,001,504 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
[2009/10/05 20:20:42 | 000,000,623 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
[2004/08/11 00:54:44 | 000,000,786 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
[2010/12/13 17:46:04 | 000,001,431 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
[2004/08/11 00:54:44 | 000,000,090 | -HS- | M] () -- D:\Documents and Settings\JAYEN.SN049851020181\Local Settings\Temp\smtmp\1\Programs\Accessories\Accessibility\desktop.ini
[2009/06/25 12:13:44 | 000,000,516 | -HS- | M] () -- D:\Documents and Settings\JAYEN.SN049851020181\Local Settings\Temp\smtmp\1\Programs\Accessories\Communications\desktop.ini
[2004/08/11 00:54:44 | 000,000,693 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
[2010/12/13 17:46:04 | 000,001,682 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
[2010/12/13 17:46:04 | 000,001,547 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
[2010/12/13 17:46:04 | 000,001,553 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
[2010/12/13 17:46:04 | 000,001,563 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
[2004/08/11 00:54:44 | 000,000,146 | -HS- | M] () -- D:\Documents and Settings\JAYEN.SN049851020181\Local Settings\Temp\smtmp\1\Programs\Accessories\Entertainment\desktop.ini
[2010/12/13 17:46:04 | 000,001,435 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
[2010/12/13 17:46:04 | 000,001,435 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
[2004/08/11 01:15:40 | 000,000,710 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Microsoft Interactive Training\Microsoft Interactive Training Help.lnk
[2004/08/11 01:15:40 | 000,000,803 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Microsoft Interactive Training\Microsoft Interactive Training.lnk
[2010/12/13 17:46:04 | 000,001,430 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
[2004/08/11 00:59:18 | 000,000,703 | -HS- | M] () -- D:\Documents and Settings\JAYEN.SN049851020181\Local Settings\Temp\smtmp\1\Programs\Accessories\System Tools\desktop.ini
[2010/12/13 17:46:04 | 000,001,439 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
[2010/12/13 17:46:04 | 000,001,487 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
[2010/12/13 17:46:04 | 000,001,492 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
[2010/12/13 17:46:04 | 000,001,678 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
[2004/08/11 00:56:54 | 000,000,977 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
[2010/12/13 17:46:04 | 000,001,511 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
[2004/08/11 00:55:32 | 000,001,489 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
[2010/12/13 17:46:04 | 000,001,515 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
[2010/12/13 17:46:04 | 000,001,509 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
[2004/08/11 00:59:18 | 000,000,476 | -HS- | M] () -- D:\Documents and Settings\JAYEN.SN049851020181\Local Settings\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
[2010/12/13 17:46:04 | 000,001,505 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
[2009/06/24 09:07:28 | 000,000,970 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
[2009/06/24 09:07:28 | 000,001,011 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
[2010/12/13 17:46:04 | 000,001,506 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
[2010/12/13 17:46:04 | 000,001,515 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
[2009/09/18 13:37:52 | 000,000,683 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Adobe\dreamweaver CS4.lnk
[2009/09/18 14:49:32 | 000,000,552 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Adobe\Flash CS4.lnk
[2009/09/18 14:38:13 | 000,000,667 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Adobe\Photoshop CS4.lnk
[2010/07/27 12:00:58 | 000,001,589 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\avast! Free Antivirus\avast! Free Antivirus.lnk
[2010/12/13 17:21:43 | 000,000,706 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\DivX Plus\Check for Updates.lnk
[2011/05/13 20:53:07 | 000,000,708 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\DivX Plus\Codec Settings.lnk
[2011/05/13 20:52:59 | 000,000,672 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\DivX Plus\DivX Plus Converter.lnk
[2011/05/13 20:53:45 | 000,000,648 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\DivX Plus\DivX Plus Player.lnk
[2011/05/13 20:54:17 | 000,001,034 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\DivX Plus\DivX Support.lnk
[2011/05/13 20:54:17 | 000,001,034 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\DivX Plus\Post DivX video to your website.lnk
[2010/12/13 17:21:43 | 000,000,718 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\DivX Plus\Register.lnk
[2011/05/13 20:54:17 | 000,001,040 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\DivX Plus\Why Buy DivX Pro.lnk
[2004/08/11 00:54:44 | 000,000,798 | -HS- | M] () -- D:\Documents and Settings\JAYEN.SN049851020181\Local Settings\Temp\smtmp\1\Programs\Games\desktop.ini
[2010/12/13 17:46:04 | 000,001,435 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
[2010/12/13 17:46:04 | 000,001,433 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
[2004/08/11 00:54:44 | 000,000,820 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
[2004/08/11 00:54:44 | 000,000,820 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
[2004/08/11 00:54:44 | 000,000,820 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
[2004/08/11 00:54:44 | 000,000,820 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
[2004/08/11 00:54:44 | 000,000,820 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
[2010/12/13 17:46:04 | 000,001,430 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
[2004/08/11 00:54:44 | 000,000,792 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
[2010/12/13 17:46:05 | 000,001,414 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
[2010/12/13 17:46:05 | 000,001,419 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
[2011/01/12 11:04:13 | 000,000,665 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Harbor Lights ScSv\Configure Harbor Lights ScSv.lnk
[2011/01/12 11:04:13 | 000,000,507 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Harbor Lights ScSv\Run Harbor Lights ScSv.lnk
[2011/01/12 11:04:13 | 000,000,450 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Harbor Lights ScSv\Uninstall Harbor Lights ScSv.lnk
[2009/06/24 09:43:43 | 000,001,440 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\PowerCinema.lnk
[2004/08/11 00:57:02 | 000,000,693 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\Windows Movie Maker.lnk
[2009/10/02 11:25:45 | 000,001,599 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\DivX\Check for DivX Updates.lnk
[2009/10/02 11:25:44 | 000,001,028 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\DivX\Post DivX video to your website.lnk
[2009/10/02 11:25:44 | 000,001,034 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\DivX\Why Buy DivX Pro.lnk
[2009/10/02 11:25:48 | 000,001,601 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\DivX\DivX Codec\Register Products.lnk
[2009/10/02 11:25:48 | 000,001,018 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\DivX\DivX Codec\Links\Latest DivX Codec news.lnk
[2009/10/02 11:25:48 | 000,001,040 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\DivX\DivX Codec\Links\Learn about DivX Pro Codec.lnk
[2009/10/02 11:25:48 | 000,001,034 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\DivX\DivX Codec\Links\Why Buy DivX Pro.lnk
[2009/10/02 11:26:00 | 000,001,601 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\DivX\DivX Converter\Register Products.lnk
[2009/10/02 11:26:00 | 000,001,032 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\DivX\DivX Converter\Links\Latest DivX Converter news.lnk
[2009/10/02 11:26:00 | 000,001,050 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\DivX\DivX Converter\Links\Learn about DivX Converter.lnk
[2009/10/02 11:26:00 | 000,001,034 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\DivX\DivX Converter\Links\Why Buy DivX Pro.lnk
[2009/06/25 09:51:46 | 000,001,262 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\DivX\DivX Player\Links\Latest DivX Player news.lnk
[2009/06/25 09:51:46 | 000,001,274 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\DivX\DivX Player\Links\Learn about DivX advanced features.lnk
[2009/06/25 09:51:46 | 000,001,316 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\DivX\DivX Player\Links\Learn about DivX Player.lnk
[2009/10/02 11:26:02 | 000,000,669 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\DivX\DivX Plus DirectShow Filters\H264 Decoder Config.lnk
[2009/06/25 09:51:48 | 000,001,298 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\DivX\DivX Web Player\Links\Learn about DivX Web Player.lnk
[2009/10/02 11:25:44 | 000,001,016 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\DivX\Helpful Links\DivX Forums.lnk
[2009/10/02 11:25:44 | 000,001,006 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\DivX\Helpful Links\DivX Labs.lnk
[2009/10/02 11:25:44 | 000,001,020 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\DivX\Helpful Links\DivX Products.lnk
[2009/10/02 11:25:44 | 000,001,028 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\DivX\Helpful Links\DivX Support.lnk
[2009/10/02 11:25:44 | 000,001,030 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\DivX\Helpful Links\Learn about DivX advanced features.lnk
[2009/10/02 11:25:44 | 000,001,026 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\DivX\Helpful Links\Learn about DivX Author.lnk
[2009/10/02 11:25:44 | 000,001,030 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\DivX\Helpful Links\Learn about DivX software.lnk
[2009/10/02 11:25:44 | 000,001,024 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\DivX\Helpful Links\Visit DivX.com.lnk
[2009/10/02 11:25:44 | 000,001,034 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\DivX\Helpful Links\Why Buy DivX Pro.lnk
[2009/06/28 14:06:03 | 000,000,591 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\Total Video Converter\Media Burner.lnk
[2009/06/28 14:06:03 | 000,000,385 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\Total Video Converter\Total Video Converter on the Web.lnk
[2009/06/28 14:06:03 | 000,000,561 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\Total Video Converter\Total Video Player.lnk
[2009/06/28 14:06:03 | 000,000,582 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Home Entertainment\Total Video Converter\Uninstall Total Video Converter.lnk
[2009/06/24 10:05:15 | 000,001,687 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Document Viewer.lnk
[2009/06/24 10:04:13 | 000,001,754 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Photosmart Express.lnk
[2009/06/24 10:04:13 | 000,001,694 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Photosmart Transfer.lnk
[2009/06/24 10:03:45 | 000,000,949 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Product Assistant.lnk
[2009/06/24 10:03:53 | 000,000,869 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Solution Center.lnk
[2009/06/25 11:18:14 | 000,001,705 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\HP\HP Update.lnk
[2009/06/24 10:06:16 | 000,000,741 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart C4100 series\Help.lnk
[2009/06/24 10:06:17 | 000,000,709 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart C4100 series\Product Registration.lnk
[2009/06/24 10:06:16 | 000,000,851 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart C4100 series\Product Support Website.lnk
[2009/06/24 10:06:16 | 000,000,667 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart C4100 series\Readme.lnk
[2009/06/24 10:06:16 | 000,000,982 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\HP\Photosmart C4100 series\Uninstall.lnk
[2009/06/25 09:14:06 | 000,000,087 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Internet & Security\avast! Antivirus\avast! Web Site.url
[2009/07/08 18:04:42 | 000,001,525 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Internet & Security\Mozilla Firefox\Mozilla Firefox (Safe Mode).lnk
[2009/06/25 09:43:36 | 000,000,703 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Internet & Security\Spybot - Search & Destroy\File Shredder.lnk
[2009/06/25 09:43:36 | 000,000,812 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Internet & Security\Spybot - Search & Destroy\Spybot - Search & Destroy.lnk
[2009/06/25 09:43:36 | 000,000,810 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Internet & Security\Spybot - Search & Destroy\Tutorial.lnk
[2009/06/25 09:43:36 | 000,000,828 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Internet & Security\Spybot - Search & Destroy\Uninstall Spybot-S&D.lnk
[2009/06/25 09:43:36 | 000,000,742 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Internet & Security\Spybot - Search & Destroy\Update Spybot-S&D.lnk
[2009/10/05 20:06:17 | 000,002,291 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Logitech\Logitech Webcam Software\Logitech Webcam Software.lnk
[2011/01/08 13:23:47 | 000,002,333 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Access 2010.lnk
[2011/01/08 13:21:47 | 000,002,341 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Excel 2010.lnk
[2011/01/08 13:21:38 | 000,002,345 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk
[2011/01/08 13:21:27 | 000,002,389 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Publisher 2010.lnk
[2011/05/16 20:05:39 | 000,002,379 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Word 2010.lnk
[2011/01/08 13:24:29 | 000,002,365 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk
[2011/01/08 13:24:21 | 000,002,325 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk
[2011/01/08 13:24:34 | 000,002,247 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk
[2011/01/08 13:24:42 | 000,002,283 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk
[2011/01/08 13:24:50 | 000,002,293 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk
[2011/04/11 16:30:26 | 000,001,437 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Nexon\Combat Arms EU.lnk
[2009/06/24 09:19:36 | 000,001,423 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Packard Bell Support\Smart restore.lnk
[2009/06/24 09:19:37 | 000,001,405 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Packard Bell Support\Snapsys.lnk
[2011/03/25 20:38:50 | 000,001,802 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
[2011/03/25 20:38:50 | 000,001,812 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
[2011/03/25 20:38:50 | 000,001,802 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
[2011/03/25 20:38:50 | 000,001,554 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
[2010/12/28 13:43:04 | 000,001,694 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Rainmeter\RainBackup.lnk
[2010/12/28 13:43:04 | 000,001,706 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Rainmeter\RainBrowser.lnk
[2010/12/28 13:43:04 | 000,000,068 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Rainmeter\Rainmeter Help.URL
[2010/12/28 13:43:04 | 000,001,473 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Rainmeter\Rainmeter.lnk
[2010/12/28 13:43:04 | 000,001,706 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Rainmeter\Rainstaller.lnk
[2010/12/28 13:43:04 | 000,001,694 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Rainmeter\RainThemes.lnk
[2010/12/28 13:43:04 | 000,001,456 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Rainmeter\Remove Rainmeter.lnk
[2010/12/31 17:55:25 | 000,000,727 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer Converter.lnk
[2010/12/31 17:55:11 | 000,000,673 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer Trimmer.lnk
[2010/12/31 17:54:35 | 000,000,649 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer.lnk
[2011/01/09 16:05:23 | 000,000,393 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\RocketDock\PunkSoftware.com.lnk
[2011/01/09 16:05:23 | 000,000,666 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\RocketDock\RocketDock Documentation.lnk
[2011/01/09 16:05:23 | 000,000,555 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\RocketDock\RocketDock.lnk
[2011/01/09 16:05:23 | 000,000,549 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\RocketDock\Uninstall RocketDock.lnk
[2004/08/11 00:59:18 | 000,000,084 | -HS- | M] () -- D:\Documents and Settings\JAYEN.SN049851020181\Local Settings\Temp\smtmp\1\Programs\Startup\desktop.ini
[2009/06/24 10:04:26 | 000,001,681 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/12/28 13:43:04 | 000,001,473 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Startup\Rainmeter.lnk
[2011/01/12 11:06:17 | 000,000,649 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Streaker 2\Configure Streaker 2.lnk
[2011/01/12 11:06:17 | 000,000,483 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Streaker 2\Run Streaker 2.lnk
[2011/01/12 11:06:17 | 000,000,450 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Streaker 2\Uninstall Streaker 2.lnk
[2011/05/05 19:34:31 | 000,000,048 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\TuneUp Software Website.url
[2011/05/05 19:34:31 | 000,001,628 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\TuneUp Utilities 2011.lnk
[2011/05/05 19:34:31 | 000,001,388 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\TuneUp Utilities Help.lnk
[2011/05/05 19:34:31 | 000,001,634 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\All functions\TuneUp 1-Click Maintenance.lnk
[2011/05/05 19:34:31 | 000,001,664 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\All functions\TuneUp Disk Doctor.lnk
[2011/05/05 19:34:31 | 000,001,698 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\All functions\TuneUp Disk Space Explorer.lnk
[2011/05/05 19:34:31 | 000,001,653 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\All functions\TuneUp Drive Defrag.lnk
[2011/05/05 19:34:31 | 000,001,682 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\All functions\TuneUp Gain Disk Space.lnk
[2011/05/05 19:34:31 | 000,001,675 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\All functions\TuneUp Live Optimization.lnk
[2011/05/05 19:34:32 | 000,001,618 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\All functions\TuneUp Optimization Report.lnk
[2011/05/05 19:34:31 | 000,001,694 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\All functions\TuneUp Process Manager.lnk
[2011/05/05 19:34:31 | 000,001,762 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\All functions\TuneUp Program Deactivator.lnk
[2011/05/05 19:34:31 | 000,001,717 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\All functions\TuneUp Registry Cleaner.lnk
[2011/05/05 19:34:33 | 000,001,678 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\All functions\TuneUp Registry Defrag.lnk
[2011/05/05 19:34:31 | 000,001,700 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\All functions\TuneUp Registry Editor.lnk
[2011/05/05 19:34:31 | 000,001,660 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\All functions\TuneUp Repair Wizard.lnk
[2011/05/05 19:34:31 | 000,001,670 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\All functions\TuneUp Rescue Center.lnk
[2011/05/05 19:34:32 | 000,001,637 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\All functions\TuneUp Shortcut Cleaner.lnk
[2011/05/05 19:34:32 | 000,001,686 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\All functions\TuneUp Shredder.lnk
[2011/05/05 19:34:32 | 000,001,664 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\All functions\TuneUp StartUp Manager.lnk
[2011/05/05 19:34:32 | 000,001,672 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\All functions\TuneUp StartUp Optimizer.lnk
[2011/05/05 19:34:32 | 000,001,665 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\All functions\TuneUp Styler.lnk
[2011/05/05 19:34:32 | 000,001,657 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\All functions\TuneUp System Control.lnk
[2011/05/05 19:34:32 | 000,001,701 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\All functions\TuneUp System Information.lnk
[2011/05/05 19:34:32 | 000,001,660 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\All functions\TuneUp Undelete.lnk
[2011/05/05 19:34:32 | 000,001,728 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\All functions\TuneUp Uninstall Manager.lnk
[2011/05/05 19:34:32 | 000,001,690 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\TuneUp Utilities 2011\All functions\TuneUp Update Wizard.lnk
[2011/04/21 18:52:18 | 000,000,439 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Visual Task Tips\Uninstall.lnk
[2011/04/21 18:52:18 | 000,000,643 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Visual Task Tips\Visual Task Tips.lnk
[2011/04/21 18:52:18 | 000,000,649 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Visual Task Tips\VisualTaskTips.com.lnk
[2010/12/11 21:48:45 | 000,001,563 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Call.lnk
[2010/12/11 21:49:15 | 000,001,714 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Messenger .lnk
[2009/06/26 12:27:05 | 000,000,600 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\Console RAR manual.lnk
[2009/06/26 12:27:05 | 000,000,613 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\WinRAR help.lnk
[2009/06/26 12:27:05 | 000,000,613 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\WinRAR\WinRAR.lnk
[2010/03/31 19:38:48 | 000,000,687 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\1\Programs\Yahoo! Messenger\Yahoo! Messenger.lnk
[2009/06/24 09:25:24 | 000,000,119 | -HS- | M] () -- D:\Documents and Settings\JAYEN.SN049851020181\Local Settings\Temp\smtmp\2\desktop.ini
[2009/09/04 19:00:18 | 000,000,692 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
[2011/03/23 18:38:18 | 000,000,625 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\2\Mozilla Firefox.lnk
[2009/06/26 21:10:27 | 000,001,669 | -H-- | M] () -- D:\DOCUME~1\JAYEN~1.SN0\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/30 14:18:49 | 000,711,672 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/30 14:18:49 | 000,711,672 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/30 14:18:49 | 000,711,672 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/30 14:18:43 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/30 14:18:43 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/30 14:18:43 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/30 14:18:49 | 000,711,672 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/30 14:18:49 | 000,711,672 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/30 14:18:49 | 000,711,672 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/30 14:18:43 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/30 14:18:43 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/30 14:18:43 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 210 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:0C1EFF69
@Alternate Data Stream - 151 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 118 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8

< End of report >
  • 0

Advertisements


#11
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please follow the steps below:

Step 1

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    :OTL
    O4 - HKU\S-1-5-21-52147570-3994516288-2691582696-1006..\Run: [Pzocafujahoza] File not found
    O4 - HKCU..\Run: [Pzocafujahoza] File not found
    [2011/05/20 12:46:30 | 000,000,136 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\~17751844r
    [2011/05/20 12:46:30 | 000,000,112 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\~17751844
    [2011/05/19 21:28:06 | 000,000,384 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\17751844

    :Files
    ipconfig /flushdns /c

    :Reg

    :Commands
    [purity]
    [resethosts]
    [CREATERESTOREPOINT]
    [Reboot]

  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 2

  • Download the following attachment to your desktop Attached File  restoresm.zip   295bytes   19263 downloads
  • UnZip it on your desktop and run restoresm.bat by double click on it.
  • Wait until program finish and it will close itself.
Step 3

Posted Image Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware.
  • Select the Update tab.
  • Click on Check for Updates button.
  • Click on OK.
  • Select the Scanner tab.
  • Select Perform quick scan, then click on Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

When completed the above, please post back the following in the order asked for:
  • OTL fix
  • MBAM log

  • 0

#12
inferno007

inferno007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
hi i ran the otl fix but i cannot find the report

i had to restart the system but cannot find the report nor the folder u specified

i will now continue with the next steps

thanks again for all your help and fast replays

Edited by inferno007, 20 May 2011 - 12:32 PM.

  • 0

#13
inferno007

inferno007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Hi i ran malwarebyte and scanned
did not find any items

here is the log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6628

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20/05/2011 19:41:55
mbam-log-2011-05-20 (19-41-55).txt

Scan type: Quick scan
Objects scanned: 233968
Time elapsed: 5 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#14
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Try this now:

Quit all running programs and run RogueKiller once again.

  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.
  • 0

#15
inferno007

inferno007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Rkreport.txt:

RogueKiller V5.1.4 [05/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: JAYEN [Admin rights]
Mode: Remove -- Date : 05/20/2011 20:07:00

Bad processes: 1
[SUSP PATH] sm56hlpr.exe -- c:\windows\sm56hlpr.exe -> KILLED

Registry Entries: 1
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> REPLACED (D:\Documents and Settings\JAYEN.SN049851020181\Local Settings\Application Data\Microsoft\Wallpaper1.bmp)

HOSTS File:
1

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP