Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Some services on my Windows Vista is unable to start properly

Started by SiLveR001 , May 21 2011 11:07 AM

  • Please log in to reply

#1
SiLveR001
Posted 21 May 2011 - 11:07 AM

SiLveR001

    Member

  • Member
  • PipPip
  • 46 posts
hi there everyone

thank you for taking your time in reading my post.

i have experienced a problem in my computer which is resulting to lost of internet and firewall.

i thought this was a network problem so i have started a post there, but after a short discussion the case was classified as an infection of a virus/ malware

my guess would be the cause of my problem is being unable to start the services on windows vista whether automatically or manually apparently something is keeping it from activating so i hope someone would help me in this problem

if there are any information i could provide just tell me pls and i would give it as soon as possible.

as for now here is the first post i have made maybe some info might be of used:

http://www.geekstogo...nt-help-please/

and here is the attached otl log along with the extras.

i hope someone could help me out on this and thank you again for your time



OTL logfile created on: 5/22/2011 12:06:53 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.01 Gb Total Space | 3.29 Gb Free Space | 1.13% Space Free | Partition Type: NTFS
Drive D: | 8.08 Gb Total Space | 1.01 Gb Free Space | 12.52% Space Free | Partition Type: NTFS
Drive F: | 7.60 Gb Total Space | 0.09 Gb Free Space | 1.25% Space Free | Partition Type: FAT32

Computer Name: JEFFREY-PC | User Name: † JeFFreY † | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/21 23:55:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2011/01/19 16:23:41 | 000,136,336 | ---- | M] (RockMelt Inc.) -- C:\Users\† JeFFreY †\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
PRC - [2011/01/13 16:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 16:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/12/09 05:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/12/09 03:17:46 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/27 23:36:24 | 000,176,408 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2010/04/20 19:27:26 | 000,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2010/04/20 19:27:26 | 000,140,920 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2010/01/22 07:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/11/11 10:57:36 | 001,451,520 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/10/27 09:15:44 | 000,132,608 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/10/27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/02 18:50:32 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/01/19 15:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 15:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\schtasks.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/04/18 23:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 19:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/09/04 01:32:28 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe


========== Modules (SafeList) ==========

MOD - [2011/05/21 23:55:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2011/01/13 16:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 23:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - [2011/05/18 07:55:12 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011/01/13 16:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/27 23:36:24 | 000,176,408 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/06/23 20:53:52 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/20 19:27:26 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2010/02/26 00:47:00 | 003,489,788 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/01/22 07:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 15:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/09/12 07:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/09/12 07:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/09/12 06:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2006/09/12 06:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/09/04 01:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 14:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/05/11 00:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)


========== Driver Services (SafeList) ==========

DRV - [2011/01/13 16:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 16:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 16:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 16:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 16:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/10/06 11:56:34 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009/10/06 11:56:32 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/10/06 11:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/09/10 14:55:58 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/27 20:44:57 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/05/07 09:55:22 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2005/12/13 01:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\URLSearchHook: {ef13cf4f-2753-470c-88d2-b10effbc2092} - C:\Program Files\HitGrab\tbHitG.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.drp.su/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {ef13cf4f-2753-470c-88d2-b10effbc2092} - C:\Program Files\HitGrab\tbHitG.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:8.6.7.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.3
FF - prefs.js..extensions.enabledItems: [email protected]:4.0
FF - prefs.js..extensions.enabledItems: {916ab64c-bc3e-471b-8e60-29551922a7ba}:1.300.367
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.2.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - prefs.js..keyword.URL: "http://search.freeca...&type=58819&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/12/09 14:24:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox [2010/04/27 09:30:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/08 16:03:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/27 09:35:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/12 22:56:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/12 22:56:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2011/02/24 23:57:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/02 14:19:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/02 14:19:50 | 000,000,000 | ---D | M]

[2008/12/30 20:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Extensions
[2011/05/14 23:17:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions
[2010/04/27 09:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
[2010/04/28 10:17:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/27 15:22:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/27 15:22:37 | 000,000,000 | ---D | M] (MouseHunt Toolbar) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}
[2011/03/27 15:22:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/27 15:22:23 | 000,000,000 | ---D | M] () -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\[email protected]
[2010/03/21 21:00:19 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\[email protected]
[2011/03/27 15:22:40 | 000,000,000 | ---D | M] (Personas) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\[email protected]
[2010/05/13 00:10:56 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\[email protected]
[2011/03/27 15:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}\chrome\content\dca\core\extensionManager
[2009/08/09 08:15:21 | 000,009,949 | ---- | M] () -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\searchplugins\mywebsearch.xml
[2011/02/25 14:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/03 22:16:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/02/25 14:47:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2008/12/30 20:42:32 | 000,000,000 | ---D | M] (Download Accelerator Plus Integration) -- C:\PROGRAM FILES\DAP\DAPFIREFOX
[2010/12/12 22:56:00 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2010/12/12 22:56:00 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/04/27 09:30:12 | 000,000,000 | ---D | M] (SpeedBit Video Downloader) -- C:\PROGRAM FILES\SPEEDBIT VIDEO DOWNLOADER\SPFIREFOX
[2011/02/24 23:57:02 | 000,000,000 | ---D | M] (iWinGames Plugin) -- C:\PROGRAMDATA\IWIN GAMES\FIREFOX
[2010/04/27 09:35:15 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\USERS\€  JEFFREY € \APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q1DIO9K3.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\USERS\€  JEFFREY € \APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q1DIO9K3.DEFAULT\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
File not found (No name found) -- C:\USERS\€  JEFFREY € \APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q1DIO9K3.DEFAULT\EXTENSIONS\{916AB64C-BC3E-471B-8E60-29551922A7BA}
File not found (No name found) -- C:\USERS\€  JEFFREY € \APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q1DIO9K3.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}
File not found (No name found) -- C:\USERS\€  JEFFREY € \APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q1DIO9K3.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\€  JEFFREY € \APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q1DIO9K3.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\€  JEFFREY € \APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q1DIO9K3.DEFAULT\EXTENSIONS\[email protected]
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/12/31 00:33:17 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2010/07/17 17:00:02 | 000,412,119 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14243 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SBCONVERT Class) - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (SBCONVERT Class) - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (HitGrab Toolbar) - {ef13cf4f-2753-470c-88d2-b10effbc2092} - C:\Program Files\HitGrab\tbHitG.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (HitGrab Toolbar) - {ef13cf4f-2753-470c-88d2-b10effbc2092} - C:\Program Files\HitGrab\tbHitG.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (HitGrab Toolbar) - {EF13CF4F-2753-470C-88D2-B10EFFBC2092} - C:\Program Files\HitGrab\tbHitG.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [ProcessTamer] C:\Program Files\ProcessTamer\ProcessTamerTray.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [RockMelt Update] C:\Users\† JeFFreY †\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\† JeFFreY †\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\† JeFFreY †\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/01 11:00:36 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3d655d47-8fdf-11df-84fa-001d6032885c}\Shell - "" = AutoRun
O33 - MountPoints2\{3f92bb81-92fc-11de-a5ca-001d6032885c}\Shell\AutoRun\command - "" = wscript.exe auto.vbs
O33 - MountPoints2\{3f92bb81-92fc-11de-a5ca-001d6032885c}\Shell\Open\Command - "" = wscript.exe auto.vbs
O33 - MountPoints2\{532abd14-98ce-11de-bcb8-001d6032885c}\Shell - "" = AutoRun
O33 - MountPoints2\{7e4ed86e-2760-11df-a2bf-001d6032885c}\Shell\open\command - "" = K:\.\texar/texar32.exe
O33 - MountPoints2\{895e166f-d64f-11dd-9ce0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{895e166f-d64f-11dd-9ce0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\tools\start.cmd
O33 - MountPoints2\{a5a73270-977f-11de-8123-001d6032885c}\Shell\AutoRun\command - "" = cdyznx.exe
O33 - MountPoints2\{a5a73270-977f-11de-8123-001d6032885c}\Shell\explore\Command - "" = cdyznx.exe
O33 - MountPoints2\{a5a73270-977f-11de-8123-001d6032885c}\Shell\open\Command - "" = cdyznx.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/19 20:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft
[2011/05/19 20:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\ReviverSoft
[2011/05/19 20:50:55 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\Desktop\Registry Reviver 1.2.61 Software + Crack
[2011/05/19 20:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2011/05/16 22:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
[2011/05/04 23:36:05 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\oni
[2011/05/04 23:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CosmicBreak_eng
[2011/05/04 23:34:14 | 000,000,000 | ---D | C] -- C:\CyberStep
[2011/05/04 15:34:40 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite
[2011/05/04 15:34:30 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\AppData\Roaming\WindSolutions
[2011/05/04 15:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2011/05/03 09:09:31 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\Desktop\files
[2011/04/29 00:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/04/23 18:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/23 18:33:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/23 18:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/23 18:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2049/12/31 16:00:00 | 000,021,387 | ---- | M] () -- C:\Users\† JeFFreY †\Documents\title.jpg
[2049/12/31 16:00:00 | 000,018,370 | ---- | M] () -- C:\Users\† JeFFreY †\Documents\poe1.jpg
[2049/12/31 16:00:00 | 000,005,987 | ---- | M] () -- C:\Users\† JeFFreY †\Documents\tale1.jpg
[2011/05/22 00:52:22 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/22 00:28:31 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4081209011-159311198-1283252144-1001UA.job
[2011/05/21 23:55:48 | 000,037,493 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/05/21 23:55:48 | 000,037,493 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/21 23:52:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ca5a13c7ed8130.job
[2011/05/21 23:52:36 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/05/21 23:52:33 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/21 23:52:33 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/21 23:52:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/21 23:52:19 | 2682,769,408 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/21 16:28:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4081209011-159311198-1283252144-1001Core.job
[2011/05/21 09:57:57 | 000,047,970 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\Untitled.jpg
[2011/05/20 00:11:31 | 000,092,672 | ---- | M] () -- C:\Users\† JeFFreY †\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/19 20:53:01 | 000,617,086 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/19 20:53:01 | 000,111,660 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/19 20:52:16 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\Registry Reviver.lnk
[2011/05/18 07:01:18 | 000,000,905 | ---- | M] () -- C:\Users\† JeFFreY †\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/17 13:41:39 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/05/17 13:41:39 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/05/17 13:41:19 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/17 07:38:44 | 000,001,985 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\RockMelt.lnk
[2011/05/17 07:38:44 | 000,001,947 | ---- | M] () -- C:\Users\† JeFFreY †\Application Data\Microsoft\Internet Explorer\Quick Launch\RockMelt.lnk
[2011/05/15 09:53:46 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/05/04 23:35:34 | 000,000,758 | ---- | M] () -- C:\Users\Public\Desktop\Cosmic Break.lnk
[2011/05/04 18:49:14 | 021,356,738 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\Secret - One Republic.avi
[2011/05/04 18:49:06 | 019,388,152 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\Secret (Instr.).avi
[2011/05/04 16:19:36 | 000,087,566 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\kitty.jpg
[2011/05/04 16:18:05 | 000,036,816 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\kimoradee.jpg
[2011/05/04 15:34:41 | 000,001,342 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\CopyTrans Control Center.lnk
[2011/04/30 16:49:34 | 000,000,021 | ---- | M] () -- C:\Config.ini
[2011/04/29 14:46:56 | 080,996,138 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\Rain - Love Song.mp4
[2011/04/29 14:30:44 | 078,485,643 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\Rain - Love Story.mp4
[2011/04/29 00:28:59 | 000,000,821 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/04/27 19:11:29 | 006,807,552 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\I Cannot Forgive-Cha Soo Kyung.mp3
[2011/04/24 00:07:54 | 000,000,004 | ---- | M] () -- C:\VERSION.CFG
[2011/04/23 18:34:36 | 000,001,626 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/21 09:57:57 | 000,047,970 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\Untitled.jpg
[2011/05/19 20:52:16 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\Registry Reviver.lnk
[2011/05/17 13:41:19 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/04 23:35:34 | 000,000,758 | ---- | C] () -- C:\Users\Public\Desktop\Cosmic Break.lnk
[2011/05/04 23:34:14 | 000,000,053 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\CosmicBreak.com.URL
[2011/05/04 16:19:36 | 000,087,566 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\kitty.jpg
[2011/05/04 16:18:05 | 000,036,816 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\kimoradee.jpg
[2011/05/04 15:34:41 | 000,001,342 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\CopyTrans Control Center.lnk
[2011/04/29 14:43:18 | 080,996,138 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\Rain - Love Song.mp4
[2011/04/29 14:25:02 | 078,485,643 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\Rain - Love Story.mp4
[2011/04/29 11:49:30 | 054,069,357 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\[MV] Rain - Love Story (Part 1) (Starring Ha Ji Won) (HoneyJoo.com).wmv
[2011/04/29 11:49:22 | 046,224,250 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\Rain - Love Song MV (iHoneyJoo.com).wmv
[2011/04/29 00:28:59 | 000,000,821 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/04/27 17:40:48 | 006,807,552 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\I Cannot Forgive-Cha Soo Kyung.mp3
[2011/04/23 18:34:36 | 000,001,626 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/19 22:49:34 | 000,037,493 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/11/19 22:49:32 | 000,037,493 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/10/30 16:44:47 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2010/03/30 13:55:27 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_processtamer_InstallInfo.dat
[2010/03/30 13:55:27 | 000,000,046 | ---- | C] () -- C:\Users\† JeFFreY †\AppData\Local\DonationCoder_processtamer_InstallInfo.dat
[2010/03/14 00:46:49 | 000,001,025 | ---- | C] () -- C:\Windows\wininit.ini
[2010/03/11 15:54:56 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/03/11 15:54:56 | 000,763,832 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/03/08 16:02:57 | 000,023,090 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/09/11 18:50:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/11 18:50:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/04 08:12:54 | 000,026,340 | ---- | C] () -- C:\Users\† JeFFreY †\AppData\Roaming\UserTile.png
[2009/08/16 22:45:35 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/07/01 16:30:54 | 000,008,620 | ---- | C] () -- C:\Users\† JeFFreY †\AppData\Local\d3d9caps.dat
[2009/05/26 23:29:29 | 000,164,978 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/05/10 16:45:15 | 000,008,553 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009/05/03 13:53:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/02/28 18:01:03 | 000,004,879 | ---- | C] () -- C:\ProgramData\qxnaarlh.aho
[2009/02/28 18:00:32 | 000,004,879 | ---- | C] () -- C:\ProgramData\rxnaarlh.aho
[2009/02/28 18:00:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\3880407553
[2009/01/14 15:09:40 | 000,000,003 | ---- | C] () -- C:\ProgramData\NOD.dll
[2009/01/06 15:54:53 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009/01/03 19:56:46 | 000,137,623 | ---- | C] () -- C:\Windows\HPHins15.dat
[2009/01/02 23:32:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/02 11:00:59 | 000,092,672 | ---- | C] () -- C:\Users\† JeFFreY †\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/02 09:51:43 | 000,000,552 | ---- | C] () -- C:\Users\† JeFFreY †\AppData\Local\d3d8caps.dat
[2009/01/01 10:52:01 | 000,000,004 | ---- | C] () -- C:\Windows\System32\XPerWin.dll
[2009/01/01 10:51:57 | 000,000,037 | ---- | C] () -- C:\Windows\System32\xsystem.dll
[2007/08/01 10:52:09 | 000,107,026 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/01 10:27:33 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/08/01 10:25:07 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/08/01 10:25:07 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/06/07 16:56:07 | 000,002,828 | ---- | C] () -- C:\Windows\hphmdl15.dat
[2007/05/14 20:28:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 14:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 14:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 20:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 20:47:37 | 000,506,608 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 20:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:33:01 | 000,617,086 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 18:33:01 | 000,111,660 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/24 01:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2005/12/08 15:19:22 | 000,061,440 | ---- | C] () -- C:\Windows\System32\EGamesPlugin.dll
[2005/12/08 15:19:22 | 000,036,864 | ---- | C] () -- C:\Windows\System32\EGameEncrypt.dll

========== LOP Check ==========

[2010/11/20 21:30:24 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\2K Sports
[2010/06/23 22:04:56 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Autodesk
[2009/03/28 16:11:01 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Boolat Games
[2009/07/27 21:35:51 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\DAEMON Tools Lite
[2010/03/30 13:55:28 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\DonationCoder
[2010/03/10 20:46:43 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Facebook
[2010/07/28 21:07:58 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\FreeFLVConverter
[2010/05/03 21:04:34 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\freshgames
[2009/01/26 07:10:19 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\GameHouse
[2010/04/04 20:57:04 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\GlarySoft
[2011/04/10 09:21:59 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Hotdog Hotshot
[2009/02/12 22:12:40 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Image Zone Express
[2010/11/07 15:24:34 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\InterTrust
[2010/04/24 00:23:14 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\LimeWire
[2010/12/12 22:56:07 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Local
[2008/12/30 17:34:41 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\MRTalk
[2009/03/01 08:56:37 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Nexon
[2010/08/26 17:49:13 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Nokia
[2011/04/14 03:13:15 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Opera
[2009/08/25 20:40:22 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\PC Suite
[2009/09/04 08:12:53 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\PeerNetworking
[2010/05/04 09:51:02 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\PlayFirst
[2009/02/12 22:12:39 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Printer Info Cache
[2011/03/22 01:40:44 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Publish Providers
[2011/03/18 20:07:24 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Rovio
[2011/03/22 01:50:35 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Sony
[2011/05/04 16:08:26 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\uTorrent
[2008/12/31 18:35:25 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\WinBatch
[2011/05/04 16:05:59 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\WindSolutions
[2009/05/03 14:37:54 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Zen of Sudoku
[2011/05/21 23:52:36 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2011/05/21 16:28:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\Tasks\RockMeltUpdateTaskUserS-1-5-21-4081209011-159311198-1283252144-1001Core.job
[2011/05/22 00:28:31 | 000,000,952 | ---- | M] () -- C:\WINDOWS\Tasks\RockMeltUpdateTaskUserS-1-5-21-4081209011-159311198-1283252144-1001UA.job
[2011/05/21 21:03:56 | 000,032,656 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/04/29 14:43:01 | 104,777,847 | ---- | M] ()(C:\Users\† JeFFreY †\Desktop\Bi Rain (?) - In My Bed.mp4) -- C:\Users\† JeFFreY †\Desktop\Bi Rain (비) - In My Bed.mp4
[2011/04/29 14:33:02 | 104,777,847 | ---- | C] ()(C:\Users\† JeFFreY †\Desktop\Bi Rain (?) - In My Bed.mp4) -- C:\Users\† JeFFreY †\Desktop\Bi Rain (비) - In My Bed.mp4
[2011/04/29 11:48:21 | 058,687,538 | ---- | M] ()(C:\Users\† JeFFreY †\Desktop\[MV-HQ] Bi Rain (?) - In My Bed.mp4) -- C:\Users\† JeFFreY †\Desktop\[MV-HQ] Bi Rain (비) - In My Bed.mp4
[2011/04/29 11:33:00 | 058,687,538 | ---- | C] ()(C:\Users\† JeFFreY †\Desktop\[MV-HQ] Bi Rain (?) - In My Bed.mp4) -- C:\Users\† JeFFreY †\Desktop\[MV-HQ] Bi Rain (비) - In My Bed.mp4
[2011/03/13 01:58:32 | 006,247,280 | ---- | M] ()(C:\Users\† JeFFreY †\Desktop\???OP?irony???????????????????.mp3) -- C:\Users\† JeFFreY †\Desktop\【俺妹OP】ironyを初音ミクに歌ってもらいました【フル】.mp3
[2011/03/07 23:18:27 | 002,972,672 | ---- | M] ()(C:\Users\† JeFFreY †\Desktop\?????.pps) -- C:\Users\† JeFFreY †\Desktop\很好的短信.pps
[2011/03/07 23:13:32 | 002,972,672 | ---- | C] ()(C:\Users\† JeFFreY †\Desktop\?????.pps) -- C:\Users\† JeFFreY †\Desktop\很好的短信.pps
[2011/02/18 22:46:20 | 010,480,788 | ---- | M] ()(C:\Users\† JeFFreY †\Desktop\???_????????????????.mp3) -- C:\Users\† JeFFreY †\Desktop\大合唱_鏡音リンオリジナル曲『炉心融解』.mp3
[2011/02/18 21:42:37 | 010,480,788 | ---- | C] ()(C:\Users\† JeFFreY †\Desktop\???_????????????????.mp3) -- C:\Users\† JeFFreY †\Desktop\大合唱_鏡音リンオリジナル曲『炉心融解』.mp3
[2010/11/08 14:30:22 | 006,247,280 | ---- | C] ()(C:\Users\† JeFFreY †\Desktop\???OP?irony???????????????????.mp3) -- C:\Users\† JeFFreY †\Desktop\【俺妹OP】ironyを初音ミクに歌ってもらいました【フル】.mp3

========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:DDEB08FD
@Alternate Data Stream - 64 bytes -> C:\Users\† JeFFreY †\Desktop\Secret (Instr.).avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\† JeFFreY †\Desktop\Secret - One Republic.avi:TOC.WMV
@Alternate Data Stream - 305 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:9547F1DB
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B557E3E7
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B0E38115
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A18121AD
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:04BB186B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3F6BE44B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A5264343
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8511DA13
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:84512B49
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5BDD0820
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:DA3C6C07
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:A9662AE0
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ADF211B1

< End of report >




OTL Extras logfile created on: 5/22/2011 12:06:53 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.01 Gb Total Space | 3.29 Gb Free Space | 1.13% Space Free | Partition Type: NTFS
Drive D: | 8.08 Gb Total Space | 1.01 Gb Free Space | 12.52% Space Free | Partition Type: NTFS
Drive F: | 7.60 Gb Total Space | 0.09 Gb Free Space | 1.25% Space Free | Partition Type: FAT32

Computer Name: JEFFREY-PC | User Name: † JeFFreY † | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Persona\Persona.exe" = C:\Program Files\Persona\Persona.exe:*:Enabled:Persona -- (CDNetworks Co.,Ltd)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}" = HP Active Support Library
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{14AF024E-2E3B-49D0-A175-D1C1A06B155A}" = muvee autoProducer 6.0
"{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Extinct Animals
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2F467E6E-F7D2-43cc-91B9-4FCC105AE30D}" = D2400
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34DAFDEC-A4B4-488A-A5CD-C91975A6F083}" = MediaRing Talk
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D281B1C-BF39-4893-B32A-EAB3B84BDE34}" = Audition
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-9001-0409-0002-0060B0CE6BBA}" = AutoCAD 2011 - English
"{5783F2D7-9001-0409-1002-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - English
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D592E30-11EC-11E0-859C-0013D3D69929}" = Vegas Pro 10.0
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{6EB6C056-02BB-453E-8448-EC90B9794180}" = Nokia Multimedia Common Components 2.4
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{7506D1CD-B7FE-40C7-AE1F-FE8666361700}" = Dynasty Warriors 6
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110194827}" = Jewel Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110294723}" = Mah Jong Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110379827}" = Wonderland - Secret Worlds
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11109097}" = Luxor - Amun Rising
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111142333}" = Fish Tycoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111177437}" = Mahjong Match
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11123740}" = Atlantis Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111263673}" = Treasures of the Deep
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111264743}" = Four Houses
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111265347}" = Luxor
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111271497}" = Mystery Case Files - Prime Suspects
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111282737}" = Scrubbles
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111286280}" = Spin and Play
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111318690}" = Teddy Factory
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111319267}" = Mystic Inn
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11146090}" = Big Kahuna Reef 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353}" = Dynasty
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111730193}" = Star Defender 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111837550}" = Slingo Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11187383}" = Rainbow Mystery
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111998970}" = Jewel Match
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112050487}" = Wonderful Wizard of Oz
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112205973}" = Magic Match 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112245540}" = Zen of Sudoku
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112376770}" = Virtual Villagers The Lost Children
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87885939-F824-42bf-B790-231B1E8EF2BB}" = dj_sf_software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F5ED175-D5B5-4126-B29B-719ED9699F85}" = Audition Agent
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9521B818-19CE-4d28-8200-DD26133E19E6}" = D2400_Help
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99E16265-E162-43E7-B3C5-D28640E23AE9}" = PSP ISO Shrink
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B28B351F-1232-46EA-85EF-B8EA91641033}" = Nero 7 Essentials
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}" = LightScribe 1.6.45.1
"{BBD9FAD7-F782-4548-B00F-E612322950F6}" = MYGAME Launcher(Remove Only)
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C1C910A7-0B89-4260-8845-FE221D9285E8}_is1" = PC Chrono 1.1.0.6
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D03C8C11-5327-4C1E-89C3-EBDD17B1BB10}" = Registry Reviver
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DC432844-6914-4421-910C-F1B05B3A761C}" = Nokia Music
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC48376E-5D6C-40AE-A226-1D3AC8BDA60F}" = AuditionSEA
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F5936267-D467-4e7b-8940-A7D9F0398EF3}" = HP Deskjet Printer Driver Software 9.0
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}" = Nokia Software Updater
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Aquapolis 1.00" = Aquapolis 1.00
"Ask Toolbar_is1" = Ask Toolbar
"Audition" = Audition 1.31.0.0
"AutoCAD 2011 - English" = AutoCAD 2011 - English
"avast5" = avast! Free Antivirus
"Avenue Flo ." = Avenue Flo .
"Azkend" = Azkend
"BFG-Alice Greenfingers" = Alice Greenfingers
"BFG-Alice Greenfingers 2" = Alice Greenfingers 2
"BFGC" = Big Fish Games: Game Manager
"BFG-Hotdog Hotshot" = Hotdog Hotshot
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Carnival Mania" = Carnival Mania
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"CleanMem" = CleanMem
"CosmicBreak_eng" = CosmicBreak_eng
"Digsby" = Digsby
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"FamilyFeudOnlineParty" = FamilyFeudOnlineParty (remove only)
"FastStone Image Viewer" = FastStone Image Viewer 3.9
"Free FLV Converter_is1" = Free FLV Converter V 6.91.0
"gBurner" = gBurner
"Glary Utilities_is1" = Glary Utilities 2.21.0.863
"Globe Broadband" = Globe Broadband
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HitGrab Toolbar" = HitGrab Toolbar
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"Ice Cream Craze - Tycoon Takeover_is1" = Ice Cream Craze - Tycoon Takeover
"InstallShield_{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Extinct Animals
"Intel® Configuration Center" = Intel® Viiv™ Software
"iWinArcade" = iWin Games (remove only)
"LimeWire" = LimeWire PRO 4.18.8
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"MahjongClubClient" = Mahjong Club (uninstall only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"Opera 11.10.2092" = Opera 11.10
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"Pangya" = Pangya (Ntreev USA)
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Persona" = Hybrid Downloader 1,0,2,6
"Process Tamer_is1" = Process Tamer 2.11.01
"Ranch Rush 2 Collectors Edition 1.0" = Ranch Rush 2 Collectors Edition 1.0
"RealPlayer 12.0" = RealPlayer
"RegistryReviver" = Registry Reviver
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"Spyware Doctor" = Spyware Doctor 7.0
"ST6UNST #1" = Date Cracker 2000
"ST6UNST #2" = OMFGZ Infinite Dll Injector
"The Dash Slipper (Diner Dash Hometown Hero - Gourmet)" = The Dash Slipper (Diner Dash Hometown Hero - Gourmet)
"Tower Bloxx Deluxe 1.00" = Tower Bloxx Deluxe 1.00
"Tower Bloxx Deluxe1.0" = Tower Bloxx Deluxe
"Tropical Farm_is1" = Tropical Farm
"Veoh Web Player Beta" = Veoh Web Player
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.9
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite Remove Only
"Facebook Plug-In" = Facebook Plug-In
"InstallShield_{7506D1CD-B7FE-40C7-AE1F-FE8666361700}" = DYNASTY WARRIORS 6
"RockMelt" = RockMelt
"uTorrent" = µTorrent
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.2

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/20/2009 8:17:46 PM | Computer Name = JeFFreY-PC | Source = avast! | ID = 33554522
Description =

Error - 11/21/2009 1:03:48 AM | Computer Name = JeFFreY-PC | Source = avast! | ID = 33554522
Description =

Error - 1/13/2010 6:42:16 PM | Computer Name = JeFFreY-PC | Source = avast! | ID = 33554522
Description =

Error - 1/19/2010 6:31:05 PM | Computer Name = JeFFreY-PC | Source = avast! | ID = 33554522
Description =

Error - 1/20/2010 6:36:35 PM | Computer Name = JeFFreY-PC | Source = avast! | ID = 33554522
Description =

Error - 2/13/2010 9:26:23 AM | Computer Name = JeFFreY-PC | Source = avast! | ID = 33554522
Description =

Error - 2/17/2010 6:54:54 AM | Computer Name = JeFFreY-PC | Source = avast! | ID = 33554522
Description =

Error - 2/17/2010 6:54:56 AM | Computer Name = JeFFreY-PC | Source = avast! | ID = 33554522
Description =

Error - 3/4/2010 5:40:25 PM | Computer Name = JeFFreY-PC | Source = avast! | ID = 33554522
Description =

Error - 3/30/2010 10:01:49 AM | Computer Name = JeFFreY-PC | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 5/21/2011 12:14:23 PM | Computer Name = JeFFreY-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x80070422

Error - 5/21/2011 12:19:23 PM | Computer Name = JeFFreY-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x80070422

Error - 5/21/2011 12:24:23 PM | Computer Name = JeFFreY-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x80070422

Error - 5/21/2011 12:28:15 PM | Computer Name = JeFFreY-PC | Source = Google Update | ID = 20
Description =

Error - 5/21/2011 12:29:23 PM | Computer Name = JeFFreY-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x80070422

Error - 5/21/2011 12:34:23 PM | Computer Name = JeFFreY-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x80070422

Error - 5/21/2011 12:39:23 PM | Computer Name = JeFFreY-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x80070422

Error - 5/21/2011 12:44:24 PM | Computer Name = JeFFreY-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x80070422

Error - 5/21/2011 12:49:24 PM | Computer Name = JeFFreY-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x80070422

Error - 5/21/2011 12:54:24 PM | Computer Name = JeFFreY-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x80070422

[ IntelDH Events ]
Error - 1/9/2011 11:05:12 AM | Computer Name = JeFFreY-PC | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 1/23/2011 11:46:12 AM | Computer Name = JeFFreY-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to create
the DataManager

Error - 1/23/2011 11:46:12 AM | Computer Name = JeFFreY-PC | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 2/6/2011 12:31:00 PM | Computer Name = JeFFreY-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to create
the DataManager

Error - 2/6/2011 12:31:00 PM | Computer Name = JeFFreY-PC | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 4/18/2011 8:54:42 AM | Computer Name = JeFFreY-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to create
the DataManager

Error - 4/18/2011 8:54:42 AM | Computer Name = JeFFreY-PC | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 4/25/2011 9:28:37 AM | Computer Name = JeFFreY-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to create
the DataManager

Error - 4/25/2011 9:28:37 AM | Computer Name = JeFFreY-PC | Source = UIMgr | ID = 17
Description = A CCU interface function returned an error: CCUUIManager could not
create an instance of the CCU Engine

Error - 5/16/2011 10:21:07 AM | Computer Name = JeFFreY-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to create
the DataManager

[ OSession Events ]
Error - 7/17/2009 11:21:39 AM | Computer Name = JeFFreY-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2607
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/22/2010 11:13:48 PM | Computer Name = JeFFreY-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 177
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/21/2011 12:28:23 PM | Computer Name = JeFFreY-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 5/21/2011 12:28:23 PM | Computer Name = JeFFreY-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 5/21/2011 12:52:01 PM | Computer Name = JeFFreY-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 5/21/2011 12:52:01 PM | Computer Name = JeFFreY-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 5/21/2011 12:52:03 PM | Computer Name = JeFFreY-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 5/21/2011 12:52:03 PM | Computer Name = JeFFreY-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 5/21/2011 12:52:11 PM | Computer Name = JeFFreY-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 5/21/2011 12:52:11 PM | Computer Name = JeFFreY-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 5/21/2011 12:52:14 PM | Computer Name = JeFFreY-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 5/21/2011 12:52:14 PM | Computer Name = JeFFreY-PC | Source = Service Control Manager | ID = 7023
Description =


< End of report >

Edited by michaelg9, 27 May 2011 - 11:37 AM.
Please don't attach your logs, just post them

  • 0

Advertisements

#2
michaelg9
Posted 27 May 2011 - 11:38 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hi :unsure:
:yes: . My name is Michael and I am here to help you fix your computer. :)
If you have already received help elsewhere please inform me so that this topic can be closed.
If you haven't, please keep reading:
Note: Before we start the process you should:
  • POST your logs, don't attach them, as it makes it harder to read.
  • Save or print these instructions as a part of the fix will be in safe mode where you will not be able to access the internet.
  • Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
  • Each time I instruct you to download a file to use it, please do it even if I have told you before to download it again. This is because these tools are frequently updated to detect newer infections.
  • Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.


Sorry for the late reply. Do you still need help? If yes then continue:



Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
SiLveR001
Posted 28 May 2011 - 07:42 AM

SiLveR001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
hi there thanks for replying :)

here is the log i got from the scan:


ComboFix 11-05-27.02 - † JeFFreY † 05/28/2011 20:36:28.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.63.1033.18.2558.1542 [GMT 8:00]
Running from: c:\users\å JeFFreY å\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
c:\users\† JeFFreY †\AppData\Roaming\Local
c:\users\Public\Audition Digital Soul .mp3
c:\users\Public\AUDITION_6091to6092.exe
c:\users\Public\AuditionSEA_setup6090.exe
c:\users\Public\BuildItMiamiBeachResortSetup.exe
c:\users\Public\CosmicBreakSetup_eng(1).exe
c:\users\Public\MahjongClubSetup.exe
c:\windows\inf\Winio.bat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ILVMONEYDRIVER53
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-28 )))))))))))))))))))))))))))))))
.
.
2011-05-28 12:53 . 2011-05-28 12:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-28 12:32 . 2011-05-28 12:32 -------- d-----w- C:\32788R22FWJFW
2011-05-28 11:53 . 2011-05-28 11:53 -------- d-----w- c:\users\† JeFFreY †\AppData\Local\Apple
2011-05-28 01:12 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{05E36754-0537-472D-BDA2-24721A5A188A}\mpengine.dll
2011-05-27 10:00 . 2011-05-27 10:00 -------- d-----w- c:\users\† JeFFreY †\AppData\Local\Adobe
2011-05-23 05:13 . 2011-05-23 05:13 -------- d-----w- c:\users\† JeFFreY †\AppData\Roaming\SUPERAntiSpyware.com
2011-05-23 05:13 . 2011-05-23 05:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-23 05:12 . 2011-05-24 08:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-23 05:02 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-23 05:02 . 2011-04-14 16:25 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-05-23 05:02 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-23 05:02 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-23 05:02 . 2011-04-14 16:25 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-05-23 05:02 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-23 05:02 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-23 05:02 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-23 05:02 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-23 05:02 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-22 15:09 . 2011-05-22 15:09 -------- d-----w- c:\users\† JeFFreY †\AppData\Local\ElevatedDiagnostics
2011-05-19 12:52 . 2011-05-19 12:52 -------- d-----w- c:\program files\ReviverSoft
2011-05-19 12:17 . 2011-05-19 12:26 -------- d-----w- c:\program files\Microsoft ATS
2011-05-11 22:53 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-08 12:34 . 2011-05-08 13:50 -------- d-----w- c:\users\Public\barbie 2
2011-05-04 15:36 . 2011-05-04 15:36 -------- d-----w- c:\users\† JeFFreY †\oni
2011-05-04 15:34 . 2011-05-04 15:34 -------- d-----w- C:\CyberStep
2011-05-04 07:34 . 2011-05-04 08:05 -------- d-----w- c:\users\† JeFFreY †\AppData\Roaming\WindSolutions
2011-05-04 07:34 . 2011-05-04 08:05 -------- d-----w- c:\programdata\WindSolutions
2011-05-04 00:38 . 2011-05-04 02:49 -------- d-----w- c:\users\Public\Barbie
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 08:20 . 2011-04-06 08:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 08:20 . 2011-04-06 08:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-13 02:01 . 2010-06-24 03:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-12 21:55 . 2011-04-28 05:18 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-15 04:34 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 04:34 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-15 04:34 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-28 05:31 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-03 15:40 . 2011-04-28 05:31 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 05:31 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 05:31 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 05:31 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:35 . 2011-04-28 05:31 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 13:25 . 2011-04-15 04:34 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-15 04:34 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-14 16:26 . 2011-05-23 05:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ef13cf4f-2753-470c-88d2-b10effbc2092}"= "c:\program files\HitGrab\tbHitG.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{ef13cf4f-2753-470c-88d2-b10effbc2092}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-01-02 03:06 365960 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ef13cf4f-2753-470c-88d2-b10effbc2092}]
2010-06-13 11:10 2734688 ----a-w- c:\program files\HitGrab\tbHitG.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-01-02 365960]
"{ef13cf4f-2753-470c-88d2-b10effbc2092}"= "c:\program files\HitGrab\tbHitG.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{ef13cf4f-2753-470c-88d2-b10effbc2092}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-01-02 365960]
"{EF13CF4F-2753-470C-88D2-B10EFFBC2092}"= "c:\program files\HitGrab\tbHitG.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{ef13cf4f-2753-470c-88d2-b10effbc2092}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"RockMelt Update"="c:\users\† JeFFreY †\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2011-01-19 136336]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-24 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ProcessTamer"="c:\program files\ProcessTamer\ProcessTamerTray.exe" [2009-03-27 163840]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-27 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-27 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-27 133656]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
.
c:\users\+ JeFFreY +\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 10:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 03:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 02:17 5252408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2009-07-22 11:16 2331936 ----a-w- c:\program files\Nokia\Nokia Music\NokiaMusic.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 02:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 09:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-27 01:33 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9e6899f40c30b;Google Update Service (gupdate1c9e6899f40c30b);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-06 133104]
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-06 133104]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-10-06 136704]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-10-06 8320]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-25 3489788]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-27 721904]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-21 112592]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
S2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [2010-09-27 176408]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe [2010-04-20 300656]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-28 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-04-04 05:03]
.
2011-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca5a13c7ed8130.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-06 09:30]
.
2011-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-06 09:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.drp.su/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_PH&c=74&bd=Pavilion&pf=desktop
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{54C1C1DB-8C92-4E21-9725-9FD813E3AE1B}: NameServer = 208.67.220.220,208.67.222.222
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58819&p=
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{3017FB3E-9A77-4396-88C5-0EC9548FB42F} - c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
BHO-{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1380)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\WUDFHost.exe
c:\progra~1\SPEEDB~2\VideoAcceleratorEngine.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\System32\msdtc.exe
c:\windows\system32\RacAgent.exe
.
**************************************************************************
.
Completion time: 2011-05-28 21:12:03 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-28 13:11
.
Pre-Run: 2,706,665,472 bytes free
Post-Run: 2,848,268,288 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=80 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80
- - End Of File - - 9599E08030EBEE4FA48A1C2A089E8DDA
  • 0

#4
michaelg9
Posted 28 May 2011 - 09:34 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

Please uninstall the following programs:

Ask Toolbar
HijackThis 2.0.2
Registry Reviver
Date Cracker 2000
OMFGZ Infinite Dll Injector
SpeedBit Video Accelerator
SpeedBit Video Downloader
HitGrab Toolbar

If you have any objections with any, leave it behind and tell me


Next:
  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.


Next:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
    SRV - [2010/04/20 19:27:26 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
    IE - HKLM\..\URLSearchHook: {ef13cf4f-2753-470c-88d2-b10effbc2092} - C:\Program Files\HitGrab\tbHitG.dll (Conduit Ltd.)
    IE - HKCU\..\URLSearchHook: {ef13cf4f-2753-470c-88d2-b10effbc2092} - C:\Program Files\HitGrab\tbHitG.dll (Conduit Ltd.)
    [2011/03/27 15:22:37 | 000,000,000 | ---D | M] (MouseHunt Toolbar) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}
    [2011/03/27 15:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}\chrome\content\dca\core\extensionManager
    [2009/08/09 08:15:21 | 000,009,949 | ---- | M] () -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\searchplugins\mywebsearch.xml
    File not found (No name found) -- C:\USERS\€ JEFFREY € \APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q1DIO9K3.DEFAULT\EXTENSIONS\{916AB64C-BC3E-471B-8E60-29551922A7BA}
    FF - HKLM\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox [2010/04/27 09:30:12 | 000,000,000 |---D | M]
    [2011/03/27 15:22:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O2 - BHO: (HitGrab Toolbar) - {ef13cf4f-2753-470c-88d2-b10effbc2092} - C:\Program Files\HitGrab\tbHitG.dll (Conduit Ltd.)
    O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O2 - BHO: (SBCONVERT Class) - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O2 - BHO: (SBCONVERT Class) - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll ()
    O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
    O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O2 - BHO: (SBCONVERT Class) - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O2 - BHO: (SBCONVERT Class) - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll ()
    O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
    O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
    O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (HitGrab Toolbar) - {ef13cf4f-2753-470c-88d2-b10effbc2092} - C:\Program Files\HitGrab\tbHitG.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (HitGrab Toolbar) - {EF13CF4F-2753-470C-88D2-B10EFFBC2092} - C:\Program Files\HitGrab\tbHitG.dll (Conduit Ltd.)
    O12 - Plugin for: .spop - File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
    O33 - MountPoints2\{3d655d47-8fdf-11df-84fa-001d6032885c}\Shell - "" = AutoRun
    O33 - MountPoints2\{3f92bb81-92fc-11de-a5ca-001d6032885c}\Shell\AutoRun\command - "" = wscript.exe auto.vbs
    O33 - MountPoints2\{3f92bb81-92fc-11de-a5ca-001d6032885c}\Shell\Open\Command - "" = wscript.exe auto.vbs
    O33 - MountPoints2\{532abd14-98ce-11de-bcb8-001d6032885c}\Shell - "" = AutoRun
    O33 - MountPoints2\{7e4ed86e-2760-11df-a2bf-001d6032885c}\Shell\open\command - "" = K:\.\texar/texar32.exe
    O33 - MountPoints2\{895e166f-d64f-11dd-9ce0-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{895e166f-d64f-11dd-9ce0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\tools\start.cmd
    O33 - MountPoints2\{a5a73270-977f-11de-8123-001d6032885c}\Shell\AutoRun\command - "" = cdyznx.exe
    O33 - MountPoints2\{a5a73270-977f-11de-8123-001d6032885c}\Shell\explore\Command - "" = cdyznx.exe
    O33 - MountPoints2\{a5a73270-977f-11de-8123-001d6032885c}\Shell\open\Command - "" = cdyznx.exe
    [2011/05/19 20:50:55 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\Desktop\Registry Reviver 1.2.61 Software + Crack
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2009/02/28 18:01:03 | 000,004,879 | ---- | C] () -- C:\ProgramData\qxnaarlh.aho
    [2009/02/28 18:00:32 | 000,004,879 | ---- | C] () -- C:\ProgramData\rxnaarlh.aho
    [2009/02/28 18:00:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\3880407553
    [2010/04/27 09:30:12 | 000,000,000 | ---D | M] (SpeedBit Video Downloader) -- C:\PROGRAM FILES\SPEEDBIT VIDEO DOWNLOADER\SPFIREFOX

    :Services

    :Reg
    [-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    :Files

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Next:
Please re-run Combofix like before and post its log here.


Next:
Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.


Next:
How do you know that there are problems with the services? Are you getting any symptoms / errors? If yes, what they say?
  • 0

#5
SiLveR001
Posted 29 May 2011 - 05:05 AM

SiLveR001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
hi there thanks for the fast reply here are the logs u have asked for

OTL
log for combofix
gmer

as for the symptoms of the problem it started when this has showed up in my icons on the taskbar


Posted Image

then i tried to diagnose and repair then it said that it needs to connect to the diagnostics policy service then i thought to try starting it manually but an error keeps on occurring and preventing me from starting it the same case with the firewall no matter how many times i tried turning it on it just wont turn on

Attached Files

  • Attached File  OTL.Txt   81.28KB   129 downloads
  • Attached File  log.txt   16.87KB   154 downloads
  • Attached File  gmer.log   424.02KB   148 downloads

  • 0

#6
michaelg9
Posted 29 May 2011 - 05:37 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

Did you replaced your username with asterisks in the logs? Please don't edit your logs, post them as is. Please repost the original 3 logs requested.

Did you uninstall all the programs listed in my previous post?
  • 0

#7
SiLveR001
Posted 29 May 2011 - 06:01 AM

SiLveR001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
hi there sorry bout that i just noticed it shows my user name so i thought to remove it xP

and yeah i have uninstalled the previous programs though the injector one has problem on uninstalling it though i manually removed all files relate to it

then once again here are the files


OTL logfile created on: 5/29/2011 3:57:42 PM - Run 4
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\† JeFFreY †\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 68.48% Memory free
5.21 Gb Paging File | 3.84 Gb Available in Paging File | 73.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.01 Gb Total Space | 3.78 Gb Free Space | 1.30% Space Free | Partition Type: NTFS
Drive D: | 8.08 Gb Total Space | 1.01 Gb Free Space | 12.52% Space Free | Partition Type: NTFS

Computer Name: JeFFreY-PC | User Name: † JeFFreY † | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/28 20:24:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\† JeFFreY †\Desktop\OTL.exe
PRC - [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2011/01/19 16:23:41 | 000,136,336 | ---- | M] (RockMelt Inc.) -- C:\Users\† JeFFreY †\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
PRC - [2011/01/13 16:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 16:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/12/09 05:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/12/09 03:17:46 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/27 23:36:24 | 000,176,408 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2010/01/22 07:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/11/11 10:57:36 | 001,451,520 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/10/27 09:15:44 | 000,132,608 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/10/27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/04/11 14:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/02 18:50:32 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/01/19 15:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\schtasks.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/04/18 23:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 19:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/09/04 01:32:28 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe


========== Modules (SafeList) ==========

MOD - [2011/05/28 20:24:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\† JeFFreY †\Desktop\OTL.exe
MOD - [2011/01/13 16:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 23:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/13 16:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/27 23:36:24 | 000,176,408 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/06/23 20:53:52 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/26 00:47:00 | 003,489,788 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/01/22 07:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 15:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/09/12 07:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/09/12 07:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/09/12 06:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2006/09/12 06:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/09/04 01:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 14:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/05/11 00:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)


========== Driver Services (SafeList) ==========

DRV - [2011/01/13 16:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 16:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 16:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 16:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 16:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/10/06 11:56:34 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009/10/06 11:56:32 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/10/06 11:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/09/10 14:55:58 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/27 20:44:57 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/05/07 09:55:22 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2005/12/13 01:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.drp.su/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:8.6.7.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.3
FF - prefs.js..extensions.enabledItems: [email protected]:4.0
FF - prefs.js..extensions.enabledItems: {916ab64c-bc3e-471b-8e60-29551922a7ba}:1.300.367
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.2.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/12/09 14:24:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/08 16:03:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/27 09:35:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/12 22:56:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/12 22:56:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2011/02/24 23:57:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/23 13:02:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/23 13:02:00 | 000,000,000 | ---D | M]

[2008/12/30 20:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Extensions
[2011/05/29 12:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions
[2010/04/28 10:17:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/29 00:45:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/05/25 23:55:51 | 000,000,000 | ---D | M] (FDislike) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\[email protected]
[2010/03/21 21:00:19 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\[email protected]
[2011/03/27 15:22:40 | 000,000,000 | ---D | M] (Personas) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\[email protected]
[2010/05/13 00:10:56 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\[email protected]
[2011/05/23 13:02:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/03 22:16:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/02/25 14:47:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
File not found (No name found) -- C:\USERS\€  JeFFreY € \APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q1DIO9K3.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}
File not found (No name found) -- C:\USERS\€  JeFFreY € \APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q1DIO9K3.DEFAULT\EXTENSIONS\[email protected]
[2011/04/15 00:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/12/31 00:33:17 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/29 13:22:28 | 000,000,098 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {A1056498-D09A-41E4-864B-505EDD640D9E} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [ProcessTamer] C:\Program Files\ProcessTamer\ProcessTamerTray.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [RockMelt Update] C:\Users\† JeFFreY †\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\† JeFFreY †\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\† JeFFreY †\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/01 11:00:36 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/29 15:59:11 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\Desktop\gmer
[2011/05/29 13:34:02 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\Desktop\New Folder (2)
[2011/05/29 12:12:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/29 11:42:47 | 000,000,000 | ---D | C] -- C:\Desktop
[2011/05/28 21:45:36 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\† JeFFreY †\Desktop\aswMBR.exe
[2011/05/28 21:12:06 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\AppData\Local\temp
[2011/05/28 21:00:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/28 20:32:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/28 20:32:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/28 20:32:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/28 20:32:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/28 20:32:01 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/05/28 20:28:34 | 004,296,757 | R--- | C] (Swearware) -- C:\Users\† JeFFreY †\Desktop\ComboFix.exe
[2011/05/28 20:24:28 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\† JeFFreY †\Desktop\OTL.exe
[2011/05/28 19:53:24 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\AppData\Local\Apple
[2011/05/27 18:00:12 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\AppData\Local\Adobe
[2011/05/27 17:55:36 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\Desktop\bartpe
[2011/05/23 13:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/05/22 23:09:11 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\AppData\Local\ElevatedDiagnostics
[2011/05/19 20:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2011/05/16 22:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
[2011/05/04 23:36:05 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\oni
[2011/05/04 23:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CosmicBreak_eng
[2011/05/04 23:34:14 | 000,000,000 | ---D | C] -- C:\CyberStep
[2011/05/04 15:34:40 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite
[2011/05/04 15:34:30 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\AppData\Roaming\WindSolutions
[2011/05/04 15:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions

========== Files - Modified Within 30 Days ==========

[2049/12/31 16:00:00 | 000,021,387 | ---- | M] () -- C:\Users\† JeFFreY †\Documents\title.jpg
[2049/12/31 16:00:00 | 000,018,370 | ---- | M] () -- C:\Users\† JeFFreY †\Documents\poe1.jpg
[2049/12/31 16:00:00 | 000,005,987 | ---- | M] () -- C:\Users\† JeFFreY †\Documents\tale1.jpg
[2011/05/29 15:52:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/29 15:26:35 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/29 15:26:35 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/29 15:02:24 | 000,165,676 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\qwert.jpg
[2011/05/29 13:30:59 | 000,037,493 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/05/29 13:30:59 | 000,037,493 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/29 13:26:46 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ca5a13c7ed8130.job
[2011/05/29 13:26:46 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/05/29 13:26:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/29 13:26:30 | 2682,769,408 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/29 13:22:28 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/29 12:07:45 | 000,132,597 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\Flash_Disinfector.exe
[2011/05/29 11:59:34 | 000,000,396 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\Desktop.lnk
[2011/05/29 11:56:43 | 000,000,021 | ---- | M] () -- C:\Config.ini
[2011/05/29 11:47:02 | 000,092,672 | ---- | M] () -- C:\Users\† JeFFreY †\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/28 21:50:05 | 000,000,512 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\MBR.dat
[2011/05/28 21:45:44 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\† JeFFreY †\Desktop\aswMBR.exe
[2011/05/28 20:29:23 | 004,296,757 | R--- | M] (Swearware) -- C:\Users\† JeFFreY †\Desktop\ComboFix.exe
[2011/05/28 20:24:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\† JeFFreY †\Desktop\OTL.exe
[2011/05/27 18:00:15 | 000,000,004 | ---- | M] () -- C:\VERSION.CFG
[2011/05/27 08:34:07 | 000,001,985 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\RockMelt.lnk
[2011/05/27 08:34:07 | 000,001,947 | ---- | M] () -- C:\Users\† JeFFreY †\Application Data\Microsoft\Internet Explorer\Quick Launch\RockMelt.lnk
[2011/05/25 18:53:00 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/05/23 13:02:10 | 000,000,832 | ---- | M] () -- C:\Users\† JeFFreY †\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/23 13:02:10 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/19 20:53:01 | 000,617,086 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/19 20:53:01 | 000,111,660 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/18 07:01:18 | 000,000,905 | ---- | M] () -- C:\Users\† JeFFreY †\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/18 06:59:48 | 000,000,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/05/17 13:41:39 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/05/17 13:41:39 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/05/17 13:41:19 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/04 23:35:34 | 000,000,758 | ---- | M] () -- C:\Users\Public\Desktop\Cosmic Break.lnk

========== Files Created - No Company Name ==========

[2011/05/29 15:02:23 | 000,165,676 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\qwert.jpg
[2011/05/29 12:07:42 | 000,132,597 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\Flash_Disinfector.exe
[2011/05/29 11:59:34 | 000,000,396 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\Desktop.lnk
[2011/05/28 21:50:05 | 000,000,512 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\MBR.dat
[2011/05/28 20:32:24 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/28 20:32:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/28 20:32:24 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/28 20:32:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/28 20:32:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/23 13:02:10 | 000,000,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/17 13:41:19 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/04 23:35:34 | 000,000,758 | ---- | C] () -- C:\Users\Public\Desktop\Cosmic Break.lnk
[2010/11/19 22:49:34 | 000,037,493 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/11/19 22:49:32 | 000,037,493 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/10/30 16:44:47 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2010/03/30 13:55:27 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_processtamer_InstallInfo.dat
[2010/03/30 13:55:27 | 000,000,046 | ---- | C] () -- C:\Users\† JeFFreY †\AppData\Local\DonationCoder_processtamer_InstallInfo.dat
[2010/03/14 00:46:49 | 000,001,025 | ---- | C] () -- C:\Windows\wininit.ini
[2010/03/11 15:54:56 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/03/11 15:54:56 | 000,763,832 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/03/08 16:02:57 | 000,023,090 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/09/11 18:50:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/11 18:50:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/04 08:12:54 | 000,026,340 | ---- | C] () -- C:\Users\† JeFFreY †\AppData\Roaming\UserTile.png
[2009/08/16 22:45:35 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/07/01 16:30:54 | 000,008,620 | ---- | C] () -- C:\Users\† JeFFreY †\AppData\Local\d3d9caps.dat
[2009/05/26 23:29:29 | 000,164,978 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/05/10 16:45:15 | 000,008,553 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009/05/03 13:53:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/01/14 15:09:40 | 000,000,003 | ---- | C] () -- C:\ProgramData\NOD.dll
[2009/01/06 15:54:53 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009/01/03 19:56:46 | 000,137,623 | ---- | C] () -- C:\Windows\HPHins15.dat
[2009/01/02 23:32:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/02 11:00:59 | 000,092,672 | ---- | C] () -- C:\Users\† JeFFreY †\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/02 09:51:43 | 000,000,552 | ---- | C] () -- C:\Users\† JeFFreY †\AppData\Local\d3d8caps.dat
[2009/01/01 10:52:01 | 000,000,004 | ---- | C] () -- C:\Windows\System32\XPerWin.dll
[2009/01/01 10:51:57 | 000,000,037 | ---- | C] () -- C:\Windows\System32\xsystem.dll
[2007/08/01 10:52:09 | 000,107,026 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/01 10:27:33 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/08/01 10:25:07 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/08/01 10:25:07 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/06/07 16:56:07 | 000,002,828 | ---- | C] () -- C:\Windows\hphmdl15.dat
[2007/05/14 20:28:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 14:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 14:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 20:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 20:47:37 | 000,506,608 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 20:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:33:01 | 000,617,086 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 18:33:01 | 000,111,660 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/24 01:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2005/12/08 15:19:22 | 000,061,440 | ---- | C] () -- C:\Windows\System32\EGamesPlugin.dll
[2005/12/08 15:19:22 | 000,036,864 | ---- | C] () -- C:\Windows\System32\EGameEncrypt.dll

========== LOP Check ==========

[2010/11/20 21:30:24 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\2K Sports
[2010/06/23 22:04:56 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Autodesk
[2009/03/28 16:11:01 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Boolat Games
[2009/07/27 21:35:51 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\DAEMON Tools Lite
[2010/03/30 13:55:28 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\DonationCoder
[2010/03/10 20:46:43 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Facebook
[2010/07/28 21:07:58 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\FreeFLVConverter
[2010/05/03 21:04:34 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\freshgames
[2009/01/26 07:10:19 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\GameHouse
[2010/04/04 20:57:04 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\GlarySoft
[2011/04/10 09:21:59 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Hotdog Hotshot
[2009/02/12 22:12:40 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Image Zone Express
[2010/11/07 15:24:34 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\InterTrust
[2010/04/24 00:23:14 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\LimeWire
[2008/12/30 17:34:41 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\MRTalk
[2009/03/01 08:56:37 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Nexon
[2010/08/26 17:49:13 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Nokia
[2011/04/14 03:13:15 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Opera
[2009/08/25 20:40:22 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\PC Suite
[2009/09/04 08:12:53 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\PeerNetworking
[2010/05/04 09:51:02 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\PlayFirst
[2009/02/12 22:12:39 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Printer Info Cache
[2011/03/22 01:40:44 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Publish Providers
[2011/03/18 20:07:24 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Rovio
[2011/03/22 01:50:35 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Sony
[2011/05/29 15:56:10 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\uTorrent
[2008/12/31 18:35:25 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\WinBatch
[2011/05/04 16:05:59 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\WindSolutions
[2009/05/03 14:37:54 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Zen of Sudoku
[2011/05/29 13:26:46 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2011/05/29 13:25:04 | 000,032,624 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:DDEB08FD
@Alternate Data Stream - 305 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:9547F1DB
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B557E3E7
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B0E38115
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A18121AD
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:04BB186B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3F6BE44B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A5264343
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8511DA13
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:84512B49
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5BDD0820
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:DA3C6C07
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:A9662AE0
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ADF211B1

< End of report >



ComboFix 11-05-27.02 - † JeFFreY † 05/29/2011 17:14:25.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.63.1033.18.2558.1415 [GMT 8:00]
Running from: c:\users\å JeFFreY å\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-29 )))))))))))))))))))))))))))))))
.
.
2011-05-29 09:29 . 2011-05-29 09:29 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-05-29 09:29 . 2011-05-29 09:29 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2011-05-29 09:29 . 2011-05-29 09:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-29 09:29 . 2011-05-29 09:29 -------- d-----w- c:\users\+ JeFFreY +\AppData\Local\temp
2011-05-29 09:12 . 2011-05-29 09:12 -------- d-----w- C:\32788R22FWJFW
2011-05-29 08:28 . 2011-05-29 08:28 -------- d-----w- c:\program files\ConduitEngine
2011-05-29 08:27 . 2011-05-29 08:27 -------- d-----w- c:\program files\uTorrent
2011-05-29 04:12 . 2011-05-29 04:12 -------- d-----w- C:\_OTL
2011-05-29 03:42 . 2011-05-29 03:55 -------- d-----w- C:\Desktop
2011-05-28 13:12 . 2011-05-29 09:29 -------- d-----w- c:\users\† JeFFreY †\AppData\Local\temp
2011-05-28 11:53 . 2011-05-28 11:53 -------- d-----w- c:\users\† JeFFreY †\AppData\Local\Apple
2011-05-28 01:12 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{05E36754-0537-472D-BDA2-24721A5A188A}\mpengine.dll
2011-05-27 10:00 . 2011-05-27 10:00 -------- d-----w- c:\users\† JeFFreY †\AppData\Local\Adobe
2011-05-23 05:13 . 2011-05-23 05:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-23 05:02 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-23 05:02 . 2011-04-14 16:25 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-05-23 05:02 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-23 05:02 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-23 05:02 . 2011-04-14 16:25 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-05-23 05:02 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-23 05:02 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-23 05:02 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-23 05:02 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-23 05:02 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-22 15:09 . 2011-05-22 15:09 -------- d-----w- c:\users\† JeFFreY †\AppData\Local\ElevatedDiagnostics
2011-05-19 12:17 . 2011-05-19 12:26 -------- d-----w- c:\program files\Microsoft ATS
2011-05-11 22:53 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-08 12:34 . 2011-05-08 13:50 -------- d-----w- c:\users\Public\barbie 2
2011-05-04 15:36 . 2011-05-04 15:36 -------- d-----w- c:\users\† JeFFreY †\oni
2011-05-04 15:34 . 2011-05-04 15:34 -------- d-----w- C:\CyberStep
2011-05-04 07:34 . 2011-05-04 08:05 -------- d-----w- c:\users\† JeFFreY †\AppData\Roaming\WindSolutions
2011-05-04 07:34 . 2011-05-04 08:05 -------- d-----w- c:\programdata\WindSolutions
2011-05-04 00:38 . 2011-05-04 02:49 -------- d-----w- c:\users\Public\Barbie
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 08:20 . 2011-04-06 08:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 08:20 . 2011-04-06 08:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-13 02:01 . 2010-06-24 03:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-12 21:55 . 2011-04-28 05:18 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-15 04:34 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 04:34 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-15 04:34 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-28 05:31 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-03 15:40 . 2011-04-28 05:31 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 05:31 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 05:31 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 05:31 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:35 . 2011-04-28 05:31 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 13:25 . 2011-04-15 04:34 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-15 04:34 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-14 16:26 . 2011-05-23 05:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn3\YTNavAssist.dll" [2011-01-21 213816]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 05:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 05:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"RockMelt Update"="c:\users\† JeFFreY †\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2011-01-19 136336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ProcessTamer"="c:\program files\ProcessTamer\ProcessTamerTray.exe" [2009-03-27 163840]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-27 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-27 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-27 133656]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
.
c:\users\+ JeFFreY +\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 10:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 03:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 02:17 5252408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2009-07-22 11:16 2331936 ----a-w- c:\program files\Nokia\Nokia Music\NokiaMusic.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 02:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 09:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-27 01:33 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9e6899f40c30b;Google Update Service (gupdate1c9e6899f40c30b);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-06 133104]
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-06 133104]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-10-06 136704]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-10-06 8320]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-25 3489788]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-27 721904]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-21 112592]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
S2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [2010-09-27 176408]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - KXTIRFOB
*Deregistered* - kxtirfob
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-29 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-04-04 05:03]
.
2011-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca5a13c7ed8130.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-06 09:30]
.
2011-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-06 09:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.drp.su/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_PH&c=74&bd=Pavilion&pf=desktop
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{54C1C1DB-8C92-4E21-9725-9FD813E3AE1B}: NameServer = 208.67.220.220,208.67.222.222
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
.
JeFFreYJeFFreYJeFFreYJeFFreYJeFFreYJeFFreYJeFFreYJeFFreYJeFFreYJeFFreYJeFFreYJeFFreYJeFFreYJeFFreYJeFFreYJeFFreYJeFFreYJeFFreY**
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-29 17:29
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
JeFFreYJeFFreYJeFFreYJeFFreYJeFFreYJeFFreYJeFFreYJeFFreYJeFFreYJeFFreYJeFFreYJeFFreYJeFFreYJeFFreYJeFFreYJeFFreYJeFFreYJeFFreY**
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Completion time: 2011-05-29 17:34:46
ComboFix-quarantined-files.txt 2011-05-29 09:34
ComboFix2.txt 2011-05-29 08:54
ComboFix3.txt 2011-05-28 13:12
.
Pre-Run: 3,137,257,472 bytes free
Post-Run: 2,938,544,128 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=80 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80
- - End Of File - - F5BC534A4D4177ACCB62441084B7DA8E

Attached Files

  • Attached File  gmer.log   424.02KB   133 downloads

  • 0

#8
michaelg9
Posted 29 May 2011 - 06:58 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

Please try to post your logs, instead of attaching them. You can attach just the logs that are too big to be posted, like Gmer's log in this case. :)

There are some things in your gmer log that I don't like...


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\program files\ConduitEngine
c:\program files\uTorrentBar

Folder::

Registry::

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-

[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

Driver::
KXTIRFOB
a4jcweeq.SYS

Rootkit::
a4jcweeq.SYS


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Next:


Rootkit Unhooker:
  • Please download Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest and then click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"



Next:
Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#9
SiLveR001
Posted 29 May 2011 - 09:43 AM

SiLveR001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
hi there again thanks for the fast reply, here are the files needed:

ComboFix Log:

ComboFix 11-05-27.02 - † JeFFreY † 05/29/2011 22:41:52.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.63.1033.18.2558.1577 [GMT 8:00]
Running from: c:\users\å JeFFreY å\Desktop\ComboFix.exe
Command switches used :: c:\users\å JeFFreY å\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-29 )))))))))))))))))))))))))))))))
.
.
2011-05-29 14:56 . 2011-05-29 14:56 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-05-29 14:56 . 2011-05-29 14:56 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2011-05-29 14:56 . 2011-05-29 14:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-29 14:56 . 2011-05-29 14:56 -------- d-----w- c:\users\+ JeFFreY +\AppData\Local\temp
2011-05-29 10:56 . 2011-05-29 10:56 -------- d-----w- c:\program files\uTorrent
2011-05-29 09:12 . 2011-05-29 14:39 -------- d-----w- C:\32788R22FWJFW
2011-05-29 08:28 . 2011-05-29 08:28 -------- d-----w- c:\program files\ConduitEngine
2011-05-29 04:12 . 2011-05-29 04:12 -------- d-----w- C:\_OTL
2011-05-29 03:42 . 2011-05-29 03:55 -------- d-----w- C:\Desktop
2011-05-28 13:12 . 2011-05-29 14:56 -------- d-----w- c:\users\† JeFFreY †\AppData\Local\temp
2011-05-28 11:53 . 2011-05-28 11:53 -------- d-----w- c:\users\† JeFFreY †\AppData\Local\Apple
2011-05-28 01:12 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{05E36754-0537-472D-BDA2-24721A5A188A}\mpengine.dll
2011-05-27 10:00 . 2011-05-27 10:00 -------- d-----w- c:\users\† JeFFreY †\AppData\Local\Adobe
2011-05-23 05:13 . 2011-05-23 05:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-23 05:02 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-23 05:02 . 2011-04-14 16:25 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-05-23 05:02 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-23 05:02 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-23 05:02 . 2011-04-14 16:25 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-05-23 05:02 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-23 05:02 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-23 05:02 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-23 05:02 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-23 05:02 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-22 15:09 . 2011-05-22 15:09 -------- d-----w- c:\users\† JeFFreY †\AppData\Local\ElevatedDiagnostics
2011-05-19 12:17 . 2011-05-19 12:26 -------- d-----w- c:\program files\Microsoft ATS
2011-05-11 22:53 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-08 12:34 . 2011-05-08 13:50 -------- d-----w- c:\users\Public\barbie 2
2011-05-04 15:36 . 2011-05-04 15:36 -------- d-----w- c:\users\† JeFFreY †\oni
2011-05-04 15:34 . 2011-05-04 15:34 -------- d-----w- C:\CyberStep
2011-05-04 07:34 . 2011-05-04 08:05 -------- d-----w- c:\users\† JeFFreY †\AppData\Roaming\WindSolutions
2011-05-04 07:34 . 2011-05-04 08:05 -------- d-----w- c:\programdata\WindSolutions
2011-05-04 00:38 . 2011-05-04 02:49 -------- d-----w- c:\users\Public\Barbie
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 08:20 . 2011-04-06 08:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 08:20 . 2011-04-06 08:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-13 02:01 . 2010-06-24 03:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-12 21:55 . 2011-04-28 05:18 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-15 04:34 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 04:34 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-15 04:34 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-28 05:31 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-03 15:40 . 2011-04-28 05:31 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 05:31 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 05:31 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 05:31 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:35 . 2011-04-28 05:31 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 13:25 . 2011-04-15 04:34 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-15 04:34 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-14 16:26 . 2011-05-23 05:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn3\YTNavAssist.dll" [2011-01-21 213816]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 05:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 05:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"RockMelt Update"="c:\users\† JeFFreY †\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2011-01-19 136336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ProcessTamer"="c:\program files\ProcessTamer\ProcessTamerTray.exe" [2009-03-27 163840]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-27 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-27 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-27 133656]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
.
c:\users\+ JeFFreY +\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 10:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 03:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 02:17 5252408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2009-07-22 11:16 2331936 ----a-w- c:\program files\Nokia\Nokia Music\NokiaMusic.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 02:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 09:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-27 01:33 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9e6899f40c30b;Google Update Service (gupdate1c9e6899f40c30b);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-06 133104]
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-06 133104]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-10-06 136704]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-10-06 8320]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-25 3489788]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-27 721904]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-21 112592]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
S2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [2010-09-27 176408]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - kxtirfob
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-29 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-04-04 05:03]
.
2011-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca5a13c7ed8130.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-06 09:30]
.
2011-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-06 09:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.drp.su/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_PH&c=74&bd=Pavilion&pf=desktop
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{54C1C1DB-8C92-4E21-9725-9FD813E3AE1B}: NameServer = 208.67.220.220,208.67.222.222
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-29 22:56
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Completion time: 2011-05-29 23:01:58
ComboFix-quarantined-files.txt 2011-05-29 15:01
ComboFix2.txt 2011-05-29 09:34
ComboFix3.txt 2011-05-29 08:54
ComboFix4.txt 2011-05-28 13:12
.
Pre-Run: 2,711,457,792 bytes free
Post-Run: 3,878,912,000 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=80 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80
- - End Of File - - E970C8EFC315EA7EEF9191C1C7F3181A




Rootkit Unhooker Log:


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x90608000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 11001856 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 258.96 )
0x8580B000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x8580B000 PnpManager 3907584 bytes
0x8580B000 RAW 3907584 bytes
0x8580B000 WMIxWDM 3907584 bytes
0x91A06000 C:\Windows\system32\drivers\RTKVHDA.sys 2322432 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xA0A30000 Win32k 2113536 bytes
0xA0A30000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8CA06000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8C67C000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8068F000 PCI_PNP3130 1052672 bytes
0x8068F000 C:\Windows\System32\Drivers\spdp.sys 1052672 bytes
0x8068F000 sptd 1052672 bytes
0x8C803000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804DA000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA830E000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8C908000 C:\Windows\System32\Drivers\dump_iaStor.sys 815104 bytes
0x85EA8000 C:\Windows\system32\drivers\iastor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x90403000 C:\Windows\system32\DRIVERS\athr.sys 794624 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0xA3C03000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x91088000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x91134000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80606000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8C60B000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80410000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xA3D0A000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA82A7000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x85E4E000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x91D91000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x918E0000 C:\Windows\System32\Drivers\aswSP.SYS 290816 bytes (AVAST Software, avast! self protection module)
0x805BA000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80499000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x9052C000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x85FBF000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x9188D000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8C7B2000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xA822E000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8CB16000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x904C5000 C:\Windows\System32\Drivers\amv25arw.SYS 229376 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x919A9000 C:\Windows\system32\drivers\aswMonFlt.sys 225280 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x85F7F000 C:\Windows\system32\drivers\PCTCore.sys 225280 bytes (PC Tools, PC Tools KDS Core Driver)
0x91802000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x85BC5000 ACPI_HAL 208896 bytes
0x85BC5000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x807BF000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x91848000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x904FD000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x91C3D000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8C787000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8C9CF000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xA3CC3000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xA827F000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8CB66000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x85E09000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x80799000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x91C6A000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x9059A000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8CB9E000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA3DC2000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x91CF3000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xA820F000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA3D77000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8C8ED000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9198E000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA3D94000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x91C8F000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA8267000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x918C9000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x90578000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x91955000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x919E8000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x91DE7000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x91D71000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xA3DAD000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x905E0000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x91D14000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA82F6000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x905CC000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x91D5D000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0xA3CF7000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x9187A000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xA3DE3000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8CB8D000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x91837000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80480000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x85F6F000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x91930000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xA3CB3000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x85E98000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x911DB000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8CBE9000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x9197F000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8CB57000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x85E30000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x905BD000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x911CC000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x85E3F000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0xA0C70000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x91CC4000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x91D46000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x91948000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8C7ED000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x80682000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA8200000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x91CE7000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x91128000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x905F5000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x911EB000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x91D3B000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x9058F000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x9056D000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8CBD5000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x911C1000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x91D87000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0x9196C000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x911F6000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA3CED000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x91CD2000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA83EC000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8CBBF000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x91CAD000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x91927000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x91976000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xA83F6000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x85FB6000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x91D54000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xA0C50000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8CBE0000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x80790000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x91DDE000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0x80491000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x91940000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x807F1000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x91D2B000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x91D33000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8CB4F000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x91CBD000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x91CE0000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80409000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x91CB6000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x91CA7000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x91DD9000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0x91CDC000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x91086000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 258.96 )
0x90400000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x91D29000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x88D9C1F8 unknown_irp_handler 3592 bytes
0x8A5501F8 unknown_irp_handler 3592 bytes
0x8A6531F8 unknown_irp_handler 3592 bytes
0x8A7841F8 unknown_irp_handler 3592 bytes
0x8AF041F8 unknown_irp_handler 3592 bytes
0x8B05A1F8 unknown_irp_handler 3592 bytes
0x8A7891F8 unknown_irp_handler 3592 bytes
0x8800B1F8 unknown_irp_handler 3592 bytes
0x8A6731F8 unknown_irp_handler 3592 bytes
0x8C52A1F8 unknown_irp_handler 3592 bytes
0x8B080500 unknown_irp_handler 2816 bytes
0x8B0D2500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]
0x00AA0000 Hidden Image-->HP.ActiveSupportLibrary.dll [ EPROCESS 0x88692020 ] PID: 3292, 86016 bytes



aswMBR log:
i couldnt get a copy of this log, it seems that after i reached in the middle of the scan or so, it suddenly shuts down and im unable to save the log in this
  • 0

#10
michaelg9
Posted 29 May 2011 - 02:33 PM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

IMPORTANT:
You will need a flash drive with a size of 512 Mb or bigger. Make sure that you do not leave anything important on the flash drive, as all data on it will be deleted during the following steps.

    • Download OTLPEStd.exe from the following link and save it to your Desktop: mirror1.
    • Download eeepcfr.zip from the following link and save it to your Desktop: the mirror
    • Finally, if you do not have a file archiver like 7-zip or Winrar installed, please download 7-zip from the following link and install it: the mirror
  • Once you have 7-zip install, decompress OTLPEStd.exe by rightclicking on the folder and choosing the options shown in the picture below. Please use a dedicated folder, for example OTLPE, on your Desktop

    Posted Image

  • Open the folder OTLPEStd which will be created in the same location as OTLPEStd.exe and right-click OTLPE_New_Std.iso. Select 7-Zip and from the submenu select Extract files... and extract the content onto your Desktop in a OTLPE folder:

    Posted Image

  • Please also decompress eeepcfr to your systemroot (usually C:\).
  • Empty the flash drive you want to install OTLPE on.
  • Go to C:\eeecpfr and double-click usb_prep8.cmd to launch it.
  • Press any key when asked to in the black window that opens.
  • As indicated in the image, make sure you have selected the correct flash drive, before proceeding.
    For Drive Label: type in OTLPE.
    Under Source Path to built BartPE/WinPE Files click ... and select the folder OTLPE that you created on your Desktop.
    Finally check Enable File Copy.

    Posted Image


  • Click on Start, accept the disclaimers and wait for the program to finish.

    Your bootable flash drive should now be ready!
  • Reboot your system using the boot USB you just created.
    Note : If you do not know how to set your computer to boot from USB follow the steps here
  • As the USB needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)

  • Your system should now display a Reatogo desktop.
  • Make sure that your windows installation drive is C: . You can do this by opening my computer and checking.
  • Double-click on the MbrFix
  • In the box type:

    MbrFix /drive 0 savembr C:\mbr.dat

    Note:If windows drive isn't C:, then change it as appropriate on the above command :unsure:
  • Restart the computer.
  • Attach the file named mbr.dat in your C: drive here

  • 0

Advertisements

#11
SiLveR001
Posted 29 May 2011 - 07:16 PM

SiLveR001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
hi there!! thanks for the fast reply again before i begin with the procedure may i ask first if the usb may return to original state? or could i use an alternative storage like a CD-R or something because i only have 1 usb right now and it would be a problem if i couldnt use it anymore :)
  • 0

#12
michaelg9
Posted 30 May 2011 - 02:42 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

No problem, the USB can be formatted, (or erase its data), and you'd still be able to use it normally :) ANY data already on it will be lost
If you prefer, I can give you instructions for a bootable CD
  • 0

#13
SiLveR001
Posted 30 May 2011 - 09:31 AM

SiLveR001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
oh would that be okay? then if possible i would like to try that first :)
  • 0

#14
michaelg9
Posted 30 May 2011 - 12:23 PM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
No problem :yes:

Please print these instruction out so that you know what you are doing

File details OTLPENet.exe
Bytes=126,850,486
MB=120.9
MD5=8A7C5BA1C92552ADDCC5E468D0AA069A




  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :unsure:

  • Your system should now display a Reatogo desktop.
  • Make sure that your windows installation drive is C: . You can do this by opening my computer and checking.
  • Double-click on the MbrFix
  • In the box type:

    MbrFix /drive 0 savembr C:\mbr.dat

    Note:If windows drive isn't C:, then change it as appropriate on the above command :)
  • Restart the computer.
  • Attach the file named mbr.dat in your C: drive here

  • 0

#15
SiLveR001
Posted 31 May 2011 - 02:35 AM

SiLveR001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
hello there :)

may i ask if this MbrFix is the same as the FixMbr on the aswMBR?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP