Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

No Internet connection

Started by DrkMachine , May 22 2011 11:52 AM

  • This topic is locked This topic is locked

#1
DrkMachine
Posted 22 May 2011 - 11:52 AM

DrkMachine

    Member

  • Member
  • PipPipPip
  • 126 posts
Good day,

A friend asked me to work on his computer for him, it will not connect to the internet, all of the settings I have looked at are correct, which leads me to believe that his system is infected with something. I have previously used MajorGeeks to clean all my friends systems, but seeing that you offer a school to teach such things, I figured I would see how you guys work and then perhaps enroll myself. Thanks in advance for the assistance.

OTL logfile created on: 5/22/2011 11:43:05 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\DrkRvnKnyght\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 81.24% Memory free
3.22 Gb Paging File | 2.75 Gb Available in Paging File | 85.45% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 39.76 Gb Free Space | 51.85% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 418.92 Gb Free Space | 89.94% Space Free | Partition Type: NTFS
Drive G: | 7.44 Gb Total Space | 7.43 Gb Free Space | 99.97% Space Free | Partition Type: FAT32

Computer Name: RATSYS | User Name: DrkRvnKnyght | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/22 12:37:36 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DrkRvnKnyght\Desktop\OTL.exe
PRC - [2010/12/02 16:17:50 | 000,724,664 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2010/07/28 02:23:50 | 000,526,992 | ---- | M] (Corel, Inc.) -- C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
PRC - [2010/07/26 23:59:20 | 000,105,632 | ---- | M] (Corel) -- C:\Program Files\Common Files\Corel\Standby\Standby.exe
PRC - [2010/07/06 16:44:02 | 000,789,680 | ---- | M] () -- C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/02/17 10:39:16 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/01/19 18:46:54 | 000,117,288 | ---- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
PRC - [2010/01/19 18:46:48 | 000,121,384 | ---- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
PRC - [2009/06/04 01:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2009/06/04 01:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/21 17:11:36 | 000,184,320 | ---- | M] () -- C:\Program Files\AMT Media Manager\AMTDeviceService.exe
PRC - [2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/01 12:13:06 | 000,094,208 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
PRC - [2006/12/14 20:59:12 | 000,217,088 | R--- | M] (TODO: <Company name>) -- C:\WINDOWS\system32\WinSys2.exe
PRC - [2006/12/13 09:37:36 | 000,932,864 | ---- | M] () -- C:\Program Files\MSI\Core Center\CoreCenter.exe
PRC - [2006/08/16 21:32:04 | 000,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2006/07/28 09:56:48 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2005/12/05 22:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2005/12/05 21:59:02 | 000,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2005/11/04 18:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2005/10/21 18:12:22 | 000,040,960 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
PRC - [2005/04/12 11:15:04 | 000,869,376 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2004/12/08 16:53:50 | 001,288,704 | ---- | M] () -- C:\Program Files\MSI\DigiCell\DigiCell.exe
PRC - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
PRC - [2004/05/24 12:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe


========== Modules (SafeList) ==========

MOD - [2011/05/22 12:37:36 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DrkRvnKnyght\Desktop\OTL.exe
MOD - [2006/08/25 09:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/08/16 21:32:03 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - [2011/02/05 07:13:26 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/12/02 16:17:50 | 000,724,664 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2010/12/02 16:17:50 | 000,724,664 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/10 16:37:09 | 001,181,328 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/19 19:46:56 | 000,158,248 | ---- | M] (Authentium, Inc) [On_Demand | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV - [2010/01/19 18:46:54 | 000,117,288 | ---- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV - [2010/01/19 18:46:48 | 000,121,384 | ---- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2005/12/05 22:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2005/04/12 11:15:04 | 000,869,376 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2005/04/12 11:15:04 | 000,869,376 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
SRV - [2004/05/24 12:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)


========== Driver Services (SafeList) ==========

DRV - [2010/05/10 10:44:48 | 000,022,328 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\DVDSYS32_100507.sys -- (MSI_DVD_010507)
DRV - [2010/05/10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2010/05/10 10:44:36 | 000,016,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\VGASYS32_100507.sys -- (MSI_VGASYS_010507)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/19 18:53:46 | 000,127,016 | R--- | M] (Authentium, Inc) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amp.sys -- (AMP)
DRV - [2010/01/19 18:53:44 | 001,118,248 | R--- | M] (Authentium, Inc) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ampse.sys -- (AMPSE)
DRV - [2009/12/02 07:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/06/30 18:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2009/06/04 03:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 03:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 03:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 03:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 03:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 03:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 03:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 03:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 03:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 03:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 03:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 03:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 03:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 03:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2008/10/31 01:43:26 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/10/31 01:43:25 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/09/03 05:07:26 | 000,040,576 | ---- | M] (Susteen, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sustucap.sys -- (SUSTUCAP)
DRV - [2008/09/03 05:07:24 | 000,040,576 | ---- | M] (Susteen, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sustucam.sys -- (SUSTUCAM)
DRV - [2008/09/03 03:55:24 | 000,021,632 | ---- | M] (Susteen, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sustucau.sys -- (SUSTUCAU)
DRV - [2008/04/17 11:45:38 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2007/10/02 13:41:12 | 000,039,424 | ---- | M] (iolo technologies, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\System32\xpacket.sys -- (XPacket)
DRV - [2007/01/23 15:45:00 | 000,078,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/01/23 15:44:00 | 000,062,992 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2006/12/21 02:26:00 | 004,405,248 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/12/19 09:49:08 | 000,041,472 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Core Center\RushTop.sys -- (RushTopDevice)
DRV - [2006/12/04 16:11:46 | 004,025,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/10/24 15:21:58 | 000,028,160 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Core Center\NTGLM7X.sys -- (PCAlertDriver)
DRV - [2006/10/18 16:39:58 | 000,017,920 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2006/10/17 19:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2006/10/13 02:16:36 | 000,081,664 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/09/13 10:36:36 | 000,006,784 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2006/09/11 19:45:38 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/11 19:45:36 | 000,057,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/08/21 18:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/06 18:33:48 | 000,068,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P1110Vid.sys -- (P1110VID)
DRV - [2006/03/06 00:06:08 | 000,078,848 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV85.sys -- (SSHDRV85)
DRV - [2005/11/29 22:50:42 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)
DRV - [2005/04/12 11:07:50 | 000,099,456 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/04/12 11:07:30 | 000,029,056 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/04/12 03:07:25 | 000,028,160 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2004/07/07 10:27:28 | 000,070,070 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2004/07/07 08:55:12 | 000,152,049 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2004/07/05 14:25:00 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/06/02 20:40:46 | 000,079,360 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2004/06/02 13:19:00 | 000,038,705 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2004/05/20 08:41:54 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2004/05/20 08:39:42 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2004/05/20 08:21:10 | 000,036,918 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2004/04/01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/10/28 23:02:00 | 000,021,120 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/09/17 15:57:22 | 000,008,440 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
DRV - [2001/08/17 12:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/12 03:31:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/12 03:31:23 | 000,000,000 | ---D | M]

[2009/03/11 02:40:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DrkRvnKnyght\Application Data\Mozilla\Extensions
[2009/03/02 17:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DrkRvnKnyght\Application Data\Mozilla\Extensions\[email protected]
[2011/03/04 11:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DrkRvnKnyght\Application Data\Mozilla\Firefox\Profiles\v6phrzl7.default\extensions
[2010/04/27 19:24:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\DrkRvnKnyght\Application Data\Mozilla\Firefox\Profiles\v6phrzl7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/13 12:32:28 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\DrkRvnKnyght\Application Data\Mozilla\Firefox\Profiles\v6phrzl7.default\extensions\[email protected]
[2011/03/04 11:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/11 15:54:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2009/02/11 15:01:32 | 000,292,855 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10084 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AMTDeviceService] C:\Program Files\AMT Media Manager\AMTDeviceService.exe ()
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [iolo Personal Firewall] C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [RCSystem] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Standby] C:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [SW24] C:\WINDOWS\system32\sw24.exe ()
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe (TODO: <Company name>)
O4 - HKCU..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} https://components.v...l?noreloadredir (Reg Error: Key error.)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....030/CTSUEng.cab (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/PCPitStop.CAB (Reg Error: Key error.)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop...cpConnCheck.cab (Reg Error: Key error.)
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://zone.msn.com/...nx.1.0.0.87.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1137923623659 (WUWebControl Class)
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} http://zone.msn.com/...t/atomaders.cab (Reg Error: Key error.)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/...mjolauncher.cab (Reg Error: Key error.)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab (WebSDev Control)
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://www.sonypictu...bugs/axhost.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://cdn2.zone.msn...gr.cab31267.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (Reg Error: Key error.)
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} https://ediagnostics....com/serval.cab (Reg Error: Key error.)
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} http://zone.msn.com/...undLauncher.cab (AstoundLauncher Control)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://www.sonypictu...outLauncher.cab (Reg Error: Key error.)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} http://zone.msn.com/...ia.1.0.0.46.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.220.0.10 24.220.0.11 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\DrkRvnKnyght\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DrkRvnKnyght\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ec257e1e-ea3e-11df-8426-0019db5f78cd}\Shell - "" = AutoRun
O33 - MountPoints2\{ec257e1e-ea3e-11df-8426-0019db5f78cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ec257e1e-ea3e-11df-8426-0019db5f78cd}\Shell\AutoRun\command - "" = G:\MediaManager.exe
O34 - HKLM BootExecute: ("autocheck autochk *") - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/22 11:42:44 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DrkRvnKnyght\Desktop\OTL.exe
[2011/05/22 11:16:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\DrkRvnKnyght\Recent
[2006/08/16 21:32:45 | 000,060,928 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/08/16 21:11:02 | 000,012,800 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/22 12:37:36 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DrkRvnKnyght\Desktop\OTL.exe
[2011/05/22 11:13:42 | 000,000,053 | ---- | M] () -- C:\biosinfo
[2011/05/22 11:13:36 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\iolo.ini
[2011/05/22 11:13:29 | 000,012,910 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2011/05/22 11:13:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/22 11:13:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/22 11:13:36 | 000,000,448 | ---- | C] () -- C:\WINDOWS\System32\iolo.ini
[2011/03/26 07:16:43 | 000,123,480 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/30 03:42:54 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/01/12 04:05:00 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/12/07 16:37:46 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/12/07 16:37:46 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\statistics.dat
[2010/12/07 16:37:46 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/12/05 03:16:17 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/11/07 08:07:39 | 000,001,004 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/10/15 21:51:04 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\lxddplc.ini
[2010/08/25 19:27:39 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/08/25 19:19:23 | 000,026,719 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2010/07/26 16:48:18 | 000,035,382 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/04/03 22:55:32 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/02/11 04:04:58 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/01/25 23:21:56 | 000,000,070 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2009/11/30 23:57:17 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\DrkRvnKnyght\Local Settings\Application Data\housecall.guid.cache
[2009/06/04 02:37:08 | 000,021,093 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/06/04 02:37:06 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/04 01:55:20 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2009/06/04 01:55:20 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/10/31 01:43:26 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/10/31 01:43:25 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/08/21 18:58:14 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/08/16 15:10:23 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/08/16 15:10:23 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/03/28 10:01:18 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/03/28 09:59:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/04 10:44:05 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/03/04 10:44:05 | 000,002,548 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/02/02 00:51:01 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\12kUBusd.dll
[2008/01/31 17:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2008/01/09 17:31:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/12/27 12:34:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2007/12/03 14:13:32 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTDLG13N.INI
[2007/11/25 02:11:23 | 000,000,267 | ---- | C] () -- C:\WINDOWS\Winsus0.dat
[2007/10/23 05:25:36 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll
[2007/10/23 05:25:34 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll
[2007/10/23 05:25:34 | 000,253,952 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll
[2007/10/23 05:25:34 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2007/10/23 05:25:34 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Auxiliary(2).dll
[2007/10/23 05:25:34 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
[2007/10/23 05:25:34 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys
[2007/10/23 05:25:33 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\sw24.exe
[2007/10/23 05:23:01 | 000,273,408 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2007/10/23 05:17:41 | 000,001,428 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2007/08/24 07:51:42 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Blink.ini
[2007/05/27 01:32:35 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SOL.INI
[2007/05/22 01:55:50 | 000,004,388 | ---- | C] () -- C:\WINDOWS\smflt.dll
[2007/04/12 09:44:00 | 000,929,744 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/04/12 09:44:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/04/12 09:44:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/12/26 14:20:59 | 000,116,176 | ---- | C] () -- C:\WINDOWS\iun1405.exe
[2006/11/03 03:18:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\TaskKeyHook.dll
[2006/11/03 03:10:46 | 000,012,910 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
[2006/10/09 03:02:58 | 002,243,260 | -H-- | C] () -- C:\WINDOWS\System32\spython.bin
[2006/09/09 11:37:57 | 000,000,044 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/16 21:33:53 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/08/16 21:32:07 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/08/16 21:22:58 | 000,321,512 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2006/08/16 21:22:58 | 000,056,509 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2006/08/16 21:14:32 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2006/08/16 21:14:06 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2006/08/16 21:11:52 | 000,264,526 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT
[2006/08/16 21:11:38 | 000,231,281 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2006/08/16 21:11:38 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2006/08/16 21:11:09 | 000,313,207 | R--- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2006/08/16 21:11:09 | 000,053,932 | R--- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2006/08/16 21:11:07 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2006/07/14 02:46:50 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2006/06/30 01:49:38 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/04/15 00:37:25 | 000,002,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/06 00:06:08 | 000,078,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV85.sys
[2006/01/28 19:06:40 | 000,000,668 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2006/01/25 01:52:28 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\DrkRvnKnyght\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/24 13:30:37 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[2006/01/24 12:08:29 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/01/22 20:51:50 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/22 05:51:18 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/01/22 03:49:41 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/01/22 03:25:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/01/22 03:20:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/01/21 20:48:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/01/21 20:47:17 | 000,203,328 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/11/22 22:00:00 | 000,778,240 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/08/12 15:57:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/07/26 15:13:12 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2005/06/07 07:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2004/07/05 14:25:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\WlanInstallDll.dll
[2004/01/30 09:37:50 | 000,000,092 | R--- | C] () -- C:\WINDOWS\System32\FTDIUN2K.INI
[2003/12/04 20:43:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ospitray.exe
[2002/03/14 12:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2002/03/01 14:43:34 | 000,028,008 | ---- | C] () -- C:\WINDOWS\System32\SUSUSB.SYS
[2001/12/03 16:50:58 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\LTTLS13N.DLL
[2001/12/03 16:50:20 | 000,708,608 | R--- | C] () -- C:\WINDOWS\System32\LTCRY13N.DLL
[2001/10/24 16:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2001/08/23 10:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 10:00:00 | 000,432,884 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 10:00:00 | 000,067,500 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 10:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 10:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[2000/07/07 06:49:30 | 000,069,120 | R--- | C] () -- C:\WINDOWS\System32\LTDLL.DLL
[2000/04/25 13:58:08 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wrkgadm.exe
[2000/04/12 16:28:12 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/04/12 16:24:10 | 000,338,944 | R--- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== LOP Check ==========

[2011/01/12 04:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bBfBk06309
[2010/12/14 12:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bNkFj06309
[2011/01/30 07:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/04/09 17:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2006/09/01 02:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006/01/28 19:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2009/04/30 13:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/07 04:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/03/06 14:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/10 16:36:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2011/01/30 07:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DrkRvnKnyght\Application Data\IObit
[2011/03/05 23:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DrkRvnKnyght\Application Data\iolo
[2011/03/13 05:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DrkRvnKnyght\Application Data\Kalypso Media
[2010/09/08 00:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DrkRvnKnyght\Application Data\PlayFirst
[2006/01/28 19:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DrkRvnKnyght\Application Data\Propellerhead Software
[2008/12/11 05:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DrkRvnKnyght\Application Data\Red Alert 3
[2008/03/29 14:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DrkRvnKnyght\Application Data\Smart Recorder
[2011/02/05 07:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DrkRvnKnyght\Application Data\Uniblue
[2006/06/30 02:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DrkRvnKnyght\Application Data\Wildfire
[2006/12/09 21:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DrkRvnKnyght\Application Data\X10 Commander
[2011/04/09 15:37:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2011/04/09 21:37:07 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2011/04/09 03:37:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/03/20 16:47:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/03/20 16:47:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/02/05 07:10:06 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\DriverScanner.job
[2010/03/20 16:53:58 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CFBE2D1

< End of report >

Edited by DrkMachine, 25 May 2011 - 10:25 PM.

  • 0

Advertisements

#2
Essexboy
Posted 28 May 2011 - 06:58 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay

Could you do the following please as I will need a fresh look at the system

First run the fixit on this page

If that fails then try the following

  • To open a command prompt, click Start > All Programs > Accessories and then click command prompt ].
  • Copy and paste (or type) the following command in the command box box and then press ENTER:
    netsh winsock reset c:\resetlog.txt
  • Reboot the computer.
  • In next reply please post content of the file c:\resetlog.txt

THEN

  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • Post both logs

  • 0

#3
DrkMachine
Posted 28 May 2011 - 10:19 AM

DrkMachine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts
Thanks for the response, Here are the logs


Resetlog

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{074968F2-476D-4A73-AB32-935868DB0AB9}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{074968F2-476D-4A73-AB32-935868DB0AB9}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{074968F2-476D-4A73-AB32-935868DB0AB9}\IpAutoconfigurationSeed
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{074968F2-476D-4A73-AB32-935868DB0AB9}\Mtu
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4E95B45F-5392-44B2-9F1A-E6151A2FAE1A}\Mtu
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{84EFE668-17F3-4B3C-B594-221F27C25B27}\Mtu
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8BDEF3EB-8778-4D9D-AD5B-2E4517396FAD}\Mtu
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9100F22C-3072-4438-B153-A6275BA363DF}\Mtu
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{94D2DF01-1AED-4272-A9BB-D79827966647}\Mtu
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D6F6674F-E6A0-45F4-9206-49CB69601191}\Mtu
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E84AFF7C-197F-4B00-82A3-8999A77CE5CF}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E84AFF7C-197F-4B00-82A3-8999A77CE5CF}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E84AFF7C-197F-4B00-82A3-8999A77CE5CF}\IpAutoconfigurationSeed
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E84AFF7C-197F-4B00-82A3-8999A77CE5CF}\Mtu
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DefaultTtl
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnablePmtuBhDetect
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnablePmtuDiscovery
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SackOpts
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Tcp1323Opts
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpWindowSize
<completed>




OTL.txt
OTL logfile created on: 5/28/2011 10:05:07 AM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\DrkRvnKnyght\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 82.52% Memory free
3.22 Gb Paging File | 2.79 Gb Available in Paging File | 86.56% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 39.66 Gb Free Space | 51.72% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 418.92 Gb Free Space | 89.94% Space Free | Partition Type: NTFS
Drive G: | 7.44 Gb Total Space | 7.43 Gb Free Space | 99.95% Space Free | Partition Type: FAT32

Computer Name: RATSYS | User Name: DrkRvnKnyght | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/22 12:37:36 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DrkRvnKnyght\Desktop\OTL.exe
PRC - [2010/12/02 16:17:50 | 000,724,664 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2010/07/28 02:23:50 | 000,526,992 | ---- | M] (Corel, Inc.) -- C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
PRC - [2010/07/26 23:59:20 | 000,105,632 | ---- | M] (Corel) -- C:\Program Files\Common Files\Corel\Standby\Standby.exe
PRC - [2010/07/06 16:44:02 | 000,789,680 | ---- | M] () -- C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/02/17 10:39:16 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/01/19 18:46:54 | 000,117,288 | ---- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
PRC - [2010/01/19 18:46:48 | 000,121,384 | ---- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
PRC - [2009/06/04 01:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2009/06/04 01:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/21 17:11:36 | 000,184,320 | ---- | M] () -- C:\Program Files\AMT Media Manager\AMTDeviceService.exe
PRC - [2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/01 12:13:06 | 000,094,208 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
PRC - [2006/12/14 20:59:12 | 000,217,088 | R--- | M] (TODO: <Company name>) -- C:\WINDOWS\system32\WinSys2.exe
PRC - [2006/12/13 09:37:36 | 000,932,864 | ---- | M] () -- C:\Program Files\MSI\Core Center\CoreCenter.exe
PRC - [2006/08/16 21:32:04 | 000,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2006/07/28 09:56:48 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2005/12/05 22:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2005/12/05 21:59:02 | 000,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2005/11/04 18:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2005/10/21 18:12:22 | 000,040,960 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
PRC - [2005/04/12 11:15:04 | 000,869,376 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2004/12/08 16:53:50 | 001,288,704 | ---- | M] () -- C:\Program Files\MSI\DigiCell\DigiCell.exe
PRC - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
PRC - [2004/05/24 12:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe


========== Modules (SafeList) ==========

MOD - [2011/05/22 12:37:36 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DrkRvnKnyght\Desktop\OTL.exe
MOD - [2006/08/25 09:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/08/16 21:32:03 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - [2011/02/05 07:13:26 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/12/02 16:17:50 | 000,724,664 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2010/12/02 16:17:50 | 000,724,664 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/10 16:37:09 | 001,181,328 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/19 19:46:56 | 000,158,248 | ---- | M] (Authentium, Inc) [On_Demand | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV - [2010/01/19 18:46:54 | 000,117,288 | ---- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV - [2010/01/19 18:46:48 | 000,121,384 | ---- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2005/12/05 22:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2005/04/12 11:15:04 | 000,869,376 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2005/04/12 11:15:04 | 000,869,376 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
SRV - [2004/05/24 12:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)


========== Driver Services (SafeList) ==========

DRV - [2010/05/10 10:44:48 | 000,022,328 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\DVDSYS32_100507.sys -- (MSI_DVD_010507)
DRV - [2010/05/10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2010/05/10 10:44:36 | 000,016,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\VGASYS32_100507.sys -- (MSI_VGASYS_010507)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/19 18:53:46 | 000,127,016 | R--- | M] (Authentium, Inc) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amp.sys -- (AMP)
DRV - [2010/01/19 18:53:44 | 001,118,248 | R--- | M] (Authentium, Inc) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ampse.sys -- (AMPSE)
DRV - [2009/12/02 07:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/06/30 18:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2009/06/04 03:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 03:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 03:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 03:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 03:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 03:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 03:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 03:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 03:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 03:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 03:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 03:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 03:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 03:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2008/10/31 01:43:26 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/10/31 01:43:25 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/09/03 05:07:26 | 000,040,576 | ---- | M] (Susteen, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sustucap.sys -- (SUSTUCAP)
DRV - [2008/09/03 05:07:24 | 000,040,576 | ---- | M] (Susteen, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sustucam.sys -- (SUSTUCAM)
DRV - [2008/09/03 03:55:24 | 000,021,632 | ---- | M] (Susteen, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sustucau.sys -- (SUSTUCAU)
DRV - [2008/04/17 11:45:38 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2007/10/02 13:41:12 | 000,039,424 | ---- | M] (iolo technologies, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\System32\xpacket.sys -- (XPacket)
DRV - [2007/01/23 15:45:00 | 000,078,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/01/23 15:44:00 | 000,062,992 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2006/12/21 02:26:00 | 004,405,248 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/12/19 09:49:08 | 000,041,472 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Core Center\RushTop.sys -- (RushTopDevice)
DRV - [2006/12/04 16:11:46 | 004,025,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/10/24 15:21:58 | 000,028,160 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Core Center\NTGLM7X.sys -- (PCAlertDriver)
DRV - [2006/10/18 16:39:58 | 000,017,920 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2006/10/17 19:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2006/10/13 02:16:36 | 000,081,664 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/09/13 10:36:36 | 000,006,784 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2006/09/11 19:45:38 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/11 19:45:36 | 000,057,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/08/21 18:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/06 18:33:48 | 000,068,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P1110Vid.sys -- (P1110VID)
DRV - [2006/03/06 00:06:08 | 000,078,848 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV85.sys -- (SSHDRV85)
DRV - [2005/11/29 22:50:42 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)
DRV - [2005/04/12 11:07:50 | 000,099,456 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/04/12 11:07:30 | 000,029,056 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/04/12 03:07:25 | 000,028,160 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2004/07/07 10:27:28 | 000,070,070 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2004/07/07 08:55:12 | 000,152,049 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2004/07/05 14:25:00 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/06/02 20:40:46 | 000,079,360 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2004/06/02 13:19:00 | 000,038,705 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2004/05/20 08:41:54 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2004/05/20 08:39:42 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2004/05/20 08:21:10 | 000,036,918 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2004/04/01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/10/28 23:02:00 | 000,021,120 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/09/17 15:57:22 | 000,008,440 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
DRV - [2001/08/17 12:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1292428093-1957994488-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1292428093-1957994488-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1292428093-1957994488-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1292428093-1957994488-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1292428093-1957994488-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/12 03:31:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/12 03:31:23 | 000,000,000 | ---D | M]

[2009/03/11 02:40:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DrkRvnKnyght\Application Data\Mozilla\Extensions
[2009/03/02 17:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DrkRvnKnyght\Application Data\Mozilla\Extensions\[email protected]
[2011/03/04 11:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DrkRvnKnyght\Application Data\Mozilla\Firefox\Profiles\v6phrzl7.default\extensions
[2010/04/27 19:24:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\DrkRvnKnyght\Application Data\Mozilla\Firefox\Profiles\v6phrzl7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/13 12:32:28 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\DrkRvnKnyght\Application Data\Mozilla\Firefox\Profiles\v6phrzl7.default\extensions\[email protected]
[2011/03/04 11:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/11 15:54:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2009/02/11 15:01:32 | 000,292,855 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10084 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1292428093-1957994488-725345543-1003\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-1292428093-1957994488-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AMTDeviceService] C:\Program Files\AMT Media Manager\AMTDeviceService.exe ()
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [iolo Personal Firewall] C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [RCSystem] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Standby] C:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [SW24] C:\WINDOWS\system32\sw24.exe ()
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe (TODO: <Company name>)
O4 - HKU\S-1-5-21-1292428093-1957994488-725345543-1003..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKU\S-1-5-21-1292428093-1957994488-725345543-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1292428093-1957994488-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1292428093-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1292428093-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1292428093-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} https://components.v...l?noreloadredir (Reg Error: Key error.)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....030/CTSUEng.cab (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/PCPitStop.CAB (Reg Error: Key error.)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop...cpConnCheck.cab (Reg Error: Key error.)
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://zone.msn.com/...nx.1.0.0.87.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1137923623659 (WUWebControl Class)
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} http://zone.msn.com/...t/atomaders.cab (Reg Error: Key error.)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/...mjolauncher.cab (Reg Error: Key error.)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab (WebSDev Control)
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://www.sonypictu...bugs/axhost.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://cdn2.zone.msn...gr.cab31267.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (Reg Error: Key error.)
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} https://ediagnostics....com/serval.cab (Reg Error: Key error.)
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} http://zone.msn.com/...undLauncher.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Reg Error: Key error.)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://www.sonypictu...outLauncher.cab (Reg Error: Key error.)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...ploader_v10.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} http://zone.msn.com/...ia.1.0.0.46.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.220.0.10 24.220.0.11 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\DrkRvnKnyght\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DrkRvnKnyght\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/22 20:51:04 | 000,000,000 | ---D | M] - G:\Autoruns -- [ FAT32 ]
O33 - MountPoints2\{ec257e1e-ea3e-11df-8426-0019db5f78cd}\Shell - "" = AutoRun
O33 - MountPoints2\{ec257e1e-ea3e-11df-8426-0019db5f78cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ec257e1e-ea3e-11df-8426-0019db5f78cd}\Shell\AutoRun\command - "" = G:\MediaManager.exe
O34 - HKLM BootExecute: ("autocheck autochk *") - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (autocheck smrgdf C:\Documents and Settings\DrkRvnKnyght\Application Data\iolo\) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: LanmanServer - File not found
NetSvcs: LanmanWorkstation - File not found
NetSvcs: Messenger - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/22 11:42:44 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DrkRvnKnyght\Desktop\OTL.exe
[2011/05/22 11:16:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\DrkRvnKnyght\Recent
[2006/08/16 21:32:45 | 000,060,928 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/08/16 21:11:02 | 000,012,800 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/28 09:59:02 | 000,000,053 | ---- | M] () -- C:\biosinfo
[2011/05/28 09:58:54 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\iolo.ini
[2011/05/28 09:58:49 | 000,012,910 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2011/05/28 09:58:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/28 09:57:59 | 000,055,084 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000000-00001102-00000005-002C1102}.rfx
[2011/05/28 09:57:59 | 000,055,084 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000000-00001102-00000005-002C1102}.rfx
[2011/05/28 09:57:59 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000000-00001102-00000005-002C1102}.rfx
[2011/05/28 09:52:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/28 09:51:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/24 15:37:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011/05/24 14:52:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/24 03:37:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011/05/23 21:37:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011/05/23 14:44:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-1957994488-725345543-1003.job
[2011/05/22 12:37:36 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DrkRvnKnyght\Desktop\OTL.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/28 09:58:54 | 000,000,448 | ---- | C] () -- C:\WINDOWS\System32\iolo.ini
[2011/03/26 07:16:43 | 000,123,480 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/30 03:42:54 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/01/12 04:05:00 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/12/07 16:37:46 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/12/07 16:37:46 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\statistics.dat
[2010/12/07 16:37:46 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/12/05 03:16:17 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/11/07 08:07:39 | 000,001,004 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/10/15 21:51:04 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\lxddplc.ini
[2010/08/25 19:27:39 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/08/25 19:19:23 | 000,026,719 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2010/07/26 16:48:18 | 000,035,382 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/04/03 22:55:32 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/02/11 04:04:58 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/01/25 23:21:56 | 000,000,070 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2009/11/30 23:57:17 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\DrkRvnKnyght\Local Settings\Application Data\housecall.guid.cache
[2009/06/04 02:37:08 | 000,021,093 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/06/04 02:37:06 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/04 01:55:20 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2009/06/04 01:55:20 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/10/31 01:43:26 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/10/31 01:43:25 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/08/21 18:58:14 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/08/16 15:10:23 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/08/16 15:10:23 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/03/28 10:01:18 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/03/28 09:59:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/04 10:44:05 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/03/04 10:44:05 | 000,002,548 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/02/02 00:51:01 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\12kUBusd.dll
[2008/01/31 17:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2008/01/09 17:31:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/12/27 12:34:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2007/12/03 14:13:32 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTDLG13N.INI
[2007/11/25 02:11:23 | 000,000,267 | ---- | C] () -- C:\WINDOWS\Winsus0.dat
[2007/10/23 05:25:36 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll
[2007/10/23 05:25:34 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll
[2007/10/23 05:25:34 | 000,253,952 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll
[2007/10/23 05:25:34 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2007/10/23 05:25:34 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Auxiliary(2).dll
[2007/10/23 05:25:34 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
[2007/10/23 05:25:34 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys
[2007/10/23 05:25:33 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\sw24.exe
[2007/10/23 05:23:01 | 000,273,408 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2007/10/23 05:17:41 | 000,001,428 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2007/08/24 07:51:42 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Blink.ini
[2007/05/27 01:32:35 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SOL.INI
[2007/05/22 01:55:50 | 000,004,388 | ---- | C] () -- C:\WINDOWS\smflt.dll
[2007/04/12 09:44:00 | 000,929,744 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/04/12 09:44:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/04/12 09:44:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/12/26 14:20:59 | 000,116,176 | ---- | C] () -- C:\WINDOWS\iun1405.exe
[2006/11/03 03:18:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\TaskKeyHook.dll
[2006/11/03 03:10:46 | 000,012,910 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
[2006/10/09 03:02:58 | 002,243,260 | -H-- | C] () -- C:\WINDOWS\System32\spython.bin
[2006/09/09 11:37:57 | 000,000,044 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/16 21:33:53 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/08/16 21:32:07 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/08/16 21:22:58 | 000,321,512 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2006/08/16 21:22:58 | 000,056,509 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2006/08/16 21:14:32 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2006/08/16 21:14:06 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2006/08/16 21:11:52 | 000,264,526 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT
[2006/08/16 21:11:38 | 000,231,281 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2006/08/16 21:11:38 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2006/08/16 21:11:09 | 000,313,207 | R--- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2006/08/16 21:11:09 | 000,053,932 | R--- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2006/08/16 21:11:07 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2006/07/14 02:46:50 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2006/06/30 01:49:38 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/04/15 00:37:25 | 000,002,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/06 00:06:08 | 000,078,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV85.sys
[2006/01/28 19:06:40 | 000,000,668 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2006/01/25 01:52:28 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\DrkRvnKnyght\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/24 13:30:37 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[2006/01/24 12:08:29 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/01/22 20:51:50 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/22 05:51:18 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/01/22 03:49:41 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/01/22 03:25:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/01/22 03:20:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/01/21 20:48:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/01/21 20:47:17 | 000,203,328 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/11/22 22:00:00 | 000,778,240 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/08/12 15:57:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/07/26 15:13:12 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2005/06/07 07:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2004/07/05 14:25:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\WlanInstallDll.dll
[2004/01/30 09:37:50 | 000,000,092 | R--- | C] () -- C:\WINDOWS\System32\FTDIUN2K.INI
[2003/12/04 20:43:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ospitray.exe
[2002/03/14 12:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2002/03/01 14:43:34 | 000,028,008 | ---- | C] () -- C:\WINDOWS\System32\SUSUSB.SYS
[2001/12/03 16:50:58 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\LTTLS13N.DLL
[2001/12/03 16:50:20 | 000,708,608 | R--- | C] () -- C:\WINDOWS\System32\LTCRY13N.DLL
[2001/10/24 16:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2001/08/23 10:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 10:00:00 | 000,432,884 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 10:00:00 | 000,067,500 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 10:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 10:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[2000/07/07 06:49:30 | 000,069,120 | R--- | C] () -- C:\WINDOWS\System32\LTDLL.DLL
[2000/04/25 13:58:08 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wrkgadm.exe
[2000/04/12 16:28:12 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/04/12 16:24:10 | 000,338,944 | R--- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== LOP Check ==========

[2011/01/12 04:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bBfBk06309
[2010/12/14 12:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bNkFj06309
[2011/01/30 07:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/05/24 14:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2006/09/01 02:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006/01/28 19:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2009/04/30 13:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/07 04:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/03/06 14:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/10 16:36:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/03/28 21:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\iolo
[2011/01/30 07:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DrkRvnKnyght\Application Data\IObit
[2011/03/05 23:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DrkRvnKnyght\Application Data\iolo
[2011/03/13 05:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DrkRvnKnyght\Application Data\Kalypso Media
[2010/09/08 00:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DrkRvnKnyght\Application Data\PlayFirst
[2006/01/28 19:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DrkRvnKnyght\Application Data\Propellerhead Software
[2008/12/11 05:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DrkRvnKnyght\Application Data\Red Alert 3
[2008/03/29 14:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DrkRvnKnyght\Application Data\Smart Recorder
[2011/02/05 07:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DrkRvnKnyght\Application Data\Uniblue
[2006/06/30 02:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DrkRvnKnyght\Application Data\Wildfire
[2006/12/09 21:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DrkRvnKnyght\Application Data\X10 Commander
[2008/10/25 13:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2011/05/24 15:37:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2011/05/23 21:37:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2011/05/24 03:37:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/03/20 16:47:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/03/20 16:47:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/02/05 07:10:06 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\DriverScanner.job
[2010/03/20 16:53:58 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[2001/08/23 10:00:00 | 001,000,960 | ---- | M] (Microsoft Corporation) MD5=5A26FC6010886D25B3E412493DD95ED8 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007/06/13 05:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe
[2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2004/08/04 01:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2004/08/04 01:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: SVCHOST.EXE >
[2001/08/23 10:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
[2004/08/04 01:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004/08/04 01:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2004/08/04 01:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 01:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004/08/04 01:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004/08/04 01:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2001/08/23 10:00:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=585398603F570F9705774D65D292E5D1 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 01:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004/08/04 01:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004/08/04 01:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2001/08/23 10:00:00 | 000,430,080 | ---- | M] (Microsoft Corporation) MD5=2B0E480E975EE51F2D5CE5F068FED6E2 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/12/10 20:05:29 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/12/10 20:05:29 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/12/10 20:05:29 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/12/10 20:05:26 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/12/10 20:05:26 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/12/10 20:05:26 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/05 07:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/05 07:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/05 07:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2001/08/23 10:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CFBE2D1

< End of report >
  • 0

#4
Essexboy
Posted 28 May 2011 - 10:45 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you able to access the net ? On completion of this run can you let me know what problems you are experiencing

Run OTL

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#5
DrkMachine
Posted 28 May 2011 - 11:42 AM

DrkMachine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts
Still no luck with the internet connection. On the first reboot after the OTL fixes the screen hung on windows is restarting.

Here are the requested logs.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1292428093-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_USERS\S-1-5-21-1292428093-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinSys2 deleted successfully.
C:\WINDOWS\system32\WinSys2.exe moved successfully.
Starting removal of ActiveX control {03F998B2-0E00-11D3-A498-00104B6EB52E}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{03F998B2-0E00-11D3-A498-00104B6EB52E}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ not found.
Starting removal of ActiveX control {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}\ not found.
Starting removal of ActiveX control {0E5F0222-96B9-11D3-8997-00104BD12D94}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0E5F0222-96B9-11D3-8997-00104BD12D94}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0E5F0222-96B9-11D3-8997-00104BD12D94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E5F0222-96B9-11D3-8997-00104BD12D94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0E5F0222-96B9-11D3-8997-00104BD12D94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E5F0222-96B9-11D3-8997-00104BD12D94}\ not found.
Starting removal of ActiveX control {1842B0EE-B597-11D4-8997-00104BD12D94}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1842B0EE-B597-11D4-8997-00104BD12D94}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1842B0EE-B597-11D4-8997-00104BD12D94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1842B0EE-B597-11D4-8997-00104BD12D94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1842B0EE-B597-11D4-8997-00104BD12D94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1842B0EE-B597-11D4-8997-00104BD12D94}\ not found.
Starting removal of ActiveX control {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2}\ not found.
Starting removal of ActiveX control {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ not found.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {48DD0448-9209-4F81-9F6D-D83562940134}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{48DD0448-9209-4F81-9F6D-D83562940134}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{48DD0448-9209-4F81-9F6D-D83562940134}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48DD0448-9209-4F81-9F6D-D83562940134}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48DD0448-9209-4F81-9F6D-D83562940134}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48DD0448-9209-4F81-9F6D-D83562940134}\ not found.
Starting removal of ActiveX control {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
Starting removal of ActiveX control {6414512B-B978-451D-A0D8-FCFDF33E833C}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6414512B-B978-451D-A0D8-FCFDF33E833C}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ not found.
Starting removal of ActiveX control {64D01C7F-810D-446E-A07E-16C764235644}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{64D01C7F-810D-446E-A07E-16C764235644}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{64D01C7F-810D-446E-A07E-16C764235644}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64D01C7F-810D-446E-A07E-16C764235644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{64D01C7F-810D-446E-A07E-16C764235644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64D01C7F-810D-446E-A07E-16C764235644}\ not found.
Starting removal of ActiveX control {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A}\ not found.
Starting removal of ActiveX control {87056D28-9730-4A47-B9F9-7E890B62C58A}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{87056D28-9730-4A47-B9F9-7E890B62C58A}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{87056D28-9730-4A47-B9F9-7E890B62C58A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87056D28-9730-4A47-B9F9-7E890B62C58A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{87056D28-9730-4A47-B9F9-7E890B62C58A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87056D28-9730-4A47-B9F9-7E890B62C58A}\ not found.
Starting removal of ActiveX control {9AA73F41-EC64-489E-9A73-9CD52E528BC4}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9AA73F41-EC64-489E-9A73-9CD52E528BC4}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9AA73F41-EC64-489E-9A73-9CD52E528BC4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AA73F41-EC64-489E-9A73-9CD52E528BC4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9AA73F41-EC64-489E-9A73-9CD52E528BC4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AA73F41-EC64-489E-9A73-9CD52E528BC4}\ not found.
Starting removal of ActiveX control {B8BE5E93-A60C-4D26-A2DC-220313175592}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B8BE5E93-A60C-4D26-A2DC-220313175592}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B8BE5E93-A60C-4D26-A2DC-220313175592}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8BE5E93-A60C-4D26-A2DC-220313175592}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B8BE5E93-A60C-4D26-A2DC-220313175592}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8BE5E93-A60C-4D26-A2DC-220313175592}\ not found.
Starting removal of ActiveX control {C52439A0-2693-4E40-B141-9F9AD5257241}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C52439A0-2693-4E40-B141-9F9AD5257241}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C52439A0-2693-4E40-B141-9F9AD5257241}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C52439A0-2693-4E40-B141-9F9AD5257241}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C52439A0-2693-4E40-B141-9F9AD5257241}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C52439A0-2693-4E40-B141-9F9AD5257241}\ not found.
Starting removal of ActiveX control {C86FF4B0-AA1D-46D4-8612-025FB86583C7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C86FF4B0-AA1D-46D4-8612-025FB86583C7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C86FF4B0-AA1D-46D4-8612-025FB86583C7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C86FF4B0-AA1D-46D4-8612-025FB86583C7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C86FF4B0-AA1D-46D4-8612-025FB86583C7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C86FF4B0-AA1D-46D4-8612-025FB86583C7}\ not found.
Starting removal of ActiveX control {D4B68B83-8710-488B-A692-D74B50BA558E}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D4B68B83-8710-488B-A692-D74B50BA558E}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D4B68B83-8710-488B-A692-D74B50BA558E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4B68B83-8710-488B-A692-D74B50BA558E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D4B68B83-8710-488B-A692-D74B50BA558E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4B68B83-8710-488B-A692-D74B50BA558E}\ not found.
Starting removal of ActiveX control {D54160C3-DB7B-4534-9B65-190EE4A9C7F7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D54160C3-DB7B-4534-9B65-190EE4A9C7F7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D54160C3-DB7B-4534-9B65-190EE4A9C7F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D54160C3-DB7B-4534-9B65-190EE4A9C7F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D54160C3-DB7B-4534-9B65-190EE4A9C7F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D54160C3-DB7B-4534-9B65-190EE4A9C7F7}\ not found.
Starting removal of ActiveX control {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Starting removal of ActiveX control {E77F23EB-E7AB-4502-8F37-247DBAF1A147}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}\ not found.
Starting removal of ActiveX control {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4}\ not found.
Folder C:\Documents and Settings\All Users\Application Data\bBfBk06309\ not found.
Folder C:\Documents and Settings\All Users\Application Data\bNkFj06309\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\DrkRvnKnyght\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\DrkRvnKnyght\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: DrkRvnKnyght
->Temp folder emptied: 868352 bytes
->Temporary Internet Files folder emptied: 70458 bytes
->Java cache emptied: 29751 bytes
->FireFox cache emptied: 54908981 bytes
->Flash cache emptied: 1221185 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 34578 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65938 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 16010114 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 69003458 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 35372635 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 169.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: DrkRvnKnyght
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.23.0 log created on 05282011_105601

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



mbam

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6702

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

5/28/2011 11:38:54 AM
mbam-log-2011-05-28 (11-38-54).txt

Scan type: Quick scan
Objects scanned: 150765
Time elapsed: 3 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#6
Essexboy
Posted 28 May 2011 - 11:44 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When you tryto connect to the internet what error do you get ?

Also within Control Panel > Device Manager do you have any yellow exclamation marks ?
  • 0

#7
DrkMachine
Posted 28 May 2011 - 11:52 AM

DrkMachine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts
when I open internet explorer I get internet explorer cannot display the webpage, when I open firefox it says server not found.

I have no yellow exclamation marks. I do have a yellow question mark tho.
  • 0

#8
DrkMachine
Posted 28 May 2011 - 12:26 PM

DrkMachine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts
if I type in an ip address for a known website I can access it...but if I click on any links it goes right back to the cannot display webpage.
  • 0

#9
Essexboy
Posted 28 May 2011 - 12:47 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets confirm tha there are no proxy settings anywhere,

Go to Control Panel and select Internet Options
Select the Connections TAB
Select LAN settings button
Ensure there is no tick in the Proxy Server box
Select OK and restart Internet explorer


And for Firefox there are instructions on this page and you want the setting to be no proxy

What device has the question mark ?
  • 0

#10
DrkMachine
Posted 28 May 2011 - 12:52 PM

DrkMachine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts
no proxy settings on either internet explorer or on firefox.

The device with the question mark is labeled as unknown.
  • 0

Advertisements

#11
Essexboy
Posted 28 May 2011 - 01:03 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets see if you have an old variant

Click your start button, right click on My Computer:
  • Click properties
  • Click the Hardware tab
  • Click Device manager button
  • Click the + sign beside System Devices
  • Look for something with cmz vmkd or vbma in name it should say virtual bus
  • Right click the entry & select uninstall

THEN

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#12
DrkMachine
Posted 28 May 2011 - 01:23 PM

DrkMachine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts
Did not find any of those in the device manager.

ComboFix 11-05-26.01 - DrkRvnKnyght 05/28/2011 13:13:45.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2342 [GMT -6:00]
Running from: c:\documents and settings\DrkRvnKnyght\Desktop\ComboFix.exe
AV: System Shield *Disabled/Updated* {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: iolo Personal Firewall *Enabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\DrkRvnKnyght\WINDOWS
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\SysInfo.dll
.
----- BITS: Possible infected sites -----
.
hxxp://download.iolo.net
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-28 )))))))))))))))))))))))))))))))
.
.
2011-05-28 16:56 . 2011-05-28 16:56 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-07 16:56 . 2010-11-07 14:07 1004 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-03-13 11:03 . 2011-03-13 11:03 3025672 ----a-r- c:\documents and settings\DrkRvnKnyght\Application Data\Microsoft\Installer\{912193FD-A397-41F7-ABEA-D1AF442ABF89}\Game.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-17 2012912]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2010-07-28 526992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"SW24"="c:\windows\system32\sw24.exe" [2006-12-15 69632]
"RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-05 49152]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-05 49152]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 122880]
"CTHelper"="CTHELPER.EXE" [2006-08-17 17920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-07-27 105632]
"AMTDeviceService"="c:\program files\AMT Media Manager\AMTDeviceService.exe" [2009-01-21 184320]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]
"iolo Personal Firewall"="c:\program files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe" [2010-07-15 1335976]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]
CoreCenter.lnk - c:\program files\MSI\Core Center\CoreCenter.exe [2007-10-23 932864]
DigiCell.lnk - c:\program files\MSI\DigiCell\DigiCell.exe [2004-12-8 1288704]
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2007-10-23 192512]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2006-11-3 114688]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ "autocheck autochk *"\0lsdelete\0autocheck smrgdf c:\documents and settings\DrkRvnKnyght\Application Data\iolo\
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-13 03:43 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\Personal Firewall\\ioloFW.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/10/2010 4:37 PM 64288]
R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [2/20/2011 5:18 AM 39424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [3/6/2006 12:06 AM 78848]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 4:47 AM 98304]
R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [1/19/2010 6:53 PM 127016]
R2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [1/19/2010 6:53 PM 1118248]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2/20/2011 5:18 AM 724664]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2/20/2011 5:18 AM 724664]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [1/22/2006 3:05 PM 8440]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 3:40 AM 118784]
R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [1/19/2010 6:46 PM 121384]
R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [1/19/2010 6:46 PM 117288]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 3:46 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 3:46 AM 1324056]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2/5/2011 7:13 AM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 3:46 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 3:46 AM 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 3:46 AM 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 3:46 AM 72728]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 7:19 AM 1181328]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS32_100507.sys [5/10/2010 10:44 AM 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios32_100507.sys [5/10/2010 10:44 AM 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\MSI\MSIWDev\VGASYS32_100507.sys [5/10/2010 10:44 AM 16696]
S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [2/2/2008 12:51 AM 15104]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [4/4/2007 7:50 PM 40576]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [4/4/2007 7:50 PM 40576]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [4/4/2007 7:56 PM 21632]
S3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [1/19/2010 7:46 PM 158248]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PCALERTDRIVER
*NewlyCreated* - RUSHTOPDEVICE
*Deregistered* - PCAlertDriver
*Deregistered* - RushTopDevice
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-24 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:37]
.
2011-05-24 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:37]
.
2011-05-24 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:37]
.
2011-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2011-02-05 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2011-02-05 20:30]
.
2010-03-20 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 04:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
TCP: DhcpNameServer = 24.220.0.10 24.220.0.11 192.168.1.1
FF - ProfilePath - c:\documents and settings\DrkRvnKnyght\Application Data\Mozilla\Firefox\Profiles\v6phrzl7.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-nwiz - nwiz.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-28 13:18
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1292428093-1957994488-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:c0,f4,ac,27,6a,b5,a1,b0,bd,7d,62,35,88,e9,8c,65,ea,a5,93,4f,28,
92,24,75,73,3b,8c,39,4c,ec,b8,57,ea,f3,41,68,c0,d9,e6,2a,b2,a3,68,d1,d3,42,\
"rkeysecu"=hex:3e,b2,0f,7f,8a,85,af,93,b2,21,dc,43,36,16,b8,bf
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(600)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2532)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\Tablet.exe
c:\program files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
c:\program files\Creative\ShareDLL\CADI\NotiMan.exe
c:\program files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-05-28 13:22:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-28 19:22
.
Pre-Run: 42,627,817,472 bytes free
Post-Run: 42,575,962,112 bytes free
.
- - End Of File - - 0C4B8AA6C59830B4F1701E500636BD73
  • 0

#13
Essexboy
Posted 28 May 2011 - 01:41 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK next taget will be the router, do any other systems using the same router have this problem

To test it out install OpenDNS on this system and see if that helps
  • 0

#14
DrkMachine
Posted 28 May 2011 - 01:53 PM

DrkMachine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts
no luck there either...all other computers connected to that router work fine. The opendns didn't change anything
  • 0

#15
Essexboy
Posted 28 May 2011 - 02:04 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you now uninstall IOLA firewall please reboot and then try again
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP