Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

pc unstable after virus removal, registry issuse? [Closed]

Started by Technodave , May 21 2012 03:00 AM

This topic is locked

#1
Technodave

Posted 21 May 2012 - 03:00 AM

Member

Member
59 posts

Hello my pc has become pretty sick it sometimes fails to boot or hangs a lot almost every program crashes google chrome most of all.
With an error message that "a plugin has become unresponsive ; unknown"
i will add otl log now before i crash again many thanks dave

OTL logfile created on: 5/21/2012 9:56:15 AM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Moggy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 71.01% Memory free
5.09 Gb Paging File | 4.06 Gb Available in Paging File | 79.86% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 119.67 Gb Free Space | 40.15% Space Free | Partition Type: NTFS
Drive D: | 696.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MOGGY-0C768B687 | User Name: Moggy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/09 04:04:54 | 001,240,048 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,258,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/01/31 02:38:24 | 001,541,120 | ---- | M] () -- C:\Program Files\DivX\DivX Plus Player\DivX Plus Player.exe
PRC - [2012/01/04 23:24:50 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/16 19:29:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Moggy\desktop\OTL.exe
PRC - [2011/04/19 07:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/19 07:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/04/19 07:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/12 12:58:30 | 000,163,840 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\n52te\razerhid.exe
PRC - [2007/09/20 00:27:44 | 001,247,600 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006/10/23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/07/23 02:22:42 | 001,126,400 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
PRC - [2006/06/20 22:42:44 | 000,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2003/08/27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe

========== Modules (SafeList) ==========

MOD - [2011/07/16 19:29:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Moggy\desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2012/04/03 22:19:16 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/04 23:24:50 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/04/19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/09/20 00:27:44 | 001,247,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/10/23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/08/27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip)
DRV - File not found [Kernel | Unknown | Running] -- -- (MpKslbd03ee8c)
DRV - [2012/05/21 09:30:18 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC5FE468-05FD-42D9-AB84-B5D8DF9C5683}\MpKslf1a6b888.sys -- (MpKslf1a6b888)
DRV - [2012/03/09 07:22:00 | 007,586,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/12/20 08:39:28 | 000,100,368 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/12/16 10:23:14 | 000,103,424 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RzSynapse.sys -- (RzSynapse)
DRV - [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/02/26 12:40:10 | 000,099,856 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/02/29 03:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/02/29 03:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/02/29 03:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/12/27 12:42:12 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/09/27 15:46:12 | 000,048,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\JmtFltr.sys -- (JmtFltr)
DRV - [2007/09/19 18:01:06 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vhidmini.sys -- (vhidmini)
DRV - [2007/08/13 04:49:54 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2007/06/05 11:56:40 | 000,044,928 | ---- | M] (Panda Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SDTHOOK.SYS -- (SDTHOOK)
DRV - [2006/06/27 10:42:14 | 003,972,672 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/12/22 03:22:18 | 000,005,685 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2005/09/30 05:52:22 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/09/30 05:52:20 | 000,034,048 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/08/18 09:52:06 | 000,093,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/05/17 23:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\NvAtaBus.sys -- (nvatabus)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/07/16 11:14:30 | 000,140,416 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (bkn50USB)
DRV - [2004/04/27 08:26:48 | 000,005,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS -- (Asushwio)
DRV - [2003/01/10 22:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glary...com/?src=iehome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.glary...com/?src=iehome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?r...GB&dcc=GB&opt=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A C9 02 3E 7E E3 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\w, =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Program Files\Octoshape Streaming Services\Moggy\octoprogram-L03-NMS1010120_SUA_000\npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Moggy\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Moggy\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/18 19:56:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/05/19 18:36:55 | 000,000,000 | ---D | M]

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Jomantha] C:\Program Files\n52te\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files\Razer\Naga Epic\NagaEpicSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Google Update] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Moggy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Moggy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/13 03:25:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/07 01:19:03 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{925e9f5e-a3ce-11de-a113-0017315df0b6}\Shell - "" = AutoRun
O33 - MountPoints2\{925e9f5e-a3ce-11de-a113-0017315df0b6}\Shell\Auto\command - "" = MicrosoftPowerPoint.exe
O33 - MountPoints2\{925e9f5e-a3ce-11de-a113-0017315df0b6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{925e9f5e-a3ce-11de-a113-0017315df0b6}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\ASUSACPI.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/05/19 20:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Glary Utilities
[2012/05/19 20:24:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moggy\Application Data\GlarySoft
[2012/05/19 20:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2012/05/19 20:22:38 | 000,028,040 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP152.SYS
[2012/05/19 19:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moggy\Start Menu\Programs\Free Window Registry Repair
[2012/05/19 19:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2012/05/19 19:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/05/19 19:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/05/19 18:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Registry Mechanic
[2012/05/19 11:47:14 | 000,000,000 | ---D | C] -- C:\fd9a065da192b07f215c7986ccf2
[2012/05/19 09:41:58 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT
[2012/05/19 00:36:55 | 000,000,000 | ---D | C] -- C:\522b55c28c987999615a62
[2012/05/18 20:11:07 | 000,000,000 | ---D | C] -- C:\a258d02e152721d1ed706f
[2012/04/22 15:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moggy\Desktop\redsn0w_win_0.9.6rc16
[2012/04/22 14:26:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moggy\Local Settings\Application Data\libimobiledevice
[2012/04/22 14:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moggy\Desktop\absinthe-win-0.4
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Documents and Settings\Moggy\*.tmp files -> C:\Documents and Settings\Moggy\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/21 09:37:46 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/21 09:32:13 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B8B918BA-D311-4755-9D85-B9EA16A23CD5}.job
[2012/05/21 09:27:57 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/05/21 09:27:56 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/21 09:27:56 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-796845957-725345543-1004.job
[2012/05/21 09:27:55 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-796845957-725345543-1005.job
[2012/05/21 09:27:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/20 22:42:22 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/20 21:53:22 | 000,020,256 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini
[2012/05/20 21:15:35 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/20 21:10:40 | 000,000,232 | ---- | M] () -- C:\boot.ini
[2012/05/20 21:10:40 | 000,000,232 | ---- | M] () -- C:\BOOT.BAK
[2012/05/20 20:35:49 | 000,001,887 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2012/05/20 20:35:49 | 000,001,887 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2012/05/20 19:41:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekend Scanner.job
[2012/05/20 19:27:17 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2012/05/19 23:40:58 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/19 20:26:59 | 000,000,157 | ---- | M] () -- C:\Documents and Settings\Moggy\Desktop\Filepuma.url
[2012/05/19 20:24:57 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Moggy\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2012/05/19 20:24:57 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Moggy\Desktop\Glary Utilities.lnk
[2012/05/19 20:23:34 | 000,028,040 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP152.SYS
[2012/05/19 19:39:37 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\Moggy\Desktop\Free Window Registry Repair.lnk
[2012/05/19 13:00:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Path.idx
[2012/05/19 11:17:05 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\Moggy\Desktop\.~lock.New OpenDocument Text (2222.odt#
[2012/05/18 22:35:08 | 000,008,912 | ---- | M] () -- C:\Documents and Settings\Moggy\My Documents\cc_20120518_223502.reg
[2012/05/18 20:06:04 | 000,024,342 | ---- | M] () -- C:\Documents and Settings\Moggy\My Documents\cc_20120518_200600.reg
[2012/05/18 19:20:03 | 000,013,740 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/17 22:26:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-796845957-725345543-1005.job
[2012/05/16 19:31:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekday Scanner.job
[2012/05/15 08:01:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/12 18:57:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-796845957-725345543-1004.job
[2012/05/10 20:49:50 | 000,290,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/09 22:34:18 | 000,441,462 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/09 22:34:18 | 000,071,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/08 22:51:07 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/08 22:51:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/06 22:25:36 | 000,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2012/05/06 22:25:35 | 000,001,469 | ---- | M] () -- C:\Documents and Settings\Moggy\Desktop\DivX Movies.lnk
[2012/05/01 22:13:27 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/04/25 00:54:55 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/04/22 14:27:31 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2012/04/22 14:27:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Documents and Settings\Moggy\*.tmp files -> C:\Documents and Settings\Moggy\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/19 23:52:34 | 000,000,232 | ---- | C] () -- C:\BOOT.BAK
[2012/05/19 20:24:58 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/05/19 20:24:57 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Moggy\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2012/05/19 20:24:57 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Moggy\Desktop\Glary Utilities.lnk
[2012/05/19 20:24:57 | 000,000,157 | ---- | C] () -- C:\Documents and Settings\Moggy\Desktop\Filepuma.url
[2012/05/19 19:39:37 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\Moggy\Desktop\Free Window Registry Repair.lnk
[2012/05/19 13:00:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Path.idx
[2012/05/19 11:17:05 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\Moggy\Desktop\.~lock.New OpenDocument Text (2222.odt#
[2012/05/19 09:40:31 | 000,001,887 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2012/05/19 09:40:31 | 000,001,887 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2012/05/18 22:35:04 | 000,008,912 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\cc_20120518_223502.reg
[2012/05/18 20:06:02 | 000,024,342 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\cc_20120518_200600.reg
[2012/04/25 22:53:39 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/04/25 00:54:53 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/22 14:30:05 | 000,002,657 | ---- | C] () -- C:\Documents and Settings\Moggy\Desktop\README
[2012/04/22 14:30:04 | 005,298,620 | ---- | C] () -- C:\Documents and Settings\Moggy\Desktop\greenpois0n.exe
[2012/04/22 14:27:31 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2012/04/22 14:27:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/02/19 21:11:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/18 00:11:46 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2012/02/14 21:11:44 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Moggy\Local Settings\Application Data\84756-11986-27475-00TC1-94865
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/07/15 00:15:36 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/05/02 15:37:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/05/02 15:32:50 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/04/15 11:26:30 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/04/15 11:26:29 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/04/15 11:26:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/23 12:13:06 | 000,048,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\JmtFltr.sys
[2010/05/05 10:16:09 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Moggy\Application Data\setup_ldm.iss
[2010/02/22 22:30:25 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/12/03 23:39:19 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/10/02 18:26:38 | 000,059,944 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/30 16:42:47 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2009/03/16 20:53:10 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/03/16 20:53:10 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/02/23 22:39:30 | 000,601,728 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/11/11 23:45:02 | 000,000,076 | ---- | C] () -- C:\WINDOWS\POSTER.INI
[2008/08/27 20:36:06 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Moggy\Local Settings\Application Data\fusioncache.dat
[2008/07/08 00:29:50 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2008/05/23 20:50:05 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/18 04:02:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/28 07:19:05 | 000,057,856 | ---- | C] () -- C:\Documents and Settings\Moggy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/22 19:10:06 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2007/09/12 12:19:37 | 000,005,609 | ---- | C] () -- C:\WINDOWS\System32\ctucom.ini
[2007/09/12 12:19:37 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/09/11 12:47:31 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/09/11 12:44:50 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/09/10 16:05:55 | 000,524,288 | ---- | C] () -- C:\WINDOWS\M2N40601.bin
[2007/09/10 15:59:16 | 000,524,288 | ---- | C] () -- C:\WINDOWS\M2N40802.bin
[2007/09/10 00:14:33 | 000,020,256 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/09/03 03:15:14 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2007/09/03 03:15:14 | 000,005,685 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2007/08/13 16:00:48 | 000,001,751 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/08/13 14:32:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/08/13 14:29:51 | 000,290,088 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/08/13 04:44:50 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/08/13 04:44:40 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/08/13 04:42:34 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/08/13 03:37:04 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2007/08/13 03:35:14 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/08/13 03:26:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/08/13 03:23:29 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/11/16 16:16:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/11/16 16:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/10/14 10:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 10:56:50 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/14 10:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 10:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 10:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 10:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 10:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/03/22 21:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 21:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,441,462 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,071,796 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D29BF00

< End of report >

it seems i have not got rid of the virus i have got a Exploit:Java/CVE-2011-3544 warning from MSE

Attached Files

OTL.Txt 75.02KB 90 downloads

Edited by Technodave, 22 May 2012 - 01:02 PM.
Added log from attachment.

#2
godawgs

Posted 23 May 2012 - 08:08 AM

Teacher

Retired Staff
8,228 posts

Hello Technodave, :wave:

. My name is godawgs and I will be assisting you with your Virus / Malware issues.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same.
Because of this, you must reply within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
All tools must be run from an account with Administrator privileges.
If I instruct you to download a specific tool which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, so you can check off each step as you complete it.
Also, part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions!
Do not do things I do not ask for, such as running a spyware scan on your computer, installing/uninstall programs, deleting files, modifying the registry or running any tools, unless instructed to do so. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date (if possible)!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

Your OTL is out of date. We need to remove it, download the newest version and get some current scans.

Step-1.

Please re-open on your desktop.
Be sure all other programs are closed as this step will require a reboot.
Click on
You will be prompted to reboot your system. Please do so.

Step-2.

Download OTL to the Desktop. It is important that it is download to the Desktop. (FireFox users should right click the download link and click "Save File As". On the window that comes up, make sure the download location is the Desktop and click the Save button.)

Posted Image

OTL Custom Scan

1. Please copy the text in the code box below and paste it in the Posted Image

box in OTL. To do that:

Highlight everything inside the code box, right click the mouse and click Copy.

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
C:\Windows\assembly\tmp\U\*.* /s
C:\Program Files\Common Files\ComObjects\*.* /s
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c

2. Re-open OTL on the desktop. To do that:

Double click on the OTL icon to run it. Make sure all other windows are closed.
You will see a console like the one below:
Check the box beside Scan All Users at the top of the console<---Important
Make sure the Output box at the top is set to Standard Output.
In the Extra Registry section, click the radio button beside Use Safelist<---Important
Check the boxes beside LOP Check and Purity Check.
Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
Click the button. Do not change any settings unless otherwise told to do so.
Let the scan run uninterrupted. The scan won't take long.
When the scan completes, it will open OTL.Txt on the desktop. A file named Extras.txt will be minimized. These files are also saved in the same location as OTL (it should be on your desktop).
Please copy the contents of these files and paste them into your reply. To do that:
On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Repeat for the Extras.txt file.

Step-3.

Run aswMBR

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
If it asks you if you want to download the latest virus definitions, click Yes
Click the "Scan" button to start the scan
On completion of the scan click save log. Save it to your desktop and post in your next reply.

NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.

Step-4.

Things For Your Next Post:
1. The new OTL.txt log
2. The Estras.txt log
3. The aswMBR log

#3
Technodave

Posted 23 May 2012 - 11:06 AM

Member

Topic Starter
Member
59 posts

Thank you Godawgs i have read it threw once and i will work on it and get back to you later tonight
many thanks Dave

#4
Technodave

Posted 23 May 2012 - 12:45 PM

Member

Topic Starter
Member
59 posts

i have 2 windows logins on this pc mine and a spare that never gets used.

Step one my pc froze and crashed after i restarted it the otl.exe was no longer there.

I then went on to step 2 and have tried a 3 times to run the scan each time it stops on scanning driver : xusb21...

My pc still responds thou and is not frozen. i will carry on with step 3 and 4 and see if i can get you some real info

#5
Technodave

Posted 23 May 2012 - 02:21 PM

Member

Topic Starter
Member
59 posts

i have not been able to finish a scan under the settings you gave on otl.exe and have not been able to get trhe other files you asked for from step 2 below is the mbr log

Time stamp 20:35.35.846 was yellow and time stamp 20:35:52.108 was red (not sure if this means anything but it is lost in the copy paste)

please let me know what to do next many thanks aaron

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-23 20:31:08
-----------------------------
20:31:08.875 OS Version: Windows 5.1.2600 Service Pack 3
20:31:08.875 Number of processors: 2 586 0x4303
20:31:08.875 ComputerName: MOGGY-0C768B687 UserName: Moggy
20:32:38.998 Initialize success
20:35:04.818 AVAST engine defs: 12051401
20:35:06.990 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
20:35:06.990 Disk 0 Vendor: Hitachi_HDT725032VLA360 V54OA7EA Size: 305245MB BusType: 3
20:35:06.990 Disk 0 MBR read successfully
20:35:06.990 Disk 0 MBR scan
20:35:07.021 Disk 0 Windows XP default MBR code
20:35:07.037 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
20:35:07.052 Disk 0 scanning sectors +625121280
20:35:07.083 Disk 0 scanning C:\WINDOWS\system32\drivers
20:35:23.362 Service scanning
20:35:35.845 Service MpKsl58058e72 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC5FE468-05FD-42D9-AB84-B5D8DF9C5683}\MpKsl58058e72.sys **LOCKED** 32
20:35:47.936 Modules scanning
20:35:52.108 Disk 0 trace - called modules:
20:35:52.108 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8b014c48]<<
20:35:52.123 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aff3ab8]
20:35:52.123 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\0000006e[0x8afc3880]
20:35:52.123 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\0000006d[0x8b021030]
20:35:52.404 AVAST engine scan C:\WINDOWS
20:36:00.309 AVAST engine scan C:\WINDOWS\system32
20:39:27.307 AVAST engine scan C:\WINDOWS\system32\drivers
20:39:48.617 AVAST engine scan C:\Documents and Settings\Moggy
20:59:38.055 AVAST engine scan C:\Documents and Settings\All Users
21:06:50.406 Scan finished successfully
21:09:11.594 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Moggy\Desktop\MBR.dat"
21:09:11.594 The log file has been saved successfully to "C:\Documents and Settings\Moggy\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-23 20:31:08
-----------------------------
20:31:08.875 OS Version: Windows 5.1.2600 Service Pack 3
20:31:08.875 Number of processors: 2 586 0x4303
20:31:08.875 ComputerName: MOGGY-0C768B687 UserName: Moggy
20:32:38.998 Initialize success
20:35:04.818 AVAST engine defs: 12051401
20:35:06.990 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
20:35:06.990 Disk 0 Vendor: Hitachi_HDT725032VLA360 V54OA7EA Size: 305245MB BusType: 3
20:35:06.990 Disk 0 MBR read successfully
20:35:06.990 Disk 0 MBR scan
20:35:07.021 Disk 0 Windows XP default MBR code
20:35:07.037 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
20:35:07.052 Disk 0 scanning sectors +625121280
20:35:07.083 Disk 0 scanning C:\WINDOWS\system32\drivers
20:35:23.362 Service scanning
20:35:35.845 Service MpKsl58058e72 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC5FE468-05FD-42D9-AB84-B5D8DF9C5683}\MpKsl58058e72.sys **LOCKED** 32
20:35:47.936 Modules scanning
20:35:52.108 Disk 0 trace - called modules:
20:35:52.108 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8b014c48]<<
20:35:52.123 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aff3ab8]
20:35:52.123 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\0000006e[0x8afc3880]
20:35:52.123 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\0000006d[0x8b021030]
20:35:52.404 AVAST engine scan C:\WINDOWS
20:36:00.309 AVAST engine scan C:\WINDOWS\system32
20:39:27.307 AVAST engine scan C:\WINDOWS\system32\drivers
20:39:48.617 AVAST engine scan C:\Documents and Settings\Moggy
20:59:38.055 AVAST engine scan C:\Documents and Settings\All Users
21:06:50.406 Scan finished successfully
21:09:11.594 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Moggy\Desktop\MBR.dat"
21:09:11.594 The log file has been saved successfully to "C:\Documents and Settings\Moggy\Desktop\aswMBR.txt"
21:12:29.354 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Moggy\Desktop\MBR.dat"
21:12:29.354 The log file has been saved successfully to "C:\Documents and Settings\Moggy\Desktop\aswMBR.txt"

#6
godawgs

Posted 24 May 2012 - 09:02 AM

Teacher

Retired Staff
8,228 posts

Hi Technodave,

Evidently your system froze and crashed at the reboot stage of removing the old copy of OTL. But if OTL.exe was gone after you rebooted, then the old OTL is gone.
I'm assuming that you downloaded a fresh copy of OTL to the desktop.

Let's cut the scope of the custom scan try to run OTL in Safe Mode.

Step-1.

Reboot into Safe Mode.

Restart Windows in Safe Mode. To do that....
Restart your computer and as soon as it starts booting up again continuously tap the F8 key.
An Advanced Boot Options screen will come up where you will be given the option to enter Safe Mode.
NOTE: If you miss the Boot menu, continue to let the machine boot up. Then restart the machine and start tapping the F8 key.
Very Important: Never restart the computer while it is booting up. Bad things, including the computer not being able to load Windows, can occur!
Use the down arrow key to highlight Safe Mode and push the ENTER key.

Windows XP
Posted Image

Step-2.

Posted Image

OTL Custom Scan

1. Please copy the text in the code box below and paste it in the Posted Image

box in OTL. To do that:

Highlight everything inside the code box, right click the mouse and click Copy.

%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
C:\Program Files\Common Files\ComObjects\*.* /s
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c

2. Re-open OTL on the desktop. To do that:

Double click on the OTL icon to run it. Make sure all other windows are closed.
You will see a console like the one below:
Check the box beside Scan All Users at the top of the console<---Important
Make sure the Output box at the top is set to Standard Output.
In the Extra Registry section, click the radio button beside Use Safelist<---Important
Check the boxes beside LOP Check and Purity Check.
Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
Click the button. Do not change any settings unless otherwise told to do so.
Let the scan run uninterrupted. The scan won't take long.
When the scan completes, it will open OTL.Txt on the desktop. A file named Extras.txt will be minimized. These files are also saved in the same location as OTL (it should be on your desktop).
Please copy the contents of these files and paste them into your reply. To do that:
On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Repeat for Extras.txt

Step-3.

Things For Your Next Post:
1. The OTL.txt log
2. The Extras.txt log

#7
Technodave

Posted 24 May 2012 - 12:10 PM

Member

Topic Starter
Member
59 posts

It is stopping at the same place scanning driver: xusb21...

#8
godawgs

Posted 24 May 2012 - 03:11 PM

Teacher

Retired Staff
8,228 posts

Hi Technodave,

Let's try removing drivers from the OTL scan and see if it will run then. Try this in Normal mode first and if it won't run try it in Safe Mode.

Step-1.

Posted Image

OTL Custom Scan

1. Please copy the text in the code box below and paste it in the Posted Image

box in OTL. To do that:

Highlight everything inside the code box, right click the mouse and click Copy.

%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
C:\Program Files\Common Files\ComObjects\*.* /s
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c

2. Re-open OTL on the desktop. To do that:

Double click on the OTL icon to run it. Make sure all other windows are closed.
You will see a console like the one below:
Check the box beside Scan All Users at the top of the console<---Important
Make sure the Output box at the top is set to Standard Output.
In the Drivers section, click the radio button beside None.<---VERY IMPORTANT
In the Extra Registry section, click the radio button beside Use Safelist<---Important
Check the boxes beside LOP Check and Purity Check.
Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
Click the button. Do not change any settings unless otherwise told to do so.
Let the scan run uninterrupted. The scan won't take long.
When the scan completes, it will open OTL.Txt on the desktop. A file named Extras.txt will be minimized. These files are also saved in the same location as OTL (it should be on your desktop).
Please copy the contents of these files and paste them into your reply. To do that:
On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Repeat for Extras.txt

Step-2.

Things For Your Next Post:
1. The OTL.txt log
2. The Extras.txt log

#9
Technodave

Posted 24 May 2012 - 05:35 PM

Member

Topic Starter
Member
59 posts

OTL logfile created on: 5/25/2012 12:09:58 AM - Run 3
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Moggy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.83 Gb Available Physical Memory | 87.26% Memory free
5.09 Gb Paging File | 4.86 Gb Available in Paging File | 95.39% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 119.98 Gb Free Space | 40.25% Space Free | Partition Type: NTFS
Drive D: | 562.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MOGGY-0C768B687 | User Name: Moggy | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/23 18:44:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Moggy\desktop\OTL.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/03 22:19:16 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/04 23:24:50 | 000,793,048 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/04/19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/09/20 00:27:44 | 001,247,600 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/10/23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/08/27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://search-gala.c...q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://search-gala.c...q={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1390067357-796845957-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glary...com/?src=iehome
IE - HKU\S-1-5-21-1390067357-796845957-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKU\S-1-5-21-1390067357-796845957-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKU\S-1-5-21-1390067357-796845957-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.glary...com/?src=iehome
IE - HKU\S-1-5-21-1390067357-796845957-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?r...GB&dcc=GB&opt=0
IE - HKU\S-1-5-21-1390067357-796845957-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1390067357-796845957-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A C9 02 3E 7E E3 CC 01 [binary data]
IE - HKU\S-1-5-21-1390067357-796845957-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\w, =
IE - HKU\S-1-5-21-1390067357-796845957-725345543-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1390067357-796845957-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1390067357-796845957-725345543-1004\..\SearchScopes\{1BBB0CE9-C992-42A2-9D7D-6EC9CD856086}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-1390067357-796845957-725345543-1004\..\SearchScopes\{9EEEC689-F07E-4241-8B15-A0FEAC12ECE1}: "URL" = http://query.nytimes...s}&opensearch=1
IE - HKU\S-1-5-21-1390067357-796845957-725345543-1004\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glary...s}&src=iesearch
IE - HKU\S-1-5-21-1390067357-796845957-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1390067357-796845957-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Program Files\Octoshape Streaming Services\Moggy\octoprogram-L03-NMS1101262_SUA_000\npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Moggy\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Moggy\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/18 19:56:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/05/19 18:36:55 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Moggy\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Documents and Settings\Moggy\Application Data\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Moggy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Moggy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1390067357-796845957-725345543-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1390067357-796845957-725345543-1004\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187017261\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [Jomantha] C:\Program Files\n52te\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet File not found
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files\Razer\Naga Epic\NagaEpicSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found
O4 - HKU\S-1-5-18..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe File not found
O4 - HKU\S-1-5-21-1390067357-796845957-725345543-1004..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-1390067357-796845957-725345543-1004..\Run: [Octoshape Streaming Services] C:\Program Files\Octoshape Streaming Services\Moggy\OctoshapeClient.exe (Octoshape ApS)
O4 - HKU\S-1-5-21-1390067357-796845957-725345543-1004..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-796845957-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1390067357-796845957-725345543-1004\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF437E3C-D516-425F-9FEE-DD69A9CDC169}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Moggy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Moggy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/13 03:25:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/04 13:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{925e9f5e-a3ce-11de-a113-0017315df0b6}\Shell - "" = AutoRun
O33 - MountPoints2\{925e9f5e-a3ce-11de-a113-0017315df0b6}\Shell\Auto\command - "" = MicrosoftPowerPoint.exe
O33 - MountPoints2\{925e9f5e-a3ce-11de-a113-0017315df0b6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{925e9f5e-a3ce-11de-a113-0017315df0b6}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2004/08/04 13:00:00 | 001,314,816 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/23 18:44:16 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Moggy\Desktop\OTL.exe
[2012/05/22 22:31:55 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/22 22:31:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/22 22:25:30 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/22 20:47:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Moggy\Recent
[2012/05/19 20:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Glary Utilities
[2012/05/19 20:24:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moggy\Application Data\GlarySoft
[2012/05/19 20:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2012/05/19 20:22:38 | 000,028,040 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP152.SYS
[2012/05/19 19:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moggy\Start Menu\Programs\Free Window Registry Repair
[2012/05/19 19:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2012/05/19 19:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/05/19 19:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/05/19 18:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Registry Mechanic
[2012/05/19 11:47:14 | 000,000,000 | ---D | C] -- C:\fd9a065da192b07f215c7986ccf2
[2012/05/19 09:41:58 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT
[2012/05/19 00:36:55 | 000,000,000 | ---D | C] -- C:\522b55c28c987999615a62
[2012/05/18 20:11:07 | 000,000,000 | ---D | C] -- C:\a258d02e152721d1ed706f
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Documents and Settings\Moggy\*.tmp files -> C:\Documents and Settings\Moggy\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/25 00:08:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/25 00:02:27 | 000,000,241 | ---- | M] () -- C:\boot.ini
[2012/05/25 00:01:51 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/25 00:01:51 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/05/25 00:01:51 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-796845957-725345543-1004.job
[2012/05/25 00:01:49 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-796845957-725345543-1005.job
[2012/05/24 23:33:01 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/24 23:25:27 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/24 23:19:11 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-796845957-725345543-1004.job
[2012/05/24 23:16:38 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/24 21:11:07 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B8B918BA-D311-4755-9D85-B9EA16A23CD5}.job
[2012/05/23 21:12:29 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Moggy\Desktop\MBR.dat
[2012/05/23 20:10:11 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Moggy\Desktop\aswMBR.exe
[2012/05/23 19:32:04 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2012/05/23 18:44:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Moggy\Desktop\OTL.exe
[2012/05/22 22:43:45 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/22 22:31:53 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/22 20:29:21 | 000,041,622 | ---- | M] () -- C:\Documents and Settings\Moggy\My Documents\cc_20120522_202917.reg
[2012/05/22 08:01:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/20 21:53:22 | 000,020,256 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini
[2012/05/20 21:10:40 | 000,000,232 | ---- | M] () -- C:\BOOT.BAK
[2012/05/20 20:35:49 | 000,001,887 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2012/05/20 20:35:49 | 000,001,887 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2012/05/20 19:41:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekend Scanner.job
[2012/05/19 20:26:59 | 000,000,157 | ---- | M] () -- C:\Documents and Settings\Moggy\Desktop\Filepuma.url
[2012/05/19 20:24:57 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Moggy\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2012/05/19 20:24:57 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Moggy\Desktop\Glary Utilities.lnk
[2012/05/19 20:23:34 | 000,028,040 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP152.SYS
[2012/05/19 19:39:37 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\Moggy\Desktop\Free Window Registry Repair.lnk
[2012/05/19 13:00:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Path.idx
[2012/05/19 11:17:05 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\Moggy\Desktop\.~lock.New OpenDocument Text (2222.odt#
[2012/05/18 22:35:08 | 000,008,912 | ---- | M] () -- C:\Documents and Settings\Moggy\My Documents\cc_20120518_223502.reg
[2012/05/18 20:06:04 | 000,024,342 | ---- | M] () -- C:\Documents and Settings\Moggy\My Documents\cc_20120518_200600.reg
[2012/05/18 19:20:03 | 000,013,740 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/17 22:26:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-796845957-725345543-1005.job
[2012/05/16 19:31:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekday Scanner.job
[2012/05/10 20:49:50 | 000,290,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/09 22:34:18 | 000,441,462 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/09 22:34:18 | 000,071,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/08 22:51:07 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/08 22:51:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/06 22:25:36 | 000,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2012/05/06 22:25:35 | 000,001,469 | ---- | M] () -- C:\Documents and Settings\Moggy\Desktop\DivX Movies.lnk
[2012/05/01 22:13:27 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/04/25 00:54:55 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Documents and Settings\Moggy\*.tmp files -> C:\Documents and Settings\Moggy\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/23 21:09:11 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Moggy\Desktop\MBR.dat
[2012/05/22 22:31:53 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/22 20:29:18 | 000,041,622 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\cc_20120522_202917.reg
[2012/05/19 23:52:34 | 000,000,232 | ---- | C] () -- C:\BOOT.BAK
[2012/05/19 20:24:58 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/05/19 20:24:57 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Moggy\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2012/05/19 20:24:57 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Moggy\Desktop\Glary Utilities.lnk
[2012/05/19 20:24:57 | 000,000,157 | ---- | C] () -- C:\Documents and Settings\Moggy\Desktop\Filepuma.url
[2012/05/19 19:39:37 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\Moggy\Desktop\Free Window Registry Repair.lnk
[2012/05/19 13:00:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Path.idx
[2012/05/19 11:17:05 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\Moggy\Desktop\.~lock.New OpenDocument Text (2222.odt#
[2012/05/19 09:40:31 | 000,001,887 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2012/05/19 09:40:31 | 000,001,887 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2012/05/18 22:35:04 | 000,008,912 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\cc_20120518_223502.reg
[2012/05/18 20:06:02 | 000,024,342 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\cc_20120518_200600.reg
[2012/04/25 22:53:39 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/04/25 00:54:53 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/19 21:11:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/18 00:11:46 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2012/02/14 21:11:44 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Moggy\Local Settings\Application Data\84756-11986-27475-00TC1-94865
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/07/15 00:15:36 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/05/02 15:37:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/05/02 15:32:50 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/04/15 11:26:30 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/04/15 11:26:29 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/04/15 11:26:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/23 12:13:06 | 000,048,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\JmtFltr.sys

========== LOP Check ==========

[2008/05/27 04:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2011/07/11 20:11:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/12/29 18:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Manager
[2011/12/22 21:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2007/12/31 03:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/08/30 16:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/12/11 18:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2011/07/11 20:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/22 21:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2007/09/03 06:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2007/12/28 04:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prevx
[2007/12/16 23:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screaming Bee
[2008/06/27 03:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2012/05/19 19:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/05/23 19:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/08/13 03:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/12 23:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/30 16:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/17 09:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/02/08 01:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2012/04/19 19:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moggy\Application Data\Bitcoin
[2012/02/19 15:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moggy\Application Data\ElevatedDiagnostics
[2012/05/19 20:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moggy\Application Data\GlarySoft
[2008/04/24 14:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moggy\Application Data\My Battle for Middle-earth™ II Files
[2010/02/15 18:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moggy\Application Data\OpenOffice.org
[2011/12/22 21:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moggy\Application Data\Origin
[2008/05/23 02:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moggy\Application Data\Publish Providers
[2012/02/18 20:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moggy\Application Data\Registry Mechanic
[2007/12/16 23:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moggy\Application Data\Screaming Bee
[2007/12/28 03:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moggy\Application Data\Simply Super Software
[2008/05/23 16:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moggy\Application Data\Sony
[2008/03/07 20:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moggy\Application Data\Sony Setup
[2008/04/01 21:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moggy\Application Data\temp
[2012/05/22 20:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moggy\Application Data\TS3Client
[2012/04/13 02:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moggy\Application Data\ts3overlay
[2012/02/17 22:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moggy\Application Data\Ulavt
[2012/03/01 19:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moggy\Application Data\Uniblue
[2011/07/11 00:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moggy\Application Data\uTorrent
[2012/02/17 22:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moggy\Application Data\Veome
[2008/04/15 02:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moggy\Application Data\Viewpoint
[2007/12/27 20:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\spare\Application Data\Grisoft
[2007/12/27 20:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\spare\Application Data\Simply Super Software
[2008/05/27 23:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\spare\Application Data\Viewpoint
[2012/05/25 00:01:51 | 000,000,312 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2012/05/23 19:32:04 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
[2012/05/24 21:11:07 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B8B918BA-D311-4755-9D85-B9EA16A23CD5}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2001/01/10 12:23:58 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
[2 C:\*.tmp files -> C:\*.tmp -> ]

< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 12:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
[2004/08/04 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: Hitachi HDT725032VLA360
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 298.00GB
Starting Offset: 32256
Hidden sectors: 0

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: MOGGY-0C768B687
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D XP_HOME_SP2 CDFS DVD-ROM 562 MB
Volume 1 C NTFS Partition 298 GB Healthy System

========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D29BF00

< End of report >

OTL Extras logfile created on: 5/25/2012 12:09:58 AM - Run 3
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Moggy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.83 Gb Available Physical Memory | 87.26% Memory free
5.09 Gb Paging File | 4.86 Gb Available in Paging File | 95.39% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 119.98 Gb Free Space | 40.25% Space Free | Partition Type: NTFS
Drive D: | 562.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MOGGY-0C768B687 | User Name: Moggy | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1390067357-796845957-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"6881:TCP" = 6881:TCP:*:Enabled:Blizzard Downloader: 6881
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)
"C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe" = C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe:*:Enabled:Star Wars - The Old Republic -- (BioWare, A Division of Electronic Arts)
"C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe" = C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe:*:Enabled:Star Wars - The Old Republic -- (BioWare)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialler -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Services -- (AOL LLC)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
"C:\Program Files\Common Files\AOL\1187017261\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1187017261\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat" = C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:*:Enabled:The Battle for Middle-earth™ II
"C:\Program Files\Eidos\25 to Life\TTL.exe" = C:\Program Files\Eidos\25 to Life\TTL.exe:*:Enabled:TTL
"C:\Program Files\NAMCO BANDAI Games\Warhammer Mark of Chaos\Warhammer.exe" = C:\Program Files\NAMCO BANDAI Games\Warhammer Mark of Chaos\Warhammer.exe:*:Enabled:Warhammer®: Mark of Chaos™
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III
"C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\patchget.dat" = C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\patchget.dat:*:Enabled:patchgrabber
"C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat" = C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat:*:Enabled:The Battle for Middle-earth ™
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service
"C:\Program Files\ASpyC\ASpyC.exe" = C:\Program Files\ASpyC\ASpyC.exe:*:Enabled:AntiSpyCheck
"C:\Documents and Settings\All Users\Application Data\1ed9a40\WI1ed9.exe" = C:\Documents and Settings\All Users\Application Data\1ed9a40\WI1ed9.exe:*:Enabled:Windows Protection Suite
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\World of Warcraft\WoW-3.3.2.11403-to-3.3.3.11685-enGB-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.3.2.11403-to-3.3.3.11685-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Octoshape Streaming Services\Moggy\OctoshapeClient.exe" = C:\Program Files\Octoshape Streaming Services\Moggy\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\World of Warcraft Public Test\Launcher.exe" = C:\Program Files\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\World of Warcraft Public Test\Launcher.patch.exe" = C:\Program Files\World of Warcraft Public Test\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe" = C:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe:*:Enabled:WarhammerÂ® 40,000â„¢: Dawn of WarÂ® II â€“ Chaos Risingâ„¢ -- (THQ Canada Inc.)
"C:\Documents and Settings\Moggy\Local Settings\Apps\2.0\N1DOMMZ4.OA4\7D78HC20.54M\curs..tion_eee711038731a406_0004.0000_2ad57791d5c42008\CurseClient.exe" = C:\Documents and Settings\Moggy\Local Settings\Apps\2.0\N1DOMMZ4.OA4\7D78HC20.54M\curs..tion_eee711038731a406_0004.0000_2ad57791d5c42008\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe" = C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe:*:Enabled:Star Wars - The Old Republic -- (BioWare, A Division of Electronic Arts)
"C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe" = C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe:*:Enabled:Star Wars - The Old Republic -- (BioWare)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{036138A4-CE69-54B3-EC3A-22EC160303E0}" = CCC Help Czech
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0A68C819-3333-E57F-5881-D3FE31C1F2D5}" = CCC Help Turkish
"{0AC8162B-5175-41D7-B963-8307A40BD456}" = n52te Editor
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23481C75-AA13-858C-C707-51D7744F2309}" = CCC Help English
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3179E96B-2CCF-A00A-5738-4C14DBA0DACA}" = CCC Help Chinese Traditional
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{368673BE-F66E-3BB4-832C-8EAF0B4AF939}" = Google Chrome
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3BDCECE1-F7F8-81E3-EE26-AF8FD5172A56}" = CCC Help German
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41B4F085-82E5-C9C2-9AB3-65D67EF60883}" = CCC Help Italian
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4CD2A929-C76E-4E9C-B871-07D629717E2E}" = TouchCopy
"{4D6183C0-005C-4B1F-8261-4B0F71F1C4A5}" = Nokia Multimedia Player
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{59A86970-E9AB-0D1D-A269-2381A89F0CF2}" = Catalyst Control Center InstallProxy
"{5A336D74-E680-4986-96F4-E9CEBC784F56}" = Naga Firmware Updater 1.13
"{5DCB68D8-686F-0550-6DD3-957A366F8F99}" = CCC Help Norwegian
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{653B7F6E-F594-4B55-61BA-78F8FE6E500A}" = CCC Help Finnish
"{69101ED4-FAEB-44EE-1A0E-0602CD6458F3}" = Catalyst Control Center
"{6F6B46DC-4289-454E-8FFD-80CE597F403B}" = Microsoft Xbox 360 Accessories 1.1
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76B0FAA5-C23B-58E8-EB51-1195A4D6BEB7}" = Catalyst Control Center Localization All
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77A1C7DD-E4F6-4057-92FC-710219215987}" = Logitech G11 Keyboard Software 1.03
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{821CF756-EDC0-5A8C-6ECA-3F4682DEAFD1}" = CCC Help French
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FB7E2C1-13A7-F9A0-277F-8CFB5B198E7E}" = CCC Help Polish
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{950A97A5-F8AF-26C7-8F8B-47F7C1F03363}" = CCC Help Portuguese
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96A092BE-173D-6824-14FD-1C8C0477C1D1}" = CCC Help Greek
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BA4C082-183A-4869-06DB-4F563355D33F}" = CCC Help Spanish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A997829F-090A-06FC-ADDA-B907E0D2562E}" = AMD Catalyst Install Manager
"{AB4FE709-7AC5-A7FF-A947-A110CEFCB074}" = CCC Help Hungarian
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B802B2D2-C777-1876-8204-C0F360CBF955}" = CCC Help Dutch
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C6BD88D1-A8D3-B46F-781E-80A6A6927E09}" = CCC Help Chinese Standard
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3CD290C-C254-F440-962D-F9D0E60DD3F4}" = CCC Help Danish
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DA3DB4D7-429D-4292-F855-C47C6EA1AFF8}" = CCC Help Thai
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DE464235-13EC-F0E2-2608-9A8103F52DF8}" = CCC Help Japanese
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E8D9FAA2-D3DB-7FA3-3FFE-0AC935251F99}" = CCC Help Swedish
"{E9E3EE81-6E7F-47A3-8D38-3470256704DB}_is1" = Tortun 0.8
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBC91840-41E1-4CC3-AC11-0B889546223C}" = Microsoft IntelliPoint 5.5
"{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F748B53A-A58F-17B4-F380-08EF92B6A6F4}" = CCC Help Korean
"{FA584B62-7ECF-A981-0D1E-A8BE67C604DB}" = Catalyst Control Center Graphics Previews Common
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBFC6AFA-082C-CBEC-3D28-1EE9CA16D029}" = ccc-utility
"{FF2A5498-4EFE-430F-A138-7EB365DBEBAD}" = Adobe Shockwave Player 11.6
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF9B0E3E-9D2E-2560-EEA2-BB35A369C491}" = CCC Help Russian
"Adobe Photoshop CS4_is1" = Adobe Photoshop CS4
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"America Online uk" = AOL UK (Choose which version to remove)
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"B3F2F39D9A48AD78A74BA5D236210A6E48B1333C" = Windows Driver Package - Belkin (HidUsb) HIDClass (01/11/2007 1.0)
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4D6183C0-005C-4B1F-8261-4B0F71F1C4A5}" = Nokia Multimedia Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"mIRC" = mIRC
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Origin" = Origin
"RealPlayer 15.0" = RealPlayer
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"Steam App 15620" = WarhammerÂ® 40,000â„¢: Dawn of WarÂ® II
"Steam App 20570" = Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
"Steam App 45000" = Sol Survivor
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VentriloMIX" = VentriloMIX
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 2.0.1
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1390067357-796845957-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Bitcoin" = Bitcoin
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"TWS Demo" = TWS Demo
"uTorrent" = µTorrent
"Wow Web Stats Client v2.4" = Wow Web Stats Client v2.4

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/18/2012 3:11:31 PM | Computer Name = MOGGY-0C768B687 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 5/18/2012 3:40:49 PM | Computer Name = MOGGY-0C768B687 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 5/18/2012 5:52:28 PM | Computer Name = MOGGY-0C768B687 | Source = Application Error | ID = 1000
Description = Faulting application divx plus player.exe, version 10.3.2.6, faulting
module dpxdownloadmanagerplugin.dll, version 10.3.2.6, fault address 0x0000a0a7.

Error - 5/19/2012 6:34:41 AM | Computer Name = MOGGY-0C768B687 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070005, P2 mpupdateengine, P3 am fe,
P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.0.1526.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.

Error - 5/19/2012 6:57:32 AM | Computer Name = MOGGY-0C768B687 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070005, P2 mpupdateengine, P3 am fe,
P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.0.1526.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.

Error - 5/19/2012 7:05:26 AM | Computer Name = MOGGY-0C768B687 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 5/23/2012 3:27:54 PM | Computer Name = MOGGY-0C768B687 | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - The process cannot access the
file because it is being used by another process. for C:\Documents and Settings\Moggy\ntuser.dat

Error - 5/23/2012 3:28:15 PM | Computer Name = MOGGY-0C768B687 | Source = Userenv | ID = 1502
Description = Windows cannot load the locally stored profile. Possible causes of
this error include insufficient security rights or a corrupt local profile. If
this problem persists, contact your network administrator. DETAIL - The process
cannot access the file because it is being used by another process.

Error - 5/23/2012 3:28:15 PM | Computer Name = MOGGY-0C768B687 | Source = Userenv | ID = 1515
Description = Windows has backed up this user's profile. Windows will automatically
try to use the backed up profile the next time this user logs on.

Error - 5/23/2012 3:28:15 PM | Computer Name = MOGGY-0C768B687 | Source = Userenv | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

[ System Events ]
Error - 5/24/2012 2:55:29 PM | Computer Name = MOGGY-0C768B687 | Source = Service Control Manager | ID = 7000
Description = The AOL Connectivity Service service failed to start due to the following
error: %%1053

Error - 5/24/2012 7:08:53 PM | Computer Name = MOGGY-0C768B687 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/24/2012 7:08:55 PM | Computer Name = MOGGY-0C768B687 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 5/24/2012 7:09:57 PM | Computer Name = MOGGY-0C768B687 | Source = Service Control Manager | ID = 7001
Description = The fssfltr service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 5/24/2012 7:09:57 PM | Computer Name = MOGGY-0C768B687 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 5/24/2012 7:09:57 PM | Computer Name = MOGGY-0C768B687 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 5/24/2012 7:09:57 PM | Computer Name = MOGGY-0C768B687 | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 5/24/2012 7:09:57 PM | Computer Name = MOGGY-0C768B687 | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 5/24/2012 7:09:57 PM | Computer Name = MOGGY-0C768B687 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 5/24/2012 7:09:57 PM | Computer Name = MOGGY-0C768B687 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AsIO Fips IPSec MpFilter MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip

< End of report >

#10
godawgs

Posted 25 May 2012 - 06:07 PM

Teacher

Retired Staff
8,228 posts

Hi Technodave,

Thanks for the updated log. You have a nasty Mebroot/HelpAssistant infection. We need to run a tool to check how far the infection has spread. This infection opens Global Ports in the registry effectively creating a backdoor to the computer.

:alarm:

Warning: One or more of the identified infections on your computer is known to use a backdoor!
These are information stealing trojans installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

I would advise you to immediately disconnect this computer from the internet except when reading my posts, downloading the required tools and replying to this topic on this forum only.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following:

All passwords should be changed to include those used for banking, email, eBay, Facebook ect; and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breach.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS.
Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterward. Let me know what you decide to do. If you decide to continue with the cleanup, please proceed with the following steps.

Step-1.

Run the MebRoot/HelpAssistant Scan

Download and run HAMeb_check.exe
Post the contents of the resulting log.

We need to check the data for a couple of services that appear to be renamed and could be causing part of your problems.

Step-2.

Create and Run a Batch File

Please copy everything in the code box below into notepad. To do this highlight all text, then right click and click Copy.

@Echo Off
CLS
reg query "HKEY_LOCAL_MACHINE_\SYSTEM\CurrentControlSet\Services\xcpip" >> %UserProfile%\desktop\xcpip.txt
reg query "HKEY_LOCAL_MACHINE_\SYSTEM\CurrentControlSet\Services\xpsec" >> %UserProfile%\desktop\xpsec.txt
exit

Next, open Notepad in the Start Menu or in the Start Search box type notepad.exe and press the ENTER key.
Right click in the notepad window and click Paste, or put the cursor inside the notepad window and press the Ctrl-V keys to paste the text into notepad.
On the File menu, click Save
On the Save AS window that comes up, do the following:
- On the left side, click the Desktop Icon. This will put "Desktop" in the Save In: box at the top.
- At the bottom in the File Name: box type look.bat
- In the Save as type: box, click the down arrow and click All Files(*.*)
- Click Save
This will put a new file on the Desktop named look.bat

Close all open windows and any open Browsers.
Right click the look.bat file on the desktop and click Run As Administrator to run the file. A command window will open briefly, then close. This is quite normal.
There will be two files created on the desktop, xcpip.txt and xpsec.txt. Please post the contents of the two files in your next reply.

Step-3.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
Double click the FSS.exe file to run it. (Vista and 7 users may need to right click the file and click Run as Administrator)

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Step-4.

Things For Your Next Post:
1. The HAMeb_check log
2. The xcpip.txt file
3. The xpsec.txt file
4. The FSS.txt log

#11
Technodave

Posted 26 May 2012 - 05:33 AM

Member

Topic Starter
Member
59 posts

:\Documents and Settings\Moggy\Desktop\HAMeb_check (1).exe
Sat 05/26/2012 at 10:43:03.45

Account active No
Local Group Memberships

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A76C860]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8b028000
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"=3389:TCP:*:Enabled:Remote Desktop
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=3389:TCP:*:Enabled:Remote Desktop
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services

~~ EOF ~~

i am stuck on step two i cant click run as admin and clicking it normaly didnt creat the files you asked for
i am doing step 3 now

Edited by Technodave, 26 May 2012 - 05:37 AM.

#12
Technodave

Posted 26 May 2012 - 06:04 AM

Member

Topic Starter
Member
59 posts

Farbar Service Scanner Version: 25-05-2012
Ran by Moggy (administrator) on 26-05-2012 at 12:51:23
Running from "C:\Documents and Settings\Moggy\desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

netman Service is not running. Checking service configuration:
The start type of netman service is OK.
The ImagePath of netman service is OK.
The ServiceDll of netman service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

**** End of log ****

#13
godawgs

Posted 26 May 2012 - 10:14 AM

Teacher

Retired Staff
8,228 posts

Hi Technodave,

Don't worry about Step 2. That just tells me that the service keys weren't present. When the batch file couldn't find the keys it aborted without creating a file on the desktop.
I'll be back to you shortly, I just didn't want you to worry about Step 2.

#14
godawgs

Posted 27 May 2012 - 09:24 AM

Teacher

Retired Staff
8,228 posts

Hi Technodave,

Let's kill the parts of the MebRoot/HelpAssistant infection that are there and fix the MBR.

Step-1.

Run the HelpAsst Fix Tool

Note! To use this tool read the following instructions thoroughly first. I would recommend printing them so you will have them handy during the fix. Dell users pay attention to the last note.

Please download HelpAsst_mebroot_fix.exe and save it to your desktop.

Close out all other open programs and windows.
Double click the file to run it and follow any prompts.

From here there are two different routes

If the tool detects an mbr infection
- Please allow it to run mbr -f and shutdown your computer.
- Upon restarting, please wait about 5 minutes
- Click Start>Run and type the following bolded command, then hit Enter.
  (Note! Make sure you leave a space between helpasst and -mbrt)
  - helpasst -mbrt
- When it completes, a log will open.
- Please post the contents of that log.
In the event the tool does not detect an mbr infection and completes:
- click Start>Run and type the following bolded command, then hit Enter.
  (Note! Make sure you leave a space between mbr and -f)
  - mbr -f
- Now, please do the Start>Run>mbr -f command a second time.
- Now shut down the computer (do not restart, but shut it down),
- Wait a few minutes then start it back up.
- Wait about 5 minutes
- Click Start>Run and type the following bolded command, then hit Enter.
  (Note! Make sure you leave a space between helpasst and -mbrt)
  - helpasst -mbrt
- When it completes, a log will open.
- Please post the contents of that log.

**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).

Lets take a deeper look at the services.

Step-2.

Please download MiniToolBox, save it to your desktop and run it.

Posted Image

Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices
List Users, Partitions and Memory size.
List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Step-3.

Things For Your Next Post:
1. The HelpAsst_Mebroot fix log
2. The Result.txt log
3. How is the computer running?

#15
Technodave

Posted 27 May 2012 - 12:11 PM

Member

Topic Starter
Member
59 posts

C:\Documents and Settings\Moggy\Desktop\HelpAsst_mebroot_fix.exe
Sun 05/27/2012 at 17:42:08.84

HelpAssistant account Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

~~ Checking firewall ports ~~

backing up DomainProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-

backing up StandardProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking mbr ~~

user & kernel MBR OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Sun 05/27/2012 at 18:17:11.17

Account active No
Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AFFE760]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8af5b000
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]
"3389:TCP"=3389:TCP:*:Enabled:Remote Desktop
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=3389:TCP:*:Enabled:Remote Desktop
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services

~~ EOF ~~

MiniToolBox by Farbar Version: 14-01-2012
Ran by Moggy (administrator) on 27-05-2012 at 19:09:41
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

popd
# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : moggy-0c768b687

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-17-31-5D-F0-B6

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.4

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 194.168.4.100

194.168.8.100

Lease Obtained. . . . . . . . . . : Sunday, May 27, 2012 7:07:14 PM

Lease Expires . . . . . . . . . . : Sunday, May 27, 2012 8:07:14 PM

Server: cache1.service.virginmedia.net
Address: 194.168.4.100

Name: google.com
Addresses: 173.194.34.68, 173.194.34.71, 173.194.34.69, 173.194.34.70
173.194.34.72, 173.194.34.73, 173.194.34.64, 173.194.34.78, 173.194.34.66
173.194.34.67, 173.194.34.65

Pinging google.com [173.194.34.69] with 32 bytes of data:

Reply from 173.194.34.69: bytes=32 time=18ms TTL=54

Reply from 173.194.34.69: bytes=32 time=22ms TTL=55

Ping statistics for 173.194.34.69:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 18ms, Maximum = 22ms, Average = 20ms

Server: cache1.service.virginmedia.net
Address: 194.168.4.100

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=154ms TTL=47

Reply from 209.191.122.70: bytes=32 time=157ms TTL=47

Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 154ms, Maximum = 157ms, Average = 155ms

Server: cache1.service.virginmedia.net
Address: 194.168.4.100

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=568ms TTL=128

Reply from 127.0.0.1: bytes=32 time=1660ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 568ms, Maximum = 1660ms, Average = 1114ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 17 31 5d f0 b6 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.4 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.4 192.168.0.4 20
192.168.0.0 255.255.255.0 192.168.0.4 192.168.0.4 10
192.168.0.4 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.0.255 255.255.255.255 192.168.0.4 192.168.0.4 10
224.0.0.0 240.0.0.0 192.168.0.4 192.168.0.4 10
255.255.255.255 255.255.255.255 192.168.0.4 192.168.0.4 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/27/2012 05:28:29 PM) (Source: Userenv) (User: Moggy)Moggy
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (05/27/2012 05:28:28 PM) (Source: Userenv) (User: Moggy)Moggy
Description: Windows has backed up this user's profile. Windows will automatically try to use the backed up profile the next time this user logs on.

Error: (05/27/2012 05:28:28 PM) (Source: Userenv) (User: Moggy)Moggy
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator.

DETAIL - The process cannot access the file because it is being used by another process.

Error: (05/27/2012 05:28:21 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights.

DETAIL - The process cannot access the file because it is being used by another process. for C:\Documents and Settings\Moggy\ntuser.dat

Error: (05/26/2012 09:28:07 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (05/25/2012 00:26:06 AM) (Source: Userenv) (User: Moggy)Moggy
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (05/25/2012 00:26:01 AM) (Source: Userenv) (User: Moggy)Moggy
Description: Windows has backed up this user's profile. Windows will automatically try to use the backed up profile the next time this user logs on.

Error: (05/25/2012 00:26:01 AM) (Source: Userenv) (User: Moggy)Moggy
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator.

DETAIL - The process cannot access the file because it is being used by another process.

Error: (05/25/2012 00:25:54 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights.

DETAIL - The process cannot access the file because it is being used by another process. for C:\Documents and Settings\Moggy\ntuser.dat

Error: (05/23/2012 08:28:15 PM) (Source: Userenv) (User: Moggy)Moggy
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

System errors:
=============
Error: (05/27/2012 05:54:34 PM) (Source: Service Control Manager) (User: )
Description: The AOL Connectivity Service service failed to start due to the following error:
%%1053

Error: (05/27/2012 05:54:34 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the AOL Connectivity Service service to connect.

Error: (05/27/2012 05:54:30 PM) (Source: Service Control Manager) (User: )
Description: The Symantec Core LC service failed to start due to the following error:
%%1053

Error: (05/27/2012 05:54:30 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Symantec Core LC service to connect.

Error: (05/27/2012 05:54:30 PM) (Source: Service Control Manager) (User: )
Description: The Machine Debug Manager service failed to start due to the following error:
%%1053

Error: (05/27/2012 05:54:30 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Machine Debug Manager service to connect.

Error: (05/27/2012 05:54:30 PM) (Source: Service Control Manager) (User: )
Description: The ATI Smart service failed to start due to the following error:
%%1053

Error: (05/27/2012 05:54:30 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the ATI Smart service to connect.

Error: (05/27/2012 05:54:30 PM) (Source: Service Control Manager) (User: )
Description: The AOL Connectivity Service service failed to start due to the following error:
%%1053

Error: (05/27/2012 05:54:30 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the AOL Connectivity Service service to connect.

Microsoft Office Sessions:
=========================
Error: (05/27/2012 05:28:29 PM) (Source: Userenv)(User: Moggy)Moggy
Description:

Error: (05/27/2012 05:28:28 PM) (Source: Userenv)(User: Moggy)Moggy
Description:

Error: (05/27/2012 05:28:28 PM) (Source: Userenv)(User: Moggy)Moggy
Description: The process cannot access the file because it is being used by another process.

Error: (05/27/2012 05:28:21 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: The process cannot access the file because it is being used by another process. C:\Documents and Settings\Moggy\ntuser.dat

Error: (05/26/2012 09:28:07 AM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis operation returned because the timeout period expired.

Error: (05/25/2012 00:26:06 AM) (Source: Userenv)(User: Moggy)Moggy
Description:

Error: (05/25/2012 00:26:01 AM) (Source: Userenv)(User: Moggy)Moggy
Description:

Error: (05/25/2012 00:26:01 AM) (Source: Userenv)(User: Moggy)Moggy
Description: The process cannot access the file because it is being used by another process.

Error: (05/25/2012 00:25:54 AM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: The process cannot access the file because it is being used by another process. C:\Documents and Settings\Moggy\ntuser.dat

Error: (05/23/2012 08:28:15 PM) (Source: Userenv)(User: Moggy)Moggy
Description:

=========================== Installed Programs ============================

µTorrent (Version: 1.8.2)
Adobe Photoshop CS4
Adobe Reader 8.3.1 (Version: 8.3.1)
Adobe Shockwave Player 11.6 (Version: 11.6.0.626)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
AMD APP SDK Runtime (Version: 10.0.831.4)
AMD Catalyst Install Manager (Version: 3.0.868.0)
AOL UK (Choose which version to remove)
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ASUSUpdate
ATI AVIVO Codecs (Version: 10.0.0.40103)
Bing Bar (Version: 7.0.850.0)
Bitcoin (Version: 0.6.0)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0308.2333.42157)
Catalyst Control Center Graphics Previews Common (Version: 2012.0308.2333.42157)
Catalyst Control Center InstallProxy (Version: 2012.0308.2333.42157)
Catalyst Control Center Localization All (Version: 2012.0308.2333.42157)
ccc-utility (Version: 2012.0308.2333.42157)
CCC Help Chinese Standard (Version: 2012.0308.2332.42157)
CCC Help Chinese Traditional (Version: 2012.0308.2332.42157)
CCC Help Czech (Version: 2012.0308.2332.42157)
CCC Help Danish (Version: 2012.0308.2332.42157)
CCC Help Dutch (Version: 2012.0308.2332.42157)
CCC Help English (Version: 2012.0308.2332.42157)
CCC Help Finnish (Version: 2012.0308.2332.42157)
CCC Help French (Version: 2012.0308.2332.42157)
CCC Help German (Version: 2012.0308.2332.42157)
CCC Help Greek (Version: 2012.0308.2332.42157)
CCC Help Hungarian (Version: 2012.0308.2332.42157)
CCC Help Italian (Version: 2012.0308.2332.42157)
CCC Help Japanese (Version: 2012.0308.2332.42157)
CCC Help Korean (Version: 2012.0308.2332.42157)
CCC Help Norwegian (Version: 2012.0308.2332.42157)
CCC Help Polish (Version: 2012.0308.2332.42157)
CCC Help Portuguese (Version: 2012.0308.2332.42157)
CCC Help Russian (Version: 2012.0308.2332.42157)
CCC Help Spanish (Version: 2012.0308.2332.42157)
CCC Help Swedish (Version: 2012.0308.2332.42157)
CCC Help Thai (Version: 2012.0308.2332.42157)
CCC Help Turkish (Version: 2012.0308.2332.42157)
CCleaner (Version: 2.29)
CDDRV_Installer (Version: 4.60)
Cool & Quiet
Curse Client (Version: 4.0.1.180)
DivX Converter (Version: 7.1.0)
DivX Plus DirectShow Filters
DivX Setup (Version: 2.6.1.8)
DivX Version Checker (Version: 7.1.0.9)
Google Chrome (Version: 64.228.77)
Google Earth (Version: 6.0.3.2197)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer (Version: 4.0.0.002)
Google Update Helper (Version: 1.3.21.111)
HijackThis 2.0.2 (Version: 2.0.2)
iTunes (Version: 10.3.1.55)
iTunes (Version: 10.6.1.7)
Java™ 6 Update 13 (Version: 6.0.130)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
Junk Mail filter update (Version: 14.0.8117.416)
KhalInstallWrapper (Version: 4.60.122)
Logitech G11 Keyboard Software 1.03 (Version: 1.3.166.0)
Logitech Registration (Version: 0.70.206)
Logitech SetPoint (Version: 4.60)
Logitech Updater (Version: 1.70)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Games for Windows - LIVE (Version: 2.0.675.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft IntelliPoint 5.5 (Version: 5.50.661.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Xbox 360 Accessories 1.1 (Version: 1.10.120.0)
mIRC (Version: 6.31)
MobileMe Control Panel (Version: 3.1.8.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
n52te Editor (Version: 5.01)
Naga Firmware Updater 1.13 (Version: 1.13.01)
Nokia Multimedia Player (Version: 5.00.5010)
NVIDIA Control Panel 266.58 (Version: 266.58)
NVIDIA Drivers (Version: 1.10)
NVIDIA Graphics Driver 266.58 (Version: 266.58)
NVIDIA Install Application (Version: 2.265.39.0)
NVIDIA nView 135.50 (Version: 135.50)
NVIDIA nView Desktop Manager (Version: 6.14.10.13550)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
Octoshape add-in for Adobe Flash Player
Octoshape Streaming Services (Version: Demo Version)
OpenOffice.org 3.0 (Version: 3.0.9358)
Origin (Version: 8.4.1.210)
PC Tools Registry Mechanic 11.0 (Version: 11.0)
QuickTime (Version: 7.71.80.42)
Razer Naga (Version: 3.00.25)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek AC'97 Audio (Version: 5.24)
RealUpgrade 1.1 (Version: 1.1.0)
Safari (Version: 5.34.54.16)
Secunia PSI (2.0.0.3003)
Segoe UI (Version: 14.0.4327.805)
Skype Toolbars (Version: 5.3.7555)
Skype™ 5.3 (Version: 5.3.120)
Sol Survivor
Sony Vegas Pro 8.0 (Version: 8.0.217)
Star Wars: The Old Republic (Version: 1.00)
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
Symantec KB-DocID:2003093015493306 (Version: 1.0.0.1)
System Requirements Lab
TeamSpeak 3 Client
Tortun 0.8
TouchCopy (Version: 4.39)
TWS Demo
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Ventrilo Client (Version: 3.0.8)
VentriloMIX
Viewpoint Media Player
VLC media player 2.0.1 (Version: 2.0.1)
Warhammer® 40,000™: Dawn of War® II
Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Belkin (HidUsb) HIDClass (01/11/2007 1.0) (Version: 01/11/2007 1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
World of Warcraft (Version: 4.3.0.15050)
Wow Web Stats Client v2.4
XML Paper Specification Shared Components Pack 1.0
Xvid 1.1.3 final uninstall (Version: 1.1)
Yahoo! Toolbar

========================= Devices: ================================

Name: Realtek AC'97 Audio
Description: Realtek AC'97 Audio
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek
Service: ALCXWDM
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 3326.36 MB
Available physical RAM: 2365.62 MB
Total Pagefile: 5210 MB
Available Pagefile: 4352.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.7 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:298.08 GB) (Free:119.77 GB) NTFS
3 Drive d: (XP_HOME_SP2) (CDROM) (Total:0.55 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\MOGGY-0C768B687

Administrator ASPNET Guest
HelpAssistant Moggy spare
SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

**** End of log ****