Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet not working, possibly malware

Started by Joeturf , Jun 10 2009 03:19 AM

  • Please log in to reply

#1
Joeturf
Posted 10 June 2009 - 03:19 AM

Joeturf

    Member

  • Member
  • PipPipPip
  • 158 posts
I posted a thread in the Windows XP forum because my internet was not working. I mentioned that this was after a recent scan with Avast! antivirus and my helper suggested that I get help here to make sure my computer has no malware in it before I get help over there. So ... here's my logs! :) I did follow the malware removal guide sticky before posting.

MBAM:

Malwarebytes' Anti-Malware 1.36
Database version: 2067
Windows 5.1.2600 Service Pack 3

6/10/2009 1:55:03 AM
mbam-log-2009-06-10 (01-55-03).txt

Scan type: Quick Scan
Objects scanned: 127151
Time elapsed: 9 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\ovfsthnvhshwotrdbqjxryabdoiehfejscbpwy.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ovfsthxvlisdiluldybgodjqylktlcsruoibty.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully.

Rooter
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:73754 Mo/Free:2989 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [Removable] (Total:1932 Mo/Free:1930 Mo)

Wed 06/10/2009| 1:59

----------------------\\  Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashServ.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\cisvc.exe
---------- C:\Program Files\ewido anti-malware\ewidoctrl.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\nvsvc32.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\wdfmgr.exe
---------- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
---------- C:\Program Files\Alwil Software\Avast4\setup\avast.setup
---------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\windows\system\hpsysdrv.exe
---------- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
---------- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
---------- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
---------- C:\WINDOWS\wt\updater\wcmdmgr.exe
---------- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
---------- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\  Search..

----------------------\\  ROOTKIT !!


----------------------\\  Rogues..

C:\PROGRA~1\AdwareFilter-savelogs


1 - "C:\Rooter$\Rooter_1.txt" - Wed 06/10/2009| 2:00

----------------------\\  Scan completed at  2:00

OTL
OTL logfile created on: 6/10/2009 2:08:46 AM - Run 1
OTL by OldTimer - Version 2.1.1.0	 Folder = C:\Documents and Settings\Jason\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
511.53 Mb Total Physical Memory | 248.13 Mb Available Physical Memory | 48.51% Memory free
1.22 Gb Paging File | 0.94 Gb Available in Paging File | 77.31% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.03 Gb Total Space | 46.92 Gb Free Space | 65.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 1.89 Gb Total Space | 1.88 Gb Free Space | 99.89% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: GIZMOCOMPUTER
Current User Name: Jason
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
 
[color=orange]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\ewido anti-malware\ewidoctrl.exe (ewido networks)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe (GEMTEKS)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe (Linksys)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
PRC - C:\WINDOWS\wt\updater\wcmdmgr.exe (WildTangent, Inc.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)
PRC - C:\Documents and Settings\Jason\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\cidaemon.exe (Microsoft Corporation)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
 
[color=orange]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (ewido security suite control [Auto | Running]) -- C:\Program Files\ewido anti-malware\ewidoctrl.exe (ewido networks)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (SPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
SRV - (WUSB54GSCSVC [Auto | Running]) -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe (GEMTEKS)
 
[color=orange]========== Driver Services (SafeList) ==========[/color]
 
DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (amdagp [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (Aspi32 [System | Running]) -- C:\WINDOWS\System32\drivers\ASPI32.sys (Adaptec)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (Cdr4_2K [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_2K.sys (Adaptec)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (cdudf [System | Stopped]) -- C:\WINDOWS\System32\drivers\Cdudf.sys (Roxio)
DRV - (dvd_2K [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (Freedom [On_Demand | Stopped]) -- C:\WINDOWS\freedom.backup.dat ()
DRV - (FsVga [System | Running]) -- C:\WINDOWS\System32\DRIVERS\fsvga.sys (Microsoft Corporation)
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (i81x [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys (Intel(R) Corporation)
DRV - (iAimFP0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys (Intel(R) Corporation)
DRV - (iAimFP1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys (Intel(R) Corporation)
DRV - (iAimFP2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys (Intel(R) Corporation)
DRV - (iAimFP3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys (Intel(R) Corporation)
DRV - (iAimFP4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys (Intel(R) Corporation)
DRV - (iAimTV0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys (Intel(R) Corporation)
DRV - (iAimTV1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys (Intel(R) Corporation)
DRV - (iAimTV3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys (Intel(R) Corporation)
DRV - (iAimTV4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys (Intel(R) Corporation)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (ltmodem5 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys (LT)
DRV - (mmc_2K [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (ms_mpu401 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (NPPTNT2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nv4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4.sys (NVIDIA Corporation)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (PrtSeqRd [Boot | Running]) -- C:\WINDOWS\System32\drivers\PrtSeqRd.sys (Roxio)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (pwd_2K [System | Running]) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (S3SavageNB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiS315 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SISAGP [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SISAGP.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (STEC3 [Auto | Running]) -- C:\WINDOWS\System32\STEC3.sys (AntiCracking)
DRV - (trid3d [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\trid3dm.sys (VIA Technologies, Inc.)
DRV - (UdfReadr [System | Stopped]) -- C:\WINDOWS\System32\drivers\UdfReadr.sys (Roxio)
DRV - (USB_RNDIS [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys (Microsoft Corporation)
DRV - (vulfnths [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\vulfnth.sys (VIA Technologies, Inc.)
DRV - (vulfntrs [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\vulfntr.sys (VIA Technologies, Inc.)
DRV - (GTNDIS5 [On_Demand | Running]) -- C:\WINDOWS\system32\GTNDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
 
[color=orange]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=orange]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=orange]========== FireFox ==========[/color]
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.2\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/31 20:15:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.2\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/31 20:15:46 | 00,000,000 | ---D | M]
 
[2009/05/01 01:27:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\mozilla\Extensions
[2009/05/01 01:27:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/08 22:42:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\mozilla\Firefox\Profiles\t58nodjt.default\extensions
[2009/05/02 22:59:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\mozilla\Firefox\Profiles\t58nodjt.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/06/08 22:42:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/02 05:02:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{0AA482DA-CC4D-4F7F-881B-79E2B86B05ED}
[2009/05/13 01:37:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{2D63541B-8DAA-4D86-8C4A-A21B0642DC87}
[2009/05/24 20:50:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{64D9E075-8A66-401D-974C-A7C1F65D0E86}
[2009/05/10 00:59:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{8319854F-9DF4-4B68-B5F8-5D74770A27B4}
[2009/05/31 20:15:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/04 07:52:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{9921FA9A-46C7-4648-A4E9-0444CF2ED0E8}
[2009/04/30 06:25:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{9C2EFF32-FDFD-4747-987F-68E962A40963}
[2009/05/08 12:55:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{FD925B24-BF11-4CFC-A9A0-0FD7715C6CE3}
[2009/05/31 20:15:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/05/02 22:42:50 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/05/02 22:42:50 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/02/21 14:51:11 | 00,066,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2007/02/21 14:51:16 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2007/02/21 14:51:21 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2007/02/21 14:51:26 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2007/02/21 14:51:32 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2007/02/19 20:25:56 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2007/02/19 20:25:56 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2007/02/19 20:25:56 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2007/02/19 20:25:56 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2007/02/19 20:25:56 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2007/02/19 20:25:56 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
 
O1 HOSTS File: (305238 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123haustiereundmehr.com
O1 - Hosts: 10534 more lines...
O2 - BHO: (no name) - {A6C7B2A1-00F3-42BD-F434-00AABA2C8953} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [S3TRAY2] S3tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch (WildTangent, Inc.)
O4 - HKCU..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe File not found
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe File not found
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains:   ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} http://download.netmarble.com/web/nmstarter/NMStarter23.cab (NetmarbleStarter23 Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=48835 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://download.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110021960311 (WUWebControl Class)
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} http://www.blizzard.com/support/includes/cabs/si.cab (Info Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139901402140 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {9BF607E0-4CC1-4099-9A07-362C9E4FB090} http://live.pdbox.co.kr:8057/WStarter.cab (WStarter Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter:  - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {C2BA40A1-74F3-42BD-F434-12345A2C8953} - sdfsefsfdvdubgiungfuyd - C:\WINDOWS\system32\afnoinkdsfe.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {54D9498B-CF93-414F-8984-8CE7FDE0D391} - C:\Program Files\ewido anti-malware\shellhook.dll File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/11/06 21:36:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{157b85d2-1a68-11de-a36f-0018390f34c7}\Shell - "" = AutoRun
O33 - MountPoints2\{157b85d2-1a68-11de-a36f-0018390f34c7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{157b85d2-1a68-11de-a36f-0018390f34c7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{257d5ddf-11e9-11de-a35b-0018390f34c7}\Shell - "" = AutoRun
O33 - MountPoints2\{257d5ddf-11e9-11de-a35b-0018390f34c7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{257d5ddf-11e9-11de-a35b-0018390f34c7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/10 02:09:06 | 00,000,000 | ---D | M]
 
[color=orange]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2009/06/10 01:59:35 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/10 01:39:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/06/10 01:38:34 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/06/10 01:30:52 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Jason\Desktop\OTL.exe
[2009/06/10 01:30:52 | 00,021,504 | ---- | C] (Doug Knox) -- C:\DOCUME~1\Jason\Desktop\SysRestorePoint.exe
[2009/06/10 01:30:48 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\Jason\Desktop\Rooter.exe
[2009/06/10 01:30:48 | 00,264,704 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Jason\Desktop\TFC.exe
[2009/06/10 01:30:46 | 00,791,393 | ---- | C] (Lars Hederer												) -- C:\DOCUME~1\Jason\Desktop\erunt_setup.exe
[2009/06/09 17:58:26 | 00,020,992 | ---- | C] () -- C:\DOCUME~1\Jason\My Documents\Hi Laurie - for merge.doc
[2009/06/08 23:43:52 | 00,020,992 | ---- | C] () -- C:\DOCUME~1\Jason\My Documents\Hi Laurie.doc
[2009/05/31 08:46:00 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2009/05/24 21:14:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/24 21:11:21 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Jason\Desktop\Downloads
[2009/05/24 21:11:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Application Data\GetRightToGo
[2009/05/24 19:02:33 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\uniq.tll
[2009/05/21 23:53:42 | 00,000,136 | ---- | C] () -- C:\WINDOWS\System32\vp_setup.exe.bat
[2009/05/21 23:16:55 | 00,000,227 | ---- | C] () -- C:\xcrashdump.dat
[2009/05/13 18:11:29 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/13 18:07:20 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/05/13 18:02:58 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/05/13 18:02:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/05/13 01:53:15 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/13 01:51:01 | 24,699,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/13 01:10:03 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Jason\Desktop\Dad's Stuff - DO NOT ERASE
[2009/04/30 06:33:02 | 00,005,383 | -HS- | C] () -- C:\WINDOWS\System32\gulodedo.dll
[2009/04/30 06:32:38 | 00,005,383 | -HS- | C] () -- C:\WINDOWS\System32\dotewawa.dll
[2009/04/23 09:45:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/09/12 20:59:37 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/16 23:14:22 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/08/16 23:13:44 | 00,000,609 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2006/07/21 21:33:03 | 00,000,334 | ---- | C] () -- C:\WINDOWS\LiveCam.ini
[2006/07/09 12:04:01 | 00,000,583 | ---- | C] () -- C:\WINDOWS\uwfont.ini
[2006/07/08 11:46:12 | 00,001,954 | ---- | C] () -- C:\WINDOWS\uwcim.ini
[2006/07/08 11:46:07 | 00,098,304 | ---- | C] ( ) -- C:\WINDOWS\System32\Uwimm.dll
[2006/07/08 11:45:33 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CCPATH.INI
[2006/03/13 18:20:52 | 00,000,067 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2006/03/13 17:46:31 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2006/03/13 17:46:31 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2006/03/13 17:46:31 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2006/03/13 17:46:31 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2006/02/14 00:15:02 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/02/14 00:11:38 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/12/11 21:51:55 | 00,000,149 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2005/11/15 21:38:00 | 00,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2005/11/09 00:33:51 | 00,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2005/11/07 00:00:56 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/10/30 22:30:18 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/10/30 22:30:18 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/10/30 22:30:18 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/10/04 18:46:34 | 00,000,422 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2005/08/31 18:39:26 | 00,000,065 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/09 19:18:55 | 00,000,050 | ---- | C] () -- C:\WINDOWS\pxe.INI
[2005/07/26 15:43:22 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/26 15:23:38 | 00,000,052 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2005/06/11 21:51:45 | 00,005,652 | ---- | C] () -- C:\WINDOWS\avmaj.dll
[2005/06/11 21:48:46 | 00,000,045 | ---- | C] () -- C:\WINDOWS\GJKKEGIK.ini
[2005/05/31 19:24:30 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[2005/05/29 00:39:56 | 00,000,620 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/05/28 22:37:46 | 00,000,498 | ---- | C] () -- C:\WINDOWS\SSME.INI
[2005/03/05 05:28:26 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2004/12/28 01:37:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/12/28 01:30:41 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/12/28 01:29:52 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2004/12/21 15:47:17 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/11/22 03:35:49 | 00,262,416 | ---- | C] () -- C:\WINDOWS\System32\Asfv2.dll
[2004/11/22 03:34:18 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2004/11/22 03:29:25 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/11/22 03:16:17 | 00,001,991 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/11/20 21:10:42 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/19 23:59:37 | 00,000,029 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI
[2001/12/17 21:54:19 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2001/12/05 02:26:46 | 00,000,562 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2001/11/07 02:45:01 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2001/11/07 02:45:01 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2001/11/07 02:37:54 | 00,009,876 | ---- | C] () -- C:\WINDOWS\System32\usbbc.sys
[2001/11/07 02:29:04 | 00,000,786 | ---- | C] () -- C:\WINDOWS\Studio7.ini
[2001/11/07 02:28:49 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2001/11/07 02:28:49 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2001/11/07 02:28:49 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2001/11/07 02:28:49 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2001/11/07 02:28:49 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2001/11/07 02:21:26 | 00,000,507 | ---- | C] () -- C:\WINDOWS\fantasy2.ini
[2001/11/07 02:21:26 | 00,000,317 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2001/11/07 02:21:26 | 00,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2001/11/07 01:50:13 | 00,249,921 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM15.dll
[2001/11/07 01:50:13 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes15.dll
[2001/11/07 01:49:47 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2001/11/06 21:40:54 | 00,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2001/11/06 13:21:55 | 00,000,649 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/11/06 13:21:36 | 00,000,914 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/11/06 13:21:33 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/08/08 14:13:22 | 00,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2001/08/08 01:07:02 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2001/05/23 01:37:50 | 00,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2000/12/29 17:34:01 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
 
[color=orange]========== Files - Modified Within 30 Days ==========[/color]
 
[2009/06/10 01:57:59 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/10 01:57:50 | 00,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/06/10 01:57:15 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Jason\Local Settings\desktop.ini
[2009/06/10 01:56:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/10 01:56:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/10 01:24:30 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Jason\Desktop\OTL.exe
[2009/06/10 01:24:26 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\Jason\Desktop\Rooter.exe
[2009/06/10 01:24:02 | 00,791,393 | ---- | M] (Lars Hederer												) -- C:\DOCUME~1\Jason\Desktop\erunt_setup.exe
[2009/06/10 01:23:48 | 00,021,504 | ---- | M] (Doug Knox) -- C:\DOCUME~1\Jason\Desktop\SysRestorePoint.exe
[2009/06/10 01:23:42 | 00,264,704 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Jason\Desktop\TFC.exe
[2009/06/09 18:04:20 | 00,020,992 | ---- | M] () -- C:\DOCUME~1\Jason\My Documents\Hi Laurie.doc
[2009/06/09 17:58:27 | 00,020,992 | ---- | M] () -- C:\DOCUME~1\Jason\My Documents\Hi Laurie - for merge.doc
[2009/06/08 22:55:00 | 00,000,406 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1149745928.job
[2009/06/08 18:09:02 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/06/01 00:58:16 | 00,444,576 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/01 00:58:16 | 00,383,650 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/01 00:58:16 | 00,054,340 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/01 00:29:02 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/05/31 20:15:49 | 00,001,613 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Mozilla Firefox.lnk
[2009/05/31 15:59:32 | 00,211,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/24 21:18:53 | 00,000,227 | ---- | M] () -- C:\xcrashdump.dat
[2009/05/24 19:02:33 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\uniq.tll
[2009/05/21 23:53:42 | 00,000,136 | ---- | M] () -- C:\WINDOWS\System32\vp_setup.exe.bat
[2009/05/13 17:38:40 | 00,000,914 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/13 17:38:40 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/13 17:38:40 | 00,000,201 | RHS- | M] () -- C:\BOOT.INI
[2009/05/13 01:53:15 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
 
[color=orange]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

OTL Extras
OTL Extras logfile created on: 6/10/2009 2:08:46 AM - Run 1
OTL by OldTimer - Version 2.1.1.0	 Folder = C:\Documents and Settings\Jason\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
511.53 Mb Total Physical Memory | 248.13 Mb Available Physical Memory | 48.51% Memory free
1.22 Gb Paging File | 0.94 Gb Available in Paging File | 77.31% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.03 Gb Total Space | 46.92 Gb Free Space | 65.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 1.89 Gb Total Space | 1.88 Gb Free Space | 99.89% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: GIZMOCOMPUTER
Current User Name: Jason
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
 
[color=orange]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[color=orange]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
[color=orange]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger File not found
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 File not found
C:\Program Files\Starcraft\starcraft.exe:*:Enabled:Starcraft File not found
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui File not found
C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian File not found
C:\Program Files\Buaron Software\Raptor Chat 2001\RaptorChat.exe:*:Enabled:Raptor Chat 2001 File not found
C:\Program Files\Wizet\MapleStory\Patcher.exe:*:Disabled:Patcher MFC ?? ???? File not found
C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa File not found
C:\Program Files\Nowcom\afreeca\player.exe:*:Enabled:afreeca - ???? File not found
C:\Program Files\AIM\AIM95_c0\aim.exe:*:Enabled:AOL Instant Messenger File not found
C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer (LimeWire)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire File not found
C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus File not found
C:\Program Files\Warcraft III\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III File not found
C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III File not found
C:\Program Files\Nowcom\afreeca\studio.exe:*:Enabled:afreeca - ???? File not found
C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\Program Files\softnyx\GunboundWC\GunBound.gme:*:Disabled:GunBound File not found
C:\Program Files\MAIET\Gunz\GunzLauncher.exe:*:Enabled:GunzLauncher File not found
C:\Program Files\MAIET\Gunz\Gunz.exe:*:Enabled:Gunz File not found
C:\Documents and Settings\Owner\My Documents\Warcraft 3.ReignOfChaosISO.FrozenThroneISO.Patch1.1-18.20a.NO-CDCrack.PVPGNBattlenet\GunZ\GunzLauncher.exe:*:Enabled:GunzLauncher File not found
C:\Documents and Settings\Owner\My Documents\Warcraft 3.ReignOfChaosISO.FrozenThroneISO.Patch1.1-18.20a.NO-CDCrack.PVPGNBattlenet\GunZ\Gunz.exe:*:Enabled:Gunz File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\WINDOWS\Explorer.EXE:*:Enabled:Windows Explorer (Microsoft Corporation)
C:\WINDOWS\Temp\jj6qk3.exe:*:Enabled:jj6qk3 File not found
 
[color=orange]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0627E8E9-6822-4A5E-9225-286741CDC3E4}" = FileViewerUtility 1.0
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002 Try Before You Buy
"{2B5DDB2C-0807-47FD-9C11-80EA761902C0}" = Easy Internet Sign-up
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{327B4488-D7A8-4EC3-B46C-BAFC5E46532D}" = OpenMG Network Walkman(MS) Help
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35126392-1882-4818-8B36-A02C3B5508A9}" = OpenMG Network Walkman(E) Help
"{3C43EAE7-22C0-4b33-ABFB-3757ECA5FD7B}" = HP Officejet All-In-One Series
"{3CE06D54-72B1-44B2-AB60-E4277EC80EF4}" = Microsoft XML Parser
"{40724630-C95F-449d-B71D-777CFDE9EA21}" = J5700
"{40BA976E-38B8-4C63-990C-50999C8C3521}" = BPD_Scan
"{41A96655-19FB-473c-AAB7-429E372527C8}" = ProductContext
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{570B96D1-70D3-4B48-93EF-029440FA1BCE}" = Camera Window
"{5D0F0C1F-46B0-4AA2-B8DC-02E5FE777C19}" = 5700_Help
"{65563451-00B6-458C-9F9A-03A7757355A6}" = Compact Wireless-G USB Network Adapter with SpeedBooster
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{8214CC02-6271-4DC8-B8DD-779933450264}" = HP RecordNow
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8851E12C-0EF9-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Platinum
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 TBYB
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91057632-CA70-413C-B628-2D3CDBBB906B}" = Macromedia Flash Player 8 Plugin
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A2CC286B-BFE9-4D1F-9EDA-AA3E8289CA12}" = BPDSoftware_Ini
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}" = PhotoStitch
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB8BDDBF-7965-4476-B9BC-ED8DFD603AA8}" = HP Officejet All-In-One Series
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.7
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.7
"{AD708DF0-9F04-4CB3-821A-85804A833B4D}" = ArcSoft Camera Suite
"{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}" = RemoteCapture 2.6
"{B27515E9-3BAC-4F5D-A143-303622D425FA}" = OpenMG Music Clip and NW-S4 Help
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8CD1189-53D6-4C51-8082-14B812EABBA8}" = Canon Camera WIA Driver
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money 2002 System Pack
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E0000610-0610-0610-0610-000000000610}" = PureEdge Viewer 6.1
"{E7298FD5-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money 2002
"{E84D2015-4FEB-40CC-A2DD-1A6B8BAC2429}" = OpenMG Secure Module 3.0.03
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AsianSuite" = AsianSuite
"avast!" = avast! Antivirus
"BackWeb-137903 Uninstaller" = hp center
"CoffeeCup GIF Animator" = CoffeeCup GIF Animator
"DivX Pro Codec Adware" = DivX Pro Codec Adware
"ERUNT_is1" = ERUNT 1.1j
"ewidoantimalware" = ewido anti-malware
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Instant Support" = hp instant support
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only)
"InstallShield_{0627E8E9-6822-4A5E-9225-286741CDC3E4}" = Canon Utilities FileViewerUtility 1.0
"InstallShield_{570B96D1-70D3-4B48-93EF-029440FA1BCE}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"InstallShield_{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}" = Canon Utilities RemoteCapture 2.6
"InstallShield_{B8CD1189-53D6-4C51-8082-14B812EABBA8}" = Canon IXY 320, PowerShot S230, IXUS v3 WIA Driver
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (2.0.0.2)" = Mozilla Firefox (2.0.0.2)
"My Photo Center" = My Photo Center
"Neonatal Resuscitation DVD-ROM" = Neonatal Resuscitation DVD-ROM
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoRecord" = Canon PhotoRecord
"PXE" = PXE
"Python 1.5 combined Win32 extensions" = Python 1.5 combined Win32 extensions
"Python 1.5.2 (final)" = Python 1.5.2 (final)
"Quicken Financial Center" = Quicken Financial Center
"RealPlayer 6.0" = RealPlayer
"S3 Gamma" = S3 Gamma
"S3switch2" = S3 Savage4 Family Display Switch2 Utility
"ShockwaveFlash" = Macromedia Flash Player 8
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"StudioDV" = Studio
"Tcl 8.0.5 for Windows" = Tcl 8.0.5 for Windows
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"wcmdmgr.exe" = WildTangent Updater
"WinAce Archiver" = WinAce Archiver
"Windows Live Safety Scanner" = Windows Live Safety Scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WordPerfect Office 2002 Try Before You Buy" = WordPerfect Office 2002 Try Before You Buy
"Works2002Setup" = Microsoft Works and Money 2002 Setup Launcher
"wtdmmp" = WildTangent Multiplayer Library
"wtwebdriver" = WildTangent Web Driver
 
[color=orange]========== Last 10 Event Log Errors ==========[/color]
 
[ Antivirus Events ]
Error - 5/13/2009 8:43:32 PM | Computer Name = GIZMOCOMPUTER | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
 function A0000111.  
 
Error - 5/30/2009 5:38:01 PM | Computer Name = GIZMOCOMPUTER | Source = avast! | ID = 33554522
Description = AAVM - scanning error: ClientRqDispatchThread: SessionID not found
 - global map corrupted??, 00000007.  
 
Error - 5/30/2009 5:38:02 PM | Computer Name = GIZMOCOMPUTER | Source = avast! | ID = 33554522
Description = AAVM - scanning error: OpenEventsAndMapping: OpenEvent failed!, 00000002.
  
 
Error - 5/30/2009 5:38:02 PM | Computer Name = GIZMOCOMPUTER | Source = avast! | ID = 33554522
Description = AAVM - scanning error: ClientRqDispatchThread: OpenEventsAndMapping
 failed - client probably died, 00000007.  
 
Error - 5/31/2009 1:57:32 AM | Computer Name = GIZMOCOMPUTER | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.  
 
[ Application Events ]
Error - 5/30/2009 7:48:10 PM | Computer Name = GIZMOCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3399, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 5/31/2009 6:53:13 PM | Computer Name = GIZMOCOMPUTER | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
 The bogus string is 2430, the bogus index value is the first  DWORD in Data section
 while the last valid index values are the second and  third DWORD in Data section.
 
Error - 5/31/2009 6:53:13 PM | Computer Name = GIZMOCOMPUTER | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The  Error code is the first DWORD in Data section.
 
Error - 5/31/2009 6:53:16 PM | Computer Name = GIZMOCOMPUTER | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
 The bogus string is 2430, the bogus index value is the first  DWORD in Data section
 while the last valid index values are the second and  third DWORD in Data section.
 
Error - 5/31/2009 7:04:13 PM | Computer Name = GIZMOCOMPUTER | Source = pctsSvc.exe | ID = 0
Description = 
 
Error - 5/31/2009 7:10:02 PM | Computer Name = GIZMOCOMPUTER | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
 The bogus string is 3286, the bogus index value is the first  DWORD in Data section
 while the last valid index values are the second and  third DWORD in Data section.
 
Error - 5/31/2009 7:10:02 PM | Computer Name = GIZMOCOMPUTER | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The  Error code is the first DWORD in Data section.
 
Error - 5/31/2009 7:10:05 PM | Computer Name = GIZMOCOMPUTER | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
 The bogus string is 3286, the bogus index value is the first  DWORD in Data section
 while the last valid index values are the second and  third DWORD in Data section.
 
Error - 6/5/2009 7:14:11 PM | Computer Name = GIZMOCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20070.21917, faulting
 module xpcom_core.dll, version 1.8.20070.21917, fault address 0x0003fba1.
 
Error - 6/9/2009 4:44:09 PM | Computer Name = GIZMOCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.4219.0, hang module 
hungapp, version 0.0.0.0, hang address 0x00000000.
 
[ System Events ]
Error - 5/31/2009 6:10:27 PM | Computer Name = GIZMOCOMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Terminal Services service
 to connect.
 
Error - 5/31/2009 6:10:27 PM | Computer Name = GIZMOCOMPUTER | Source = Service Control Manager | ID = 7000
Description = The Terminal Services service failed to start due to the following
 error:   %%1053
 
Error - 5/31/2009 6:10:27 PM | Computer Name = GIZMOCOMPUTER | Source = Service Control Manager | ID = 7001
Description = The Fast User Switching Compatibility service depends on the Terminal
 Services service which failed to start because of the following error:   %%1053
 
Error - 5/31/2009 6:10:27 PM | Computer Name = GIZMOCOMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Terminal Services service
 to connect.
 
Error - 5/31/2009 6:10:27 PM | Computer Name = GIZMOCOMPUTER | Source = Service Control Manager | ID = 7000
Description = The Terminal Services service failed to start due to the following
 error:   %%1053
 
Error - 5/31/2009 6:10:27 PM | Computer Name = GIZMOCOMPUTER | Source = Service Control Manager | ID = 7001
Description = The Fast User Switching Compatibility service depends on the Terminal
 Services service which failed to start because of the following error:   %%1053
 
Error - 5/31/2009 6:33:49 PM | Computer Name = GIZMOCOMPUTER | Source = Application Popup | ID = 876
Description = Driver cdudf.SYS has been blocked from loading.
 
Error - 5/31/2009 6:33:49 PM | Computer Name = GIZMOCOMPUTER | Source = Application Popup | ID = 876
Description = Driver UdfReadr.SYS has been blocked from loading.
 
Error - 5/31/2009 6:35:07 PM | Computer Name = GIZMOCOMPUTER | Source = Application Popup | ID = 876
Description = Driver cdudf.SYS has been blocked from loading.
 
Error - 5/31/2009 6:35:07 PM | Computer Name = GIZMOCOMPUTER | Source = Application Popup | ID = 876
Description = Driver UdfReadr.SYS has been blocked from loading.
 
 
< End of report >

Thank you very much!

Edited by Joeturf, 10 June 2009 - 03:21 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP